Tech View: Vital BitLocker encryption is not without challenges

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

Microsoft’s recent directive that BitLocker be turned on by default in Windows 11 caused some consternation in the PC world. What is BitLocker and why do I need it?

BitLocker is a form of encryption. It secures the data on your computer’s local disk drive (hard drive or solid state drive), to prevent nefarious actors from stealing your data. For many if not most folks, BitLocker is transparent; you don’t even know or even care that it’s running. But BitLocker plays a vital role in data protection.

BitLocker mostly comes into play if your computer is lost or stolen. Without some form of disk encryption, if someone were to get hold of your drive, they could just plug it into another machine and read all your data. With BitLocker a key is required to unlock the disk. The key is 48 digits long, unique to your disk and, for all intents and purposes, unhackable.

The concern about BitLocker being forced upon users stems from the fact that there are often good reasons to move disks from computer to computer. And if you don’t have the key, you are out in a canoe without a paddle. Many folks don’t even know they might need this key, much less save it.

For businesses and government agencies running some form of Microsoft’s Active Directory network management system, saving the BitLocker key is fairly simple. The key is stored in AD by default for all the machines in your organization.

For organizations or individuals not running AD, it’s a bit more complicated. If you set up your computer with a Microsoft account, as Windows likes to try to force you to do, the key will be stored with that account. But it’s still a good idea to save that key somewhere else.

Don't miss out on what's happening!

Stay in touch with breaking news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

Of course, there is a way to uninstall BitLocker so you never need the key, but that’s not really a good idea as it leaves your data unprotected. And if BitLocker is enabled, you will need the key to uninstall it.

In the world of Macs, there is no version of BitLocker. This is because BitLocker is a proprietary Microsoft product — and who would want to use a proprietary Microsoft product on a Mac? (Just kidding, of course, for all who use Microsoft Office on Macs, which is quite possibly the greatest argument against using a Mac, but we digress.)

Since about 2020, newer Macs — those with an Apple processor (versus an Intel processor) — have their date encrypted by default. Further, the drives that come with the machine aren’t easily removable, so there is less of a need to save your key since the drive can’t be transferred into another machine anyway.

And finally, there are disk encryption tools for Linux. But if you’re running Linux, you’re already enough of a nerd to figure that out for yourself.

John Agsalud is an information technology expert with more than 25 years of IT experience in Hawaii and around the world. He can be reached at jagsalud@live.com.