How to protect your laptop using encryption

My very first post, feedback welcome on twitter – please be gentle.

Windows 8.1 Pro and above includes a super feature which allows you to encrypt your laptop and thus protect your laptop if lost or stolen. This feature is called BitLocker and is not available on the standard edition of Windows 8.1.

Your c: drive is encrypted with this procedure.

What you need to get started.

Windows 8.1 Pro.
A USB stick or a TPM (Trusted Platform Module). Let’s go with the USB stick.

Step 1. Find your Windows 8.1 edition
1.1. Open File Explorer (Press Windows Key + E at the same time).
1.2. In file explorer go to this location “Control Panel\All Control Panel Items\System” or from the “Control Panel” choose “System”.
The Windows edition is displayed.
When you have verified that you are using Windows 8.1 Pro continue using the following steps.

Step 2.
2.1. Using the Windows Search Charm, search for “gpedit.msc”, then select gpedit.msc. Or press “Win + R” and enter “gpedit.msc”.
2.2. The Local Group Policy Editor window opens.
2.3. On the left hand tree menu select
“Local Computer Policy > Computer Configuration > Windows Components > BitLocker Drive Encryption > Operating System Drives”

Windows 8.1 Local Group Policy Editor

2.4. With “Operating System Drives” selected, right-click “Require additional authentication at startup” and select “Edit” select “Enabled” then Apply, then Ok.

Enable BitLocker with USB Flash Drive

Step 3.
3.1. Using the Windows Search Charm, search for “BitLocker” and select “Manage BitLocker”, or select “BitLocker Drive Encryption” from System in the Control Panel.
3.2. Select “Turn BitLocker on”
3.2. Wait a few seconds for the “BitLocker Drive Encryption (C:) window.
3.3. Insert a spare USB drive into your PC.
3.4. Select “Insert a USB drive” then select the USB STICK and Save.

Step 4. Save at least 2 recovery keys.
You should be at the “How do you want to back up your recovery key?” dialogue.
4.1. I suggest backing up 2 keys, one key can be stored on a second USB for example.
4.2. Store the keys safely off-site or in a fireproof safe.
4.3. Select “Next”. And select your preferred option on what to encrypt.
4.4. Select “Next” then “Continue” and allow your computer to restart.

Step 5. Computer restarted.
5.1. Your computer has restarted and when signed in the C: drive will begin to be encrypted, this could take some time.
5.2 Wait until the encryption process is complete.

Step 6.
6.1 Remove the USB stick.
6.2 Restart your computer.
6.3 Your computer should not start without the USB stick inserted.


Please remember that your files are decrypted when copied to the cloud, emailed or copied to other locations.

BitLocker uses AES 128 encryption by default which will suffice, although AES 256 encryption is also available on Windows 8.1.

Always remove the USB stick before transporting your laptop and do not store the USB in the laptop case.

A Warning about TrueCrypt

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Share this Post