One of the most secure ways to protect your sensitive data that's stored on your hard disk from unauthorized access, Is to password-protect the disk with encryption. This can easily be done using the Windows native utility named BitLocker Drive Encryption. It's very Important to lock a fixed or removable drive when not In use, so too Is the encryption strength. As such, In this tutorial, I will show you how to force BitLocker to use 256-Bit AES encryption.
Before I begin, here's what I'm referring to In terms of BitLocker Itself. To access BitLocker Drive Encryption, you'd normally have to navigate to Control Panel > System and Security > Manage BitLocker, and you can then apply It on selected drives as per the Image below.
Once you've enabled BitLocker Drive Encryption on a given drive, It will be locked, thus protecting the data It contains. The only way to access the drive, Is (for example) to enter a password and then hit the Unlock button.
By default, BitLocker uses 128-bit AES encryption, which Is considered pretty secure. That said, I'm a firm believer that If there's a more secure option available, use It! Which brings me to my next point. You can actually force BitLocker to use 256-bit AES encryption, which In my opinion, Is a lot more secure than 128-bit.
Now there's mixed thoughts about this, and you'll read many articles online to the contrary of what I've just mentioned. But did you know that the NSA uses 128-bit AES encryption for data classed as SECRET, and 256-bit AES encryption for TOP SECRET data? Clearly and given that the NSA considers the latter to be more secure, doesn't that tell you something? Enough said.
I will demonstrate how to force BitLocker to use 256-bit AES encryption, by using the good old Group Policy Editor. Do note that the GPE Is only available In Windows 10 Pro, Enterprise and Education Editions. If you're running either of these, then this tutorial Is for you. So without further ado, let's get this started.
Step One:The first thing you need to do, Is access the Group Policy Editor. Open the Run menu, enter gpedit.msc and hit OK as shown below.
Step Two:The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption
Make sure the BitLocker Drive Encryption folder Is selected, and on the right pane, double-click Choose drive encryption method and cipher strength.
Last Step:To the left of the window, click the Enabled radio button, and then hit the drop-down menu just below that. Select AES 256-bit and to finalize the process, click OK. From this point forward, BitLocker will use 256-Bit AES encryption as the default encryption method.
Final Thoughts:If you're running Windows 10 version 1511, you will have a new disk encryption available, namely XTS-AES 256-bit, so select this as per the above step. The good thing about Implementing this via the Group Policy Editor, Is that It takes effect Immediately, without the need to reboot your computer.
If you want to reverse the change back to Its original state, simply refer to the Last Step, and select the Not Configured radio button. Don't forget to hit OK on exit.