BitLocker is Microsoft own solution in order to provide Full Disk Encryption on your Windows or on another partition.
Bitlocker is a solution for beginners. It does it’s job – sure, but it’s just basic encryption, even if you adjust the cipher settings under User/Group Policies (gpedit.msc).
Problems with Bitlocker
As an example, formatting a Bitlocked drive can be done without any backup verification. Formatting a Bitlocked drive most ways is like not using Bitlocker because this data or partition will be easily rendered readable by many types of software even freeware solutions. An average person with the right software from the internet in his hands could format a Bitlocked drive to clear the encryption or it’s keys, then use a recovery tool to re-initialize that partition in an unlocked state or simply batch extract all files on the drive.
BitLocker creation was never intended to be a concrete safety vault while VeraCrypt/TrueCrypt was meant to be designed to really ‘secure’ every aspect.
Bitlocker is simply encryption designed for beginners and nothing but this. A much better encryption type, that’s free on open source, is VeraCrypt. Its algorithms are more robust and up to date, it uses containers – including hidden containers feature in order to hide them which makes it harder to recover or see something on this partition. Using something like VeraCrypt to create an encrypted container on a drive that has been encrypted with Bitlocker increases the safety of your material astronomically. However, I do not recommend using this method because it has an impact on the performance and VeraCrypt is usually more than enough.
The hardware encryption, however, will supersede software encryption due the fact it’s more difficult to ‘hack’ or compromise because an attacker needs physical access to it.
For the average user, Bitlocker does what it’s supposed to do, is fully integrated into the Windows OS – while VeraCrypt works on other systems too – Bitlocker does work and it’s not useless like people on the Internet often say.
Combining BitLocker with VeraCrypt the right way
You could (if you want to) combine both, you can FDE your Windows with BitLocker (due speed reasons) and create a separate container for each HDD or for each partition in order to get benefits of both things. As mentioned it’s not needed to normally use Bitlocker with VeraCrypt but the container aspect could make it interesting if you have special files which need ‘special’ protection.
You also can in case your hardware is lacking of TPM support use a Yubikey or Nitrokey which at least gives you more security because you can take this piece of hardware with you, that said both mentioned solutions are not perfect – but nothing in the world is.
I personally use a VeraCrypt FDE + some containers on my drive that is Yubikey unlocked for safekeeping moderate personal records and documents. I think this strategy is still good to go and I suggest you at least try it yourself in order to come to your own conclusions.
Hidden containers – a ‘killer feature’
VeraCrypt alone surpasses 100% of all paid encryption software I’m aware of. Features like the hidden containers function work well. An attacker will never find them unless a problem/hole is in the system or software. Basically, formatting removes the encrypted container holding encrypted information, so the data is unrecoverable. This alone is an outstanding feature and incredibly useful.
Why do I not mention open source etc reasons?
Open source is fine and it has it’s reason to exist, sure thing but for most of the people especially the non-tech persons it doesn’t make any difference because they don’t verify their downloaded files and not checking the source nor reviewing the commits done to the projects. Open Source by itself has more benefits compared to closed source but as mentioned, the benefit is not guaranteed and we had malware, flaws etc the same way like we had used closed source software.
However, I mention it because people might say everything which is closed source is evil, well I can say you – it’s not and at some point, you want to protect your own product from certain things.
In general, open source should in my opinion preferred but to generally say it’s better is simply incorrect, as mentioned, Windows BitLocker solution does a basic job but it’s far away from getting my recommendation when it comes to ‘the best solution you can go with’.
You can also buy hardware in order to protect your files, AES-256+ units or FIPS 140-2 validated USB 3.1 drives are more expensive but it’s worth if you’re willing to increase your privacy setup. The drives are these days mostly 20% more expensive, overall, compared to their brothers without hardware support. Of course, you will also find some products which offering more advance ‘encryption’ but it’s mostly not worth since you can simply use VeraCrypt and benefit from it’s features which are also easily configurable.
BitLocker alone doesn’t get my recommendation, VeraCrypt is in this case much better. Combining them or using a YubiKey etc. is, in my opinion, a good solution. The hardware aspect is another thing if you effort it but it didn’t get a focus here because you simply have to pay for ‘more security‘.
VeraCrypt is still the best option you have, it works across several operating systems since you can manage your keys or partitions how you like, the documentation is complete while Microsoft owns documentation looks more half-cooked done.