How to encrypt USB memory sticks using BitLocker to Go with Windows 7
BitLocker to Go is a new feature of Windows 7 that allows you to encrypts your USB devices with a passwords. This feature is very useful if you want to ensure that your sensitive/private information will not get into the wrong hand should you were ever lose one of these devices.
Now before we begin if you want to use this feature you will need have Windows 7 Ultimate (or Enterprise) edition installed.
How do I encrypt a USB device?
Step 1. Insert your USB device you want to encrypt into your computer.
Step 2. Right click on the USB device in Windows Explorer and click on the “Turn on BitLocker…”
Step 3. Tick the “Use a password to unlock the drive” and then type the same password in the two password field’s and then click “Next”.
Note: As it says, you should try an make this password as complicated as possible with a combination of lower and upper case letter, numbers, spaces, and/or symbols.
Step 4. You are now FORCED to either save a file or print the recovery key for the device. This ensures that you have a copy of the 48 digit recovery in case you ever forget the password.
Note: You cannot save the recovery key to the device that you want to encrypt as this would be obviously be useless if you were to ever forget the unlock key.
Step 5. Once you have saved or printed the recovery key you will be able to continue by pressing “Next”.
Step 6. You are ready to encrypt the drive and all you have to do is click “Start Encrypting”.
Warning: This can take a LONG time especialy if you are encrypting a very large drive via a USB connection (My Western Digital 1tb USB external hard drive this process took about 12 hours).
First thing the encryption process does is install the BitLocker to Go reader application that will let you read the the device on down-level OS’s such as Windows XP and Vista.
Now the drive will start to encrypt.
Note: You can pause this encryption of this device and remove if it is taking longer than you thought but from this point you will need to enter the encryption key to access the data on the drive even though it is not fully encrypted. The other thing to note is that the drive will be read only until the encryption process has been completed.
Once completed click “Close” and the drive is now encrypted and ready to use.
The way to tell if a drive is encrypted in Windows Explorer is by the padlock symbol you can see on the drive icon (see belwo against “Nano (E:)”). An open grey padlock represents an unlocked drive and and closed gold padlock represents a locked drive.
How do I unlock and encrypt a USB device?
Step 1. Insert the USB device into a Windows 7 computer and you should be automatically prompted for a password to decrypt the device. Then just type the password in the password field and tick “Unlock”.
Note: If you tick the “Automatically unlock on this computer from now on” then the unlock password for this device will be stored on the registry of the computer so be very sure you trust this computer before using this option.
Step 2. Your DONE! the drive will now behave exactly as per normal.
Alternatively if the device is already connected and you need to unlock it, just right click on the drive in Windows Explorer and click the “Unlock Drive…” option. You will then be prompted with the same unlock drive dialogue box as seen above.
By Alan Burchill
Twitter at @alanburchill
Blog http://abskb.spaces.live.com
Related posts:
Tags: bitlocker, encryption, windows 7
To discuss this topic, head on over to our forums!
11 Responses to “How to encrypt USB memory sticks using BitLocker to Go with Windows 7”
Leave a Reply
To discuss this topic, head on over to our forums!
Loading ...
Good guild. I just want to add two important things.
1. Flash disk encrypted by Bit Locker to Go also works in Windows XP SP2/SP3 and Vista but we need to give due attention to file system. A USB Disk formatted with NTFS cannot work on XP and Vista but can work on other Windows 7 PC. On XP and Vista, it gives an error message and ask to format the disk. The USB disk only work on XP and Vista, if formatted with FAT, FAT32 or exFAT. This is one of the major weakness of Bit Locker to Go.
The other weakness is, Bit Locker to Go can not prevent formatting of the disk. So anyone can use the USB disk after format. This is not the case for internal hard disk partition as you can’t format without entering the password.
Good point you have made there. Please if you can do better then let me know i sure would like to see your encryption software.
@thawildstyle
When I say “This is not the case for internal hard disk partition as you can’t format without entering the password.” I am still talking about bitLocker to Go. It require password before format even before booting windows when booting with Windows 7 disc.
I searched for softwares with similar feature and the closest I found is PGP Whole Disk Encryption. It still don’t prevent format. And it needs to be installed in every PC that you insert.
There are many other USB encryption softwares but all can easily be formated.
I feel bit Locker to Go can be used if you first formate your USB disk with exFAT as this is more advanced than FAT or FAT32 and is even compareable with NTFS.
Bitlocker to Go is not intended to prevent someone from formatting your drive; it is intended to prevent them from reading your data in the case that they obtain your drive.
It is fundamentally impossible for software installed on a USB drive to prevent formatting of the drive. The OS can always format the drive without looking at any of the data on the drive/without invoking any of the software on the drive.
Even for an internal disk you could boot Linux and reformat the drive without entering the password.
@ Aaron Meyers [MSFT]
Thank you for the replay. I first used Bit Locker to Go on internal partion and when I booted with Windows 7 disc and try to format the encrypted disk, it requires password. So if that is possible for internal partition, why is it not possible for external USB flash disk?
I also use Lacie Portable Hard Disk with Biometeric encryption and unless I swipe my finger on it, it cannot be accessed and it cannot be formatted.
As a result, I start to search for encryption software with this feature.
I feel if some research is done, it is possible to do that.
One last question. Do you know why microsoft didn’t avail support for NTFS of Bit Locker to GO for earlier OS?
Thanks.
So I take it that no one even tried a bitlocked drive on a mac?
Well I tried and I found out that it is read just like a regular flash drive, OSX Snow Leopard doesn’t even flinch to the bitlocker which is not what I was expecting.
Also FYI, for those bitlocked drives being used in WinXP, as far as I know you can’t write to the drive, you can only read from it using the application the bitlocker installs on the computer.
It would have been wonderful if bit Locker to Go work on other OS just as it works on Windows 7. It takes upto 10 minutes to open Bit Locker to Go Application and read files in XP and Visa. And you can’t open and do any thing with file on Bit Locker, you need to copy it to system and you cann’t copy any file from PC to the USB disk. So THERE WILL BE NO CHANCE TO USE A BIT LOCKER ENCRYPTED DISK TO USE AS A BACKUP SOURCE IN OTHER WINDOWS OS. Promising effort but poor start when compared to the quality of Windows 7. I hope Bit Locker Not TO GO will be TO GO, on Windows 8.
>Please if you can do better then let me know i sure would like to see your encryption software.
Truecrypt – Read and Write – works on Windoze, Linux and Mac
http://www.ghacks.net/2008/03/01/encrypting-an-usb-drive-with-true-crypt/
One note with Truecrypt
Format a small partition large enough to hold the Truecrypt files unencrypted then use Truecrypt to encrypt the rest!
Dear esalkin, all of them has their own limitation. Often, even though they encrypt a portable media fully (whole disk encryption), the encrypted disk doesn’t work unless the encryption software is installed.
It seems the only two exceptions in this regard are Bit Locker to Go (even though with poor performance) and McAfee Endpoint Encryption with USB encryption. For more detail read this page.
http://www.mcafee.com/us/enterprise/products/data_protection/data_encryption/encrypted_usb.html
TrueCrypt is good but not that good as it still require the software to be installed on any computer you use the usb disk. It has portable version but that is only for volume encryption not full disk encryption.
SIR I HAVE DONE THIS
IN A DUAL BOOT I FORMATED THE BITLOCKED DRIVE FROM VISTA AND THEN USED DATA RECOVERY SOFTWARE LIKE EASEUS TO RECOVER THE FILE SO IT JUST TAKES HOUR TO BREAK THE BITLOCKER IT IS COMPLETLY A WASTE