FileVault vs. Microsoft BitLocker

Maria updated on Feb 13, 2023 to Knowledge Center

An encrypted disk can be a physical partition on a hard drive or a virtual disk stored in a file. After data on a partition has been encrypted, it can only be accessed with the correct password.

Users must set up a secure password to access their encrypted data regardless of which encryption method is chosen. Once a secure password is established, a recovery key will be generated mechanically. You should keep this recovery key in a safe and secure place, such as an envelope, so it doesn't become lost or forgotten. Users who forget their password to access an encrypted drive cannot retrieve their data without the recovery key.

BitLocker vs FileVault


FileVault, a built-in encryption tool on your Mac, protects your data in transit and at rest. Its purpose is to encrypt the information already on your Mac's startup drive and any new information that may be created or stored on your Mac. Information stored on your Mac's hard disk is automatically encrypted and decrypted as you use it.

How does it work?

The user's home directory and all its files are encrypted using FileVault. FileVault encrypts and decrypts files while you access them in your home directory in the background. The user's home directory becomes accessible after login, but its icon changes to a lock to indicate that it is encrypted and mounts only once the user enters their password. However, the files in the home directory are inaccessible to other users on the same Mac.


The plus side is that OS X already includes FileVault, so there's no need to shell out extra money to upgrade (like in Vista). No hard drive upgrades, disk partitioning, or startup USB keys are required.


One drawback of using FileVault is that when you log out of your Mac, OS X may ask if it can recover space from the dynamic disk image. You can avoid this step if you like, but it may take a while if you choose to proceed. Furthermore, unlike BitLocker, thieves can still boot up your Mac with FileVault enabled; they can't access your home directory.


A Recovery Partition must be present on the computer's primary hard disk (HDD) or primary solid-state drive (SSD).

All user accounts on the machine need to be "secure token" accounts, which means they were generated by the OS and not by a third-party script. If a Chapman-issued Mac wasn't imaged with macOS 10.13 High Sierra, it won't be able to run the newer version of macOS and will need to have the operating system reinstalled by an IS&T professional.


One of Windows' built-in security features, BitLocker Drive Encryption, scrambles all data on the system drive. Encrypting data on your device is a useful precaution to take. A decryption key, such as a password or PIN, must be read.

How does it work:

BitLocker requires a Trusted Platform Module, a piece of hardware, to function properly (TPM). The Trusted Platform Module (TPM) is a smartcard-like module embedded in the motherboard of many modern computers. BitLocker uses the TPM to secure the recovery key.

Enable BitLocker:

A secret code must be entered before the computer can be turned on (a "PIN"). During the BitLocker activation process, a recovery key is created. You can use the recovery key to enter your computer if you forget your password. As soon as the recovery key is generated, your computer will ask you to restart it. When the machine is restarted, the encryption procedure starts.

BitLocker's Benefits:

BitLocker's purpose is to prevent unauthorized access to or theft of sensitive information stored on a computer's hard drive. Here are the primary advantages:

  • It encrypts the entire disk and relies on the TPM module to provide maximum safety.
  • BitLocker's keys can be securely stored in Active Directory automatically.
  • Since it is built into Windows, there are no extra fees associated with using it.

BitLocker requirements:

  • Install TPM 1.2 or later.
  • A disposable starting key is needed without a TPM.
  • For OS to start the chain of trust, a TPM requires a Trusted Computing Group-compliant BIOS or UEFI.
  • BIOS/UEFI must support the USB mass storage device class.
  • Storage drives need several partitions.
  • NTFS must format the OS disk (NTFS).
  • UEFI-based system drives must use File Allocation Table 32.
  • NTFS must format BIOS-firmware system disks.


Both BitLocker and FileVault provide a high level of security, but if I had to choose between them, I'd go with BitLocker due to its superior "total-lockdown" feature. Yes, the bothersome repartitioning rigamarole and price of Vista Ultimate or Enterprise are a pain, but a thief isn't going to come near to anything on that disk, regardless of where it's kept, and I like it that way.

Hot Donemax Products


Donemax Disk Clone

Clone hard drive with advanced clone technology or create bootable clone for Windows/Mac OS.

Donemax Data Recovery

Donemax Data Recovery

Completely and easily recover deleted, formatted, hidden or lost files from hard drive and external storage device.

Donemax Data Eraser

Donemax Data Eraser

Certified data erasure software - permanently erase data before selling or donating your disk or any digital device.