How do I use the unlock options in BitLocker Drive Encryption?

When you encrypt a fixed data drive using BitLocker Drive Encryption or encrypt a removable drive using BitLocker To Go, you choose a method for unlocking the drive. The method you choose depends on the type of drive you are encrypting, the flexibility that you want, and any requirements set by your organization (if you are encrypting drives on a work computer, for example). The following is a list of unlock options and the benefits and restrictions of each option.

Note

  • The ability to encrypt drives using BitLocker Drive Encryption is only available in Windows 7 Ultimate and Enterprise editions.

Show all

Password

A password is a string of characters used to access information or a computer. For more information about passwords, see Tips for creating strong passwords and passphrases.

  • You can use a password to unlock fixed data drives (such as internal hard drives) and removable data drives (such as external hard drives and USB flash drives).

  • Passwords allow you to use your encrypted drive on both home and work computers or share the drive with other people.

  • The BitLocker To Go Reader allows you to unlock encrypted drives on computers running Windows Vista or Windows XP. To use the BitLocker To Go Reader, the drive must be formatted using the FAT file system and you must use a password to encrypt the drive.

  • You can change your password in the BitLocker Drive Encryption Control Panel.

Smart card

A smart card is a small plastic card containing a computer chip. Smart cards are generally issued by information technology (IT) departments in large companies. To use a smart card, you also need a smart card reader—a device that’s installed in or connected to your computer and can read the information stored on a smart card.

  • Smart cards are used primarily in work environments.

  • You will be required to use a BitLocker certificate that is provided by your system administrator. If you have multiple certificates, you might have to choose one.

  • Smart cards cannot be used with the BitLocker To Go Reader, which allows you to unlock drives on computers running Windows Vista or Windows XP.

  • To unlock the drive, you will insert your smart card and type your smart card PIN.

Note

  • When encrypting a drive using a smart card, a certificate-based protector will be created on the drive. This protector contains some unencrypted information that is required to unlock the drive. In the specific case where a certificate-based protector is used, the public key and certificate thumbprint of the certificate that was used to encrypt the drive will be stored unencrypted in the protector’s metadata. This information could be used to locate the certification authority (CA) that was originally used to generate the certificate and then try to extract some personal information.

Automatically unlock

When you encrypt fixed data drives, you can choose to have the drive automatically unlock when you log on to Windows.

Removable data drives can be set to automatically unlock after they are encrypted by right-clicking the drive in the Computer folder, and then clicking Manage BitLocker.

Note

  • To be able to automatically unlock fixed data drives, the drive that Windows is installed on must also be encrypted by BitLocker.