UCL Guides INT

Encryption

Updated Jul 20, 2021

If you store sensitive personal data on your computer, the drive must be encrypted so unauthorized persons cannot access the data.

BitLocker is used to encrypt the C drive on a PC, and FileVault is used for the boot disk on a Mac. BitLocker is used to encrypt USB devices on a PC, and the Finder's built-in encryption is used on a Mac.

The C drive on employees' UCL PCs is automatically encrypted with Bitlocker.

Note: BitLocker is not available in Windows 10 Home.

Important information

  1. Copy: Files copied to other devices / drives are no longer protected
  2. PIN code: The PIN code must never be handed out to others. If other people have the PIN, they can log in and view the files.
  3. Backup: Encryption does not protect against viruses, disk errors, erroneous deletion, etc. Therefore, backup is important (also remember to encrypt the drive from which the backup is taken
  4. Lost BitLocker PIN: Use the recovery key

Are you using a PC or Mac?

Encryption on PC with BitLocker

C-drive encryption

After encrypting the C drive on a PC with BitLocker, a BitLocker code must be entered when the PC is turned on.

To encrypt the C drive, right-click on the C drive in Explorer and select "Turn on BitLocker".

Select "Enter a PIN".

Select a PIN and enter it in both fields. The code must consist of 6-20 digits.

Click "Enter PIN".

Choose how you want to save your recovery key - in a file or as a print. If you save it in a file, it should not be on your PC, but can be saved on a USB device.

Click Next.

Select "Encrypt the entire drive" and click Next

Select "New Encryption Mode" and click Next.

Click Continue.

The window closes automatically and a pop-up message appears in the lower right corner stating that encryption is started when the computer is restarted.

Restart the computer.

When the computer restarts, it asks for the BitLocker code. Enter the code and press Enter.

NOTE: The computer automatically shuts down if you do not enter the code shortly.

Log on to the computer as usual. The encryption continues in the background and you can work as usual in the meantime.

C-drive decryption

You can remove the encryption of the C drive by a decryption.

Go to Control Panel, select "System and Security" and select "Manage BitLocker".

Select "Turn off BitLocker".

Select "Turn off BitLocker"

You can follow the process by clicking on this icon at the bottom right of the taskbar. If the icon is not visible, click on the small arrow to display more icons.

The window below opens. You can see how far the decryption has reached. You can work on the computer as usual in the meantime.

When the decryption is complete, this window will appear. Select Close.

Encryption of USB

USB hard disk and USB flash drive (USB pen) can be encrypted with BitLocker. If a USB device is encrypted, when connecting to a PC, enter a PIN to view the files.

NOTE: The USB device must be empty when encrypted. Move any files to another location, encrypt the device, and then move the files back again.

Warning: If you encrypt a USB pen with BitLocker, do not decrypt it again. The type of RAM used in a USB pen is not designed to handle the many overwrites that the encryption and decryption process exposes them to. There is therefore a risk that the USB pen will not work after decryption.

Open Explorer. Right-click on the USB device and select "Turn on BitLocker".

Wait!

Check "Use a password to unlock this drive".

Enter a PIN in both fields. The PIN code must be at min. 8 characters. The dialog box says that the code must contain uppercase and lowercase letters, numbers, spaces and symbols, but this is not correct - the code may, for example, consist of only numbers. You must remember this PIN.

Click Next.

Select "Save in a file". Select the location for the file and click "Save".

Click Next.

Select "Encrypt only the disk space used" and click Next.

Select Compatibility Mode and click Next.

Click "Start encryption".

Wait!

Wait!

The encryption is complete. Click Close.

In Explorer, there is now a padlock on the icon of the encrypted USB device.

When you try to open the USB device in the future, you will be asked for the PIN code..

Decryption of USB

Warning: If you encrypt a USB pen with BitLocker, do not decrypt it again. The type of RAM used in a USB pen is not designed to handle the many overwrites that the encryption and decryption process exposes them to. There is therefore a risk that the USB pen will not work after decryption.

Open a Explorer and right-click on the USB device. Select "Manage BitLocker".

Select "Turn off BitLocker".

Click "Turn off BitLocker"

Wait!

The decryption is complete. Click Close.

There is no longer a padlock on the USB device icon.

Change PIN on C drive

Open an Explorer. Right-click on the C drive and select "Bitlocker Encryption Options".

The C drive can be found under "BitLocker Drive Encryption - Hard Drives". Click "Manage PIN".

Enter a PIN in both fields. The PIN code must be a number with 6-20 digits. Click "Reset PIN".

Click Close.

Change PIN on USB

Open Explorer. Right-click on the USB drive and select "Bitlocker Encryption Options".

The USB drive can be found under "Bitlocker Drive Encryption - External Drives". Click Manage Password.

Enter a PIN in both fields. The PIN code must be at least 8 characters long.

Click "Reset Password".

Click Close.

Lost PIN for C drive

Har du mistet/glemt BitLocker-koden til C-drevet, så tryk Esc for genoprettelse ved opstart af pc'en.

If you have lost / forgotten the BitLocker code for the C drive, press Esc for recovery when starting up the PC.

Enter the recovery key

It is now possible to log in to the computer.

Husk at sætte en ny BitLocker-kode på C-drevet (følg vejledningen til at ændre pinkode på C-drev ovenfor).

Lost PIN for USB

Click on "More options""

Click "Enter Recovery Key".

Enter the recovery key you saved when you encrypted the drive. Click "Unlock".

The drive is now accessible. Remember to put a new BitLocker code on the drive (follow the instructions to change the PIN code on USB above).

Encryption on Mac

Turn on FileVault

When FileVault is turned on, a Mac will always require you to log in with a password.

Choose Apple menu - System Preferences.

Select "Security & anonymity".

Select the FileVault tab.

Click on the closed padlock at the bottom left of the window to be allowed to make changes..

Enter your password and select "Unlock".

Select "Turn on FileVault".

Choose how you want to be able to unlock your disk and reset your password in case you forget your password. We recommend choosing your iCloud account

Select Continue.

The encryption is in progress. You can work on the Mac in the meantime. The encryption requires that a power supply is connected in the meantime, and the Mac must not be put to sleep

The encryption is complete. Click the open padlock at the bottom left of the window to prevent accidental changes.

Turn off FileVault

If you want to remove the encryption, turn off FileVault.

Choose Apple menu - System Preferences..

Select "Security & anonymity"..

Select the FileVault tab.

Click on the closed padlock at the bottom left of the window to be allowed to make changes..

Enter your password and select "Unlock".

Select "Turn off FileVault"

Select "Turn off encryption".

The decryption is in progress. You can work on the Mac in the meantime. The decryption requires that a power supply is connected in the meantime, and the Mac must not be/go put to sleep.

The decryption is complete. Click the open padlock at the bottom left to prevent accidental changes.

Encryption of USB

USB hard drives and USB flash drives (USB pens) can be encrypted via the Finder. If a USB device is encrypted, when connecting to a Mac, enter a PIN to view the files.

NOTE: The USB device must be empty when encrypted. Move any files to another location, encrypt the device, and then move the files back again.

Open Disk Utility.

Click the small arrow next to Overview at the top left and select "Show All".

Select "Generic Flash Disk Media" under External in the menu on the left.

Select Delete.

In the Overview field, select GUID Partition Overview.

In the Format field, select "Mac OS - Extended (journaled, encrypted)".

Enter the desired password in the top 2 fields. Enter if necessary a hint to the password in the lower field. Click Select.

Select Delete.

The USB device is encrypted - wait!

The USB device is now encrypted. Select OK.

When the USB device is connected, you will be asked to enter the password.

Decryption of USB

Open Disk Utility.

Click on the small arrow next to Overview at the top left and select "Show all".

Select "Generic Flash Disk Media" under External in the menu on the left.

Select Delete.

In the Format field, select a format that does not contain "encrypted". If the USB device is to be usable with a Windows PC, select "MS-DOS (FAT)".

Select Delete.

The USB device is decrypting - wait!

The USB device is now decrypted. Select OK

Note: BitLocker is not available in Windows 10 Home.

Congratulations, you are done!
Previous Article Backup and restore OneNote
Next Article Send and receive large files with FileSender
Still Need Help? Contact Us