Windows BitLocker is an encryption program introduced by Microsoft in Windows Vista to safeguard your data against praying eyes and hackers. Using BitLocker, you can encrypt entire drives using a strong encryption algorithm. Aside from protecting your data, BitLocker can also prevent any unauthorised changes at system level which makes it a good defense against malwares. BitLocker drive encryption program using an encryption algorithm called AES (Advanced Encryption Standard) to encrypt your entire drive. By default, BitLocker is set to use AES 128-bit encryption. If you want, you can set or change BitLocker encryption to use the stronger AES 256-bit algorithm to protect your hard disk data from getting hacked.
Check Current Bitlocker Encryption Method
Before doing anything, you can check the current encryption method used by the BitLocker and see if it is running AES 128-bit or 256-bit encryption. Press “Win + X” and select “Command Prompt (admin)” to open the command prompt with administrative rights.
Now, enter the following command and press the Enter button.
If there are any BitLocker encrypted drives, Windows will list all of them. In the listed details, you will see the encryption method used (AES 128-bit or AES 256-bit) next to “Encryption Method”.
If you are seeing the encryption method as AES 128-bit, then you can proceed to change the encryption method to AES 256-bit.
Change Encryption From AES 128-bit to 256-bit
To convert Bitlocker to use AES 256-bit encryption, we will need to edit the group policy settings. Press “Win + R”, type
gpedit.msc and press the enter button.
The above action will open the Windows local group policy editor. Here on the left pane, navigate to “Computer Configuration -> Administrative Templates -> Windows Components” and then select “BitLocker Drive Encryption”.
Now on the right pane, double click on “Choose drive encryption method and cipher strength”. This action will open the encryption method settings window, select the radio box “Enable” and select “AES 256-bit” from the dropdown menu under encryption method.
Once you are done with the changes, click the Apply and Ok buttons to save the changes. From this point forward, BitLocker will use the AES 256-bit encryption method to encrypt your new volumes.
If you have already encrypted a drive with AES 128-bit encryption, then there is no easy way to convert that drive into AES 256-bit. The only thing you can do is to decrypt and re-encrypt the drive again.
Last but not least, always store your recovery keys in a safe place. If you forgot or lost your BitLocker password, it is almost impossible to recover the data in the encrypted drive.
Would you prefer BitLocker to start with AES 256-bit encryption method by default, or do you think AES 128-bit encryption is sufficient for you? Let us know in the comments below.