How To Use BitLocker Without TPM
Data security is – or should be – a top priority for anyone using a computer today. With more portable systems sold than desktops, it is more important than ever to secure your device against theft or loss. Therefore, making sure that the data on your drives is encrypted is the best practice for any users with sensitive information.
Luckily, there’s an easy way to protect your data using Microsoft’s integrated encryption software, BitLocker. While very safe, the technology doesn’t work quite the same way if your device is not equipped with a Trusted Platform Module. In this article, you’ll learn about BitLocker and how to use it without a TPM.
What Is BitLocker?
Originally codenamed “Cornerstone,” BitLocker is Microsoft’s proprietary encryption feature included with Windows systems. Initially packaged with Vista, the system is designed to protect data in the event of a physical attack, that is to say, if a computer is lost or stolen. It has 128-bit and 256-bit encryption. For context, a brute force attack by a supercomputer would take longer to crack 128-bit encryption than the age of the known universe. As such, this is a very safe option for the average user or business.
BitLocker provides protection for entire volumes, such as hard drives. It’s important to note, though, that it protects only from offline attacks. While your computer is running, you’ll need to use other means to defend from unauthorized access. This makes BitLocker extremely important on systems that can’t be guaranteed a safe physical location, such as servers and laptops. The steps outlined below will work on Windows 10 Professional and Enterprise editions, but not older versions.
What Is TPM and Why Should You Care?
A Trusted Platform Module, or TPM, is a tamper-proof chip that stores and generates cryptographic keys. It essentially adds a level of security to your encryptions by storing part of the key for your encryption on your disk and part of it on the chip. This prevents attackers from simply removing a disk to bypass the encryption.
Some computers aren’t equipped with a TPM, and the argument has been made that the TPM is redundant and provides a false sense of security. So, while BitLocker would normally require a TPM to function, there are ways to activate it with software-based encryption through a longer process.
Using BitLocker Without TPM
Before you do anything, it’s a good idea to back up your system just to make sure all your data will be safe. You can find Microsoft’s instructions on how to do that here. Once you’ve done that, follow this guide. This feature is not available on the Windows 10 Home edition.
- Access the Run command (Windows key + R) on your computer to open the Run dialog and type in “gpedit.msc”. This will open the Local group policy editor.
- Use the panel on the left to find “Local Computer Policy,” in the policy editor click on “Computer Configuration” then “Administrative Templates.”
- Finally, in “Windows Components” click on “BitLocker Drive Encryption” and open the “Operating System Drives” folder.
- In panel to the right, you want to activate the setting to require additional authentication.
- In the new window, make sure you have “Enabled” selected, and under Options, activate the option to use BitLocker without a Trusted Platform Module.
That’s all – now you can use BitLocker normally. Because you’re bypassing the TPM, you will need to set up either a password, USB key, or both. Now, let’s move on to the steps for activating BitLocker.
- Type Control Panel into your windows search bar or press Ctrl + C to access the Control Panel. Once there, find your Security window.
- Find the option to enable drive encryption through BitLocker and access it. Click “Turn on BitLocker.”
- You will be prompted to choose how to access your system once it starts up. You can choose a password or the option to use a USB drive. You will need to enter the password and/or have the USB drive plugged into your device every time it boots up.
The next time you boot up your computer, you will be asked to provide the authenticator to gain access to the system. Make sure to keep your password or USB drive safe. After all, a lock only works if the person picking it doesn’t have the key.
Keeping your data safe is one of the most important things you can do as a business owner or computer user in general. The estimated average cost of a single data breach in 2018 was over $3 million, and if the current trends continue, that number is going to rise. Keep in mind that portable computers and devices in unsafe locations are particularly vulnerable to physical attacks.
If you have a machine without TPM, it doesn’t mean you shouldn’t take every precaution. Follow the instructions laid out in this article to make sure you’re doing everything you can to prevent breaches.
Have you been a victim of a data breach yourself? What other important steps do you recommend to secure data? Share your experiences and tips in the comments section below.