Lock and encode your flash drives with BitLocker To Go encryption in Windows 8

How Windows 8 Professional and Enterprise users should encrypt their external drives—for free.

Losing your USB flash drive before a big presentation is a terrible way to start a Monday. Losing a drive that also contains valuable personal data or confidential company information will ruin your whole weekand maybe your career. Luckily, Windows users can easily hedge their bets against such disasters by using the free BitLocker To Go utility to quickly encrypt portable drives.

One of the best-kept secrets of Windows 8, BitLocker To Go is the latest incarnation of an encryption tool that's been included with select versions of Windows since Microsoft first introduced BitLocker disk encryption with Vista, way back in 2007. Like most encryption utilities, BitLocker protects your data by making it unreadable or inaccessible without a password or some other form of unique key. To secure the data, BitLocker uses an AES (Advanced Encryption Standard) encryption algorithm with a 128-bit key plus a data-mixing algorithmic function (known as an Elephant diffuser) for disk-related security features not offered by AES alone.

Not only does BitLocker give users the ability to encrypt their OS volume to prevent access to a system and the data stored on it, but a feature called BitLocker To Go (introduced with Windows 7) enables encryption of externally attached portable drives. It uses the same encryption technology, but instead of protecting an OS volume, its designed to secure data stored on a portable drive, such as a USB flash or hard-disk drive. And with Windows 8, Microsoft has updated BitLocker To Go with some new features that make it faster and easier to use than ever before.

Using BitLocker To Go on Windows 8

While the lion's share of the new features is meant to reduce headaches for IT professionals managing BitLocker use in business, Microsoft has also sped up the initial drive encryption process. BitLocker To Go, which is available on Windows 8 Professional and Enterprise editions, now has the ability to progressively encrypt only the portions of a drive you're actually using, instead of the entire drive (as was the case with Windows 7). The old method is still available for disks that already contain data, but if youve got a fresh, clean drive youd like to protect with BitLocker To Go, enabling drive encryption can be completed in seconds, not minutes or even hours, depending on the size of the drive. Instead, when you add new data the drive, it will be automatically encrypted while BitLocker To Go is enabled.

To protect an external drive with BitLocker To Go, first connect the drive to a USB port and wait for Windows to recognize it and assign a drive letter. Switch to Desktop mode, open File Explorer, right-click on the drive, and choose Turn on BitLocker from the menu. Another way to access BitLocker is to press the + key combination, search for BitLocker, and choose the BitLocker Drive Encryption utility listed in the results under Settings.

When you first select the option to enable BitLocker, a window will open that displays a progress bar (as shown above) while BitLocker loads and scans the drive. This process is usually very quick, but the time will vary depending on the speed of the drive and the system.

Once BitLocker To Go has started and the drive is initialized, youll be asked how you want to protect the drive. Youll have the choice of using either a password or a smart card; for the vast majority of users, the password option will be the only way to go, since smart-card readers are rarely installed on consumer-class computers.

Tick the box labeled Use a password to unlock the drive, and then enter a password in the necessary fields. The password should be something youll remember, but use special characters, upper- and lowercase letters, numbers, and symbols to make it as strong as possible. When you've entered the password, click Next.

After setting the password, youll be prompted to back up a recovery key. Should you forget your password (or lose your smart card), the recovery key can be used to access the protected drive. The recovery key can be saved to a Microsoft account, saved to a file, or printed out. Whatever option you choose, be sure to keep it safe because without it theres no way to access the drive should you forget the password. Formatting the drive will be the only way youll be able to use it againdestroying the data stored on the drive in the process.

Save the recovery key, click Next, and youll be asked how youd like to encrypt the drive. If its a clean drive, select the option to encrypt only the used space to speed up the process. If you're encrypting a drive thats already filled with data or may have had data deleted from it at some point (data that can still be extracted using recovery or undelete tools), select the option to encrypt the entire drive. The process of encrypting the entire drive can take a very long time (sometimes hours), but every bit of data on the drive will be protected.

After choosing the encryption method, click Next, and youll be asked if youre ready to encrypt the drive. If youre sure you want to enable BitLocker To Go, just click the Start encrypting button, and the drive will be encrypted. Again, the process may take some time to complete depending on the speed of the drive and the processor in the system. When the encryption process is complete, click Close, and your drive will be protected and ready to use.

Accessing your encrypted drive on the go

When you attach your encrypted drive to a system that supports BitLocker, youll be prompted to enter the password before the drive will be accessible. If the correct password is not entered, the drive will appear with a gold padlock over its icon, and youll get a "Location not available/Access is denied" error should you try to open it. Enter the correct password, however, and the icon changes to an open padlock; the drive can now be used like any other unprotected drive. The only difference is that data copied to the drive will be encrypted on the fly. If you connnect your encrypted drive to a PC that does not support BitLocker To Go (one running Windows XP/Vista or Mac OS X, for example), it will not be able to read your drive and will probably prompt you to format the device. If you want to access a drive encrypted via BitLocker To Go on a Windows XP or Vista machine you'll need the BitLocker To Go Reader, a program that allows you to open and view the content of removable drives that have been protected (or encrypted) with BitLocker encryption.

Should you miss the opportunity to enter the password when the drive is first inserted, you can also unlock the drive by right-clicking on it in File Explorer and selecting Unlock Drive from the menu.

Once the drive is unlocked, you can also access a few additional features offered with BitLocker To Go. Right-click the drive and choose Manage BitLocker from the menu (or search for the BitLocker Drive Encryption utility from the Windows 8 UI as described earlier), and youll be able to change the password, add a smart card, enable auto-unlock, or turn off BitLocker entirely, if you so choose.

Join the CSO newsletter!

Error: Please check your email address.

Tags Windows 8MicrosoftsecurityWindowssoftwareencryptionoperating systems

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Marco Chiappetta

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place