Desktop and WorkstationsEncryption of desktop and notebook computers and removable storage devices
Encryption of hard disks and storage devices to protect stored data
We recommend the following features for the various operating systems:
BitLocker for Microsoft Windows
BitLocker is an integrated feature of the Professional and Enterprise versions of Microsoft Windows for the encryption of system partitions, hard drives and removable storage devices. The purpose of BitLocker encryption is to prevent strangers from accessing your data if your device is lost or stolen. It is therefore especially recommended for portable devices like notebook computers and for removable storage devices like USB sticks and removeable hard drives.
The encryption uses 128-bit or 256-bit AES. BitLocker can either use a Trusted Platform Module chip (TPM) (Version 1.2 oder 2.0) which is available in most newer computers or - for older computers without a TPM chip - a key file stored on a USB stick or a PIN.
In the event that it is no longer possible to access an encrypted storage device via the operating system, the user can decrypt the data carrier with a recovery key. This will be created during the encryption process and should be saved by the user in a secure location. For work computers that belong to the domain ad.uni-heidelberg.de, an additional backup of the recovery key should be stored in the device’s computer object in Active Directory in order to prevent the loss of the recovery key.
BitLocker is exclusively available for Microsoft Windows. For macOS, we recommend using FileVault; for Linux, dm-crypt/Luks can be used, for example.