Geek Rewind

Enable BitLocker with PIN and USB Key in Windows 11

Richard

ยท

The article provides a step-by-step guide on enhancing BitLocker security on Windows 11 by requiring a PIN and a USB containing a startup key during startup. BitLocker, which auto-checks for PC tampering at startup, can offer additional protective measures, hence shielding encrypted data more effectively. The article also instructs on enabling and disabling this feature.

This article describes steps to enable or disable additional BitLocker authentication by allowing one to unlock the PC OS drive using a PIN and USB when the computer starts in Windows 11.

BitLocker helps protect your computer data, so only authorized users can access it. In addition, new files created on a BitLocker-enabled drive will also be protected.

BitLocker will automatically check the PC at startup to ensure the computer has not been tampered with, including BIOS changes and other security risks.

By default, a PC with a TPM chip, which BitLocker recognizes, will automatically unlock the PC during startup. However, users can add security measures at startup to protect encrypted data.

You can require users to insert a USB drive containing a startup key and a PIN at startup before the computer can fully boot up.

Below is how to do that.

How to require a BitLocker USB and PIN at startup on a PC with Windows 11

As described above, you can require users to insert a USB drive containing a startup key and a PIN before the computer fully boils up.

Here’s how to do that.

You must first enable BitLocker on the OS drive. If you haven’t added BitLocker, read the post below to do so.

How to turn on or off Bitlocker in Windows 11

Enable PIN to unlock BitLocker at startup in Windows 11

With BitLocker enabled on your OS drive, open the Control Panel and browse to the BitLocker page.

Control Panel\System and Security\BitLocker Drive Encryption

Then click the link, “Change how drive is unlocked at startup.”

windows 11 change how dirve is unlocked at startup
Windows 11 changes how the drive is unlocked at the startup

Next, select the “Enter a PIN (recommended)” link to continue.

windows 11 choose how to unlock your drive at startup enter pin
Windows 11 chooses how to unlock your drive at startup. Enter the pin

Enter and confirm the PIN and click Set PIN. A PIN of 6-20 numbers long is required.

windows 11 enter a pin to unlock bitlocker at startup
Windows 11 enters a pin to unlock Bitlocker at startup

Close the Control Panel app to exit.

Unlock BitLocker with a USB drive at startup on Windows 11

Now that you have set up a PIN to unlock BitLocker at startup, you can also require a USB drive to unlock BitLocker.

Return to the Control Panel app and browse the System and Security -> BitLocker Drive Encryption to do that.

Then click the link, “Change how drive is unlocked at startup.”

windows 11 change how dirve is unlocked at startup
Windows 11 changes how the drive is unlocked at the startup

Next, click the “Insert a USB flash drive” link to continue.

choose how to unlock your drive at startup insert usb drive windows 11
Choose how to unlock your drive at startup. Insert USB drive Windows 11

Then, insert a USB flash drive and click Save.

windows 11 save your startup key on usb bitlocker
Windows 11 saves your startup key on USB BitLocker

If you wish to disable BitLocker requiring a USB flash drive or a PIN at startup, read the post below.

How to set up BitLocker to automatically unlock PC at startup via TPM in Windows 11

That’s it.

Conclusion:

  • Enabling additional BitLocker authentication on Windows 11 adds an extra layer of security to protect sensitive data.
  • Requiring a PIN and USB drive at startup ensures that only authorized users can access encrypted drives.
  • Users can follow simple steps to enable this security feature through the Control Panel, enhancing the overall security of their system.

Comments

  1. How to Enable BitLocker with TPM for Automatic PC Unlocking on Windows 11 Startup - Geek Rewind

    […] you have set up BitLocker to require users to insert a USB drive that contains a startup key and a PIN at sta… before the computer starts, the steps below show you how to revert to the default […]

    Reply
  2. Enable/Disable BitLocker Auto-Unlock in Windows 11 – Geek Rewind

    […] users can add additional security by requiring a USB flash drive and a PIN to unlock BitLocker at […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *