Body
Overview/Introduction
BitLocker is a Windows security feature that protects your data by encrypting your drives. This encryption ensures that if someone tries to access a disk offline, they won’t be able to read any of its content.
Details
BitLocker is particularly valuable if your device is lost or stolen, as it keeps your sensitive information secure. It’s designed to be user-friendly and integrates seamlessly with the Windows operating system, making it easy to set up and manage.
BitLocker is a built-in encryption feature in Windows that helps protect your data by encrypting your entire drive. When you access your data, Windows normally has protections associated with your sign-in information. However, if someone tries to bypass these protections by physically removing the hard drive and connecting it to a second device, they could potentially access your data without needing your credentials.
With BitLocker encryption, when they try to use that method to access the drive, they’ll need to provide a decryption key (which they shouldn’t have) to access anything on the drive. Without the decryption key, the data on the drive appears as gibberish, making it unreadable and secure from unauthorized access.
A BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock an encrypted drive. Windows requires a BitLocker recovery key when it detects a possible unauthorized attempt to access the data. This can also happen if you make changes to the hardware, firmware, or software, which BitLocker cannot distinguish from a possible attack. In these cases, BitLocker might require the extra security of the recovery key even if the user is an authorized owner of the device.
FAQs
Do I need to encrypt my computer using BitLocker?
Currently, laptops and other portable storage devices that contain information need to be encrypted.
BitLocker is required on Ursinus computers. Local IT policy may require additional safeguards to ensure that - should you lose your computer, or if it is stolen, your data is encrypted.
How BitLocker works with operating systems
Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access on lost or stolen computers by:
- Encrypting the entire Windows operating system drive on the hard disk. BitLocker encrypts all user files and system files on the operating system drive, including the swap files and hibernation files.
- Checking the integrity of early boot components and boot configuration data. On computers that have a Trusted Platform Module (TPM) version 1.2, BitLocker uses the enhanced security capabilities of the TPM to help ensure that your data is accessible only if the computer's boot components appear unaltered and the encrypted disk is located in the original computer.
BitLocker is integrated into Windows and provides enhanced data protection that is easy to manage and configure. For example, BitLocker can use an existing Active Directory Domain Services (AD DS) infrastructure to remotely store BitLocker recovery keys.
BitLocker offers no protection for malware (computer virus) infections. Users must maintain their operating system and practice good computing hygiene (applying patches, security updates, creating strong passwords, and staying away from dubious links and web sites).
BitLocker also does not encrypt email or attachments.
You must use and monitor OneDrive to back up your files in case of an issue with your hardware, or corruption. Bitlocker does not back up your data, so you must monitor that OneDrive is working properly and your data is backed up.
Where is my recovery key stored?
The recovery key is stored centrally in IT/Tech Support and you can get assistance only by calling or contacting Tech Support.
Is my computer protected when it is in sleep mode or when the screen saver is active?
Yes. BitLocker on operating system drives in its basic configuration (with a TPM but without advanced authentication) provides additional security for the hibernate mode.
If I change my Ursinus password, will my BitLocker password also change?
No, the two are not connected.
Can I share my password with Desktop Support?
You should not need to, and doing so may violate state laws that require you to protect personal information that is on your computer.
My computer is prompting me for the Windows BitLocker Recovery Key. Where do I find my Windows BitLocker Recovery Key?
- The key is stored in IT/Tech Support, and to retrieve the recovery key you must contact Tech Support.
See Also