2. Encrypting with
BitLocker and BitLocker To Go
BitLocker
Drive Encryption can be used to encrypt entire NTFS volumes, which
provides excellent protection against data theft. BitLocker can secure a
drive against attacks that involve circumventing the operating system
or removing the drive to another computer. BitLocker is a powerful tool
that can more than ruin your day if you don't know what you are doing.
BitLocker To Go, a new feature in Windows 7, allows you to
encrypt the entire contents of a USB flash drive or other removable
device. If it's lost or stolen, the thief will be unable to access the
data without the password.
Note:
After you encrypt a
removable drive using BitLocker
To Go on a PC running Windows 7 Ultimate or Enterprise, you can add,
delete, and change files on that volume using any edition of Windows 7.
Systems running Windows XP and Windows Vista can, with proper
authentication, open (but not change) files on encrypted media using a
reader program that is included on the volume itself. This reader
program does not work with volumes formatted using NTFS; if you intend to use a
removable drive on systems running older Windows versions, be sure to
format it using FAT, FAT32, or exFAT before turning on BitLocker To Go
encryption.
To apply BitLocker
To Go, right-click the removable device in Windows Explorer and choose
Turn On BitLocker from the shortcut menu:
BitLocker
To Go will ask how you want to unlock the encrypted drive—with a
password, a smart card, or both. After you have made your selections and
confirmed your intentions, the software will give you the opportunity
to save and print your recovery key:
Your recovery key is a
system-generated, 48-character, numeric backup password. If you lose the
password you assign to the encrypted disk, you can recover your data
with the recovery key. BitLocker
To Go offers to save that key in a plain text file; you should accept
the offer and store the file in a secure location.
With all preliminaries out
of the way, BitLocker To Go begins encrypting your media. This takes a
few minutes, even if the disk is freshly formatted. Any files currently
on the disk are encrypted, as are any files subsequently added.
To read an encrypted
disk, you will need to unlock it, using whatever method you have
stipulated. You will also see an Automatically Unlock On This Computer
From Now On check box. If your computer is secure and you're only
concerned about having your data locked when it's not plugged into this
computer, you can safely exercise this option.
If you're prompted for a
password that you have lost or forgotten, click I Forgot My Password.
You will then have the opportunity to enter your recovery key. In case
you have several recovery-key text files, BitLocker To Go gives you the
key's identification code:
Find the text file whose
name matches the identification code, copy the recovery key from this
text file to the BitLocker dialog box, and you'll be granted temporary
access to the files (and the access is good until you remove the disk or
restart the computer). If you are using Windows 7 Ultimate or
Enterprise, the dialog box that announces your temporary access includes
a Manage BitLocker button. Clicking this button gives you an
opportunity to reset the password that unlocks the drive:
To remove BitLocker To Go encryption from a disk, open
BitLocker Drive Encryption in the System And Security section of Control
Panel and click Turn Off BitLocker. The software will decrypt the disk;
allow some time for this process.
