Lock and encode your flash drives with BitLocker To Go encryption in Windows 8

Losing your USB flash drive before a big presentation is a terrible way to start a Monday. Losing a drive that also contains valuable personal data or confidential company information will ruin your whole weekand maybe your career. Luckily, Windows users can easily hedge their bets against such disasters by using the free BitLocker To Go utility to quickly encrypt portable drives.

One of the best-kept secrets of Windows 8, BitLocker To Go is the latest incarnation of an encryption tool that's been included with select versions of Windows since Microsoft first introduced BitLocker disk encryption with Vista, way back in 2007. Like most encryption utilities, BitLocker protects your data by making it unreadable or inaccessible without a password or some other form of unique key. To secure the data, BitLocker uses an AES (Advanced Encryption Standard) encryption algorithm with a 128-bit key plus a data-mixing algorithmic function (known as an Elephant diffuser) for disk-related security features not offered by AES alone.

Not only does BitLocker give users the ability to encrypt their OS volume to prevent access to a system and the data stored on it, but a feature called BitLocker To Go (introduced with Windows 7) enables encryption of externally attached portable drives. It uses the same encryption technology, but instead of protecting an OS volume, its designed to secure data stored on a portable drive, such as a USB flash or hard-disk drive. And with Windows 8, Microsoft has updated BitLocker To Go with some new features that make it faster and easier to use than ever before.

Using BitLocker To Go on Windows 8

While the lion's share of the new features is meant to reduce headaches for IT professionals managing BitLocker use in business, Microsoft has also sped up the initial drive encryption process. BitLocker To Go, which is available on Windows 8 Professional and Enterprise editions, now has the ability to progressively encrypt only the portions of a drive you're actually using, instead of the entire drive (as was the case with Windows 7). The old method is still available for disks that already contain data, but if youve got a fresh, clean drive youd like to protect with BitLocker To Go, enabling drive encryption can be completed in seconds, not minutes or even hours, depending on the size of the drive. Instead, when you add new data the drive, it will be automatically encrypted while BitLocker To Go is enabled.

To protect an external drive with BitLocker To Go, first connect the drive to a USB port and wait for Windows to recognize it and assign a drive letter. Switch to Desktop mode, open File Explorer, right-click on the drive, and choose Turn on BitLocker from the menu. Another way to access BitLocker is to press the + key combination, search for BitLocker, and choose the BitLocker Drive Encryption utility listed in the results under Settings.

When you first select the option to enable BitLocker, a window will open that displays a progress bar (as shown above) while BitLocker loads and scans the drive. This process is usually very quick, but the time will vary depending on the speed of the drive and the system.

Once BitLocker To Go has started and the drive is initialized, youll be asked how you want to protect the drive. Youll have the choice of using either a password or a smart card; for the vast majority of users, the password option will be the only way to go, since smart-card readers are rarely installed on consumer-class computers.

Tick the box labeled Use a password to unlock the drive, and then enter a password in the necessary fields. The password should be something youll remember, but use special characters, upper- and lowercase letters, numbers, and symbols to make it as strong as possible. When you've entered the password, click Next.

After setting the password, youll be prompted to back up a recovery key. Should you forget your password (or lose your smart card), the recovery key can be used to access the protected drive. The recovery key can be saved to a Microsoft account, saved to a file, or printed out. Whatever option you choose, be sure to keep it safe because without it theres no way to access the drive should you forget the password. Formatting the drive will be the only way youll be able to use it againdestroying the data stored on the drive in the process.

Save the recovery key, click Next, and youll be asked how youd like to encrypt the drive. If its a clean drive, select the option to encrypt only the used space to speed up the process. If you're encrypting a drive thats already filled with data or may have had data deleted from it at some point (data that can still be extracted using recovery or undelete tools), select the option to encrypt the entire drive. The process of encrypting the entire drive can take a very long time (sometimes hours), but every bit of data on the drive will be protected.

After choosing the encryption method, click Next, and youll be asked if youre ready to encrypt the drive. If youre sure you want to enable BitLocker To Go, just click the Start encrypting button, and the drive will be encrypted. Again, the process may take some time to complete depending on the speed of the drive and the processor in the system. When the encryption process is complete, click Close, and your drive will be protected and ready to use.

Accessing your encrypted drive on the go

When you attach your encrypted drive to a system that supports BitLocker, youll be prompted to enter the password before the drive will be accessible. If the correct password is not entered, the drive will appear with a gold padlock over its icon, and youll get a "Location not available/Access is denied" error should you try to open it. Enter the correct password, however, and the icon changes to an open padlock; the drive can now be used like any other unprotected drive. The only difference is that data copied to the drive will be encrypted on the fly. If you connnect your encrypted drive to a PC that does not support BitLocker To Go (one running Windows XP/Vista or Mac OS X, for example), it will not be able to read your drive and will probably prompt you to format the device. If you want to access a drive encrypted via BitLocker To Go on a Windows XP or Vista machine you'll need the BitLocker To Go Reader, a program that allows you to open and view the content of removable drives that have been protected (or encrypted) with BitLocker encryption.

Should you miss the opportunity to enter the password when the drive is first inserted, you can also unlock the drive by right-clicking on it in File Explorer and selecting Unlock Drive from the menu.

Once the drive is unlocked, you can also access a few additional features offered with BitLocker To Go. Right-click the drive and choose Manage BitLocker from the menu (or search for the BitLocker Drive Encryption utility from the Windows 8 UI as described earlier), and youll be able to change the password, add a smart card, enable auto-unlock, or turn off BitLocker entirely, if you so choose.