Check Current Bitlocker Encryption Method

Before doing anything, you can check the current encryption method used by the BitLocker and see if it is running AES 128-bit or 256-bit encryption. Press “Win + X” and select “Command Prompt (admin)” to open the command prompt with administrative rights.

Now, enter the following command and press the Enter button. If there are any BitLocker encrypted drives, Windows will list all of them. In the listed details, you will see the encryption method used (AES 128-bit or AES 256-bit) next to “Encryption Method”.

If you are seeing the encryption method as AES 128-bit, then you can proceed to change the encryption method to AES 256-bit.

Change Encryption From AES 128-bit to 256-bit

To convert Bitlocker to use AES 256-bit encryption, we will need to edit the group policy settings. Press “Win + R”, type gpedit.msc and press the enter button.

The above action will open the Windows local group policy editor. Here on the left pane, navigate to “Computer Configuration -> Administrative Templates -> Windows Components” and then select “BitLocker Drive Encryption”.

Now on the right pane, double click on “Choose drive encryption method and cipher strength”. This action will open the encryption method settings window, select the radio box “Enable” and select “AES 256-bit” from the dropdown menu under encryption method.

Once you are done with the changes, click the Apply and Ok buttons to save the changes. From this point forward, BitLocker will use the AES 256-bit encryption method to encrypt your new volumes. If you have already encrypted a drive with AES 128-bit encryption, then there is no easy way to convert that drive into AES 256-bit. The only thing you can do is to decrypt and re-encrypt the drive again. Last but not least, always store your recovery keys in a safe place. If you forgot or lost your BitLocker password, it is almost impossible to recover the data in the encrypted drive. Would you prefer BitLocker to start with AES 256-bit encryption method by default, or do you think AES 128-bit encryption is sufficient for you? Let us know in the comments below.