How to enable BitLocker on Windows

Why this matters

Without disk encryption, anyone with physical access to your laptop — a thief, a repair shop, customs — can pull the drive out, plug it into another machine, and read every file. Your Windows password doesn’t stop them; it only blocks them from logging into Windows.

BitLocker encrypts the entire drive. Without your password or recovery key, the drive is unreadable, even if removed from the laptop. It’s free, built into Windows, and runs on hardware acceleration on any modern CPU — you won’t notice it running.

How to do it

Windows 11 Pro / Enterprise / Education:

1. Open Settings → Privacy & Security → Device encryption (or) Control Panel → System and Security → BitLocker Drive Encryption.
2. Click Turn on BitLocker on your C: drive.
3. Choose where to back up the recovery key:
   • Save to your Microsoft account — easiest; key is stored in your account.
   • Save to a USB drive or print — store somewhere safe at home.
4. Choose Encrypt entire drive (slower but safer) and Compatible mode.
5. Restart when prompted. Encryption runs in the background; you can use the PC normally.

Windows 11 Home:

Most modern Home PCs now ship with Device Encryption turned on by default — a simplified BitLocker. Check Settings → Privacy & Security → Device encryption. If you see the toggle, turn it on; if you don’t, your hardware doesn’t support it and you’ll need a Pro upgrade or a third-party tool.

What you don’t need

You don’t need VeraCrypt or other third-party tools on Windows in 2026. BitLocker uses AES-XTS, is integrated with the TPM chip for hardware-backed key storage, and has been independently audited.