In Microsoft’s words, Windows 11 “enables security by design”—and I love to see that deliberate focus on protection from ever-increasing threats. The less we all have to worry about our sensitive information falling into the wrong hands, the better.
But currently not all Windows 11 users have access to those higher safeguards. At least not when it comes to automatic device encryption, a feature that flips on by default for users signing on to their computer with a Microsoft account. (You want this feature active because it keeps your data scrambled when not in use and thus safer if it falls into the wrong hands.)
Our breakdown of encryption in Windows 11 goes over the nuances, but basically if your Windows 11 Home computer doesn’t qualify for automatic device encryption, you have to manually work out a way to get equivalent protection. Given that most people barely touch their settings, much less bother to think about encryption, this means Windows 11 isn’t providing seamless defense against bad actors to everyone.
That outcome doesn’t have to be our reality, though. Microsoft already offers a form of device encryption with more flexibility. Heck, Windows 11 Home’s Device Encryption actually runs off the technology. If you’re familiar with the differences between Windows Home and Windows Pro licenses, you might already have guessed—I’m talking about BitLocker. BitLocker can be run on hardware without Modern Standby or even a TPM, two big tripping points for desktop PCs and some laptops when it comes to automatic device encryption. And because it’s integrated into Windows, technophobes will find it less intimidating than third-party software.
But to get access to BitLocker, Windows Home users have to pony up another $99. That’s a hefty premium to get the same level of security as other Home users. If someone can’t afford that amount and finds third-party software like VeraCrypt beyond their comprehension, they have no other choice but to go without encryption. And many people in this predicament will be laptop users, who face a higher risk of their device being lost or stolen.
Have just one bad day, and there goes all your private info—which could include passwords, tax info, and other vital details saved in regular documents and spreadsheets. A thief doesn’t need to crack a password to get that data. Without encryption, combing through a PC’s files is straightforward. A smart user can partially ward off this fate by using OneDrive’s Personal Vault feature, but unless you’re a paid Microsoft 365 user, you can store only three files in this secure folder.
(For the record, we don’t recommend saving passwords in a plain document, even if you place it in an encrypted folder. A password manager is a better bet.)
To truly ensure Windows 11 provides the strongest security possible to all users, BitLocker should be available to Windows Home licenses as well. The technology is already baked in and ready to go. More importantly, BitLocker’s more sophisticated settings would keep users from turning off automatic encryption because they don’t know where the recovery key is saved and mistakenly believe they could become locked out of their own data. BitLocker allows manual saves of the encryption recovery key.
Even if Microsoft execs balk at the idea of losing out on revenue by making BitLocker widely available, at the very least, the feature should be accessible. I hate microtransactions in general, but paying $10 or $15 bucks to switch on BitLocker would be stomachable. It’s still affordable enough for most people.
But you know, Windows’ biggest rival doesn’t charge a cent for device encryption, and the feature is presented in a simple, straightforward way. There’s something to be said for Apple’s mantra of “It just works.”
Alaina Yee is PCWorld's resident bargain hunter—when she's not covering PC building, computer components, mini-PCs, and more, she's scouring for the best tech deals. Previously her work has appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine. You can find her on Twitter at @morphingball.