How to Encrypt a Windows 8 PC Drive
Windows 8.1 Pro includes built-in drive encryption tools. These tools work even if you don't have a TPM chip. TPM, or Trusted Platform Module, is encryption-ready hardware. You'll need a spare USB thumb drive, though. Encryption tools are hidden away in the depths of the machine, so finding them can make you feel like an International Person of Mystery.
Mar 12, 2014 5:00 AM PT
We are all becoming increasingly aware that our digital lives are no longer private. Not only are they no longer private -- in reality, they likely never have been. It may be time to think about encryption.
There are some easy ways to encrypt email. There are also some methods for encrypting thumb and hard drives.
Windows 8.1 Pro, the version of Windows that Microsoft pitches on its website, includes built-in drive encryption tools. These tools work even if you don't have a TPM chip. TPM, or Trusted Platform Module, is encryption-ready hardware. You'll need a spare USB thumb drive, though.
Amusingly, encryption tools are hidden away in the depths of the machine, so finding them can make you feel like an International Person of Mystery.
Nevertheless, here's how to go about it:
Verify that your machine is running Windows 8 Pro or Windows 8.1 Pro by launching the Control Panel. The Control Panel can be accessed from the new Windows 8-style Search Charm -- type "Control Panel" in the search box.
Click or touch System and Security, and then System. The Windows Edition will be listed.
Tip: Windows 8 Encryption is called "BitLocker." It's included in Windows 7 and Windows Vista Enterprise and Ultimate; it is also available in the Pro and Enterprise editions of Windows 8.
Enter the term "gpedit.msc" in the search charm's text box. Then browse the hierarchical menu structure, moving from Open Computer Configuration to Administrative Templates to Windows Components to BitLocker Drive Encryption to Operating System Drives.
Then right-click on the third option, labeled "Require additional authentication at startup." Then check the Allow BitLocker without a compatible TPM check box. Click Apply and then OK.
Enter the term "BitLocker" in the Windows Search Charm and then "Manage BitLocker." Or scroll down to BitLocker Drive Encryption from System in Control Panel.
Turn on BitLocker.
Insert a USB flash drive into the PC's USB jack and follow the prompts.
Tip: You can use a password instead of a USB drive. However, the USB drive method is more secure, because it's a physical factor -- you need to insert the actual thumb drive to access the PC. It's also more entertaining.
Create a Recovery Key by following the prompts to save a backed-up key to an external source -- like another PC on your network or a second USB drive -- or by printing it.
Tip: A Recovery Key is a backup key.
Choose how much of the drive you'd like to encrypt by selecting the appropriate radio button.
Tip: Encrypt the entire drive if you're using an existing rather than new PC. It takes longer but will catch stray files.
Select the Run BitLocker System Check check box. This will verify encryption keys.
Restart the computer. The computer will restart, and the drive will start encrypting. The USB drive should be in the USB jack at this step. Allow the encryption to take place.
Remove the USB drive and restart the PC to test. You'll be prompted to insert the USB drive key.