We had a client come in this week with a small problem that very nearly turned into a catastrophe because BitLocker was enabled by default on her computer. Luckily it was linked to her Microsoft Account and the BitLocker key had been saved, otherwise she could have lost all of the data on her computer following an otherwise minor fault. So after explaining what BitLocker is all about, Josh asked me to pass a warning on to anyone who reads my posts. Let's start at the beginning...
What is BitLocker?
BitLocker is a piece of software that you'll find on Windows computers. It's a security feature that, when enabled, encrypts the data on your hard drive or SSD so that if your computer is stolen, no one can get at your data. It's an extra level of security against even the most technically proficient thieves. Of course you (a security conscious user) have a password on your computer when you turn it on, but if someone was after the data on your computer as opposed to just the value of the computer itself, they could remove the drive and get at the data that way. Now you might wonder why anyone would want your family photos - in all likelihood they would not. I could imagine this applying to someone with very sensitive commercial or financial information on their computer, or someone who works at a restricted government agency, or health professional with client data they need to protect absolutely. Most people don't require BitLocker protection, in fact, the person most likely to suffer from you having BitLocker turned on is you.
Why is it potentially dangerous?
If your computer stops working for whatever reason, we can usually retrieve your data by carrying out the same process that a thief after your data might use - physically removing the hard drive or Solid State Drive and accessing it using another computer. If you're considering the likelihood of your computer being stolen, consider this - all hardware eventually dies. The chances that a computer will stop working at some point is 100%. If you have BitLocker turned on when this happens then your data is gone, unless you've actively protected it.
What if I want to use BitLocker?
You absolutely can as long as you're certain that you can keep hold of the key to get back into it, or if you have your data properly backed up elsewhere, or both. If everything on your computer is also in the Cloud then using BitLocker will be fine, as long as you can definitely get into your account in the Cloud. Don't forget, Cloud data storage systems also have very good security.
If you were to voluntarily turn on BitLocker then you would be provided with a very long recovery key as part of this process which you could write down or record somewhere safe.
So why am I telling you this now?
Because some computers seem to have BitLocker turned on by default. You can see the problem with this - a super secure piece of software that can block you from retrieving access to your own data in the case of hardware failure being turned on without your knowledge. In this case you may not even have had the opportunity to record the very long recovery key. There's only one possible solution in this situation - if your computer is linked to your Microsoft account, your very long recovery key may have been saved in the Cloud. Happily this was the case with our client today. But I'd say it's very important that everyone takes a few minutes to check that they either have BitLocker turned off, or know that recovery key if they do want to use it.
How do I check if BitLocker is on?
The easiest way to find your BitLocker settings is by typing BitLocker into the search bar on your taskbar (bottom left). Hopefully Manage BitLocker will come up, click on that. Unless you've deliberately turned it on already, the best case scenario here is that you see BitLocker Off. If it's turned on and you want it off (highly recommended by me), just turn it off by clicking on the little Turn off BitLocker (to the right). If, despite reading this article, you want to use BitLocker, you can turn it on here as well. Please remember to record the very long recover key.