In Windows 11 Pro, a default setting involves activating BitLocker encryption, which can have a significant impact on SSD performance, sapping up to an alarming 45% of its speed as it compels the processor to handle encryption and decryption processes.
According to tests conducted by Tom’s Hardware random writes and reads, which have a substantial effect on overall PC performance, are particularly affected, but even sizable sequential data transfers are impacted.
Software Encryption to Blame
Despite the fact that numerous SSDs offer hardware-based encryption, which manages all processing directly on the drive, Windows 11 Pro automatically enables the software-based version of BitLocker during installation, without offering a straightforward option to decline.
If you’ve purchased a prebuilt PC with Windows 11 Pro, it’s highly probable that software-based BitLocker encryption is currently active. It’s important to note that Windows 11 Home lacks support for BitLocker, so encryption isn’t available in that edition.
BitLocker was not only increasing transfer times but also adding latency, while hardware encryption had no effect on hardware performance at all. For that reason, if you do have BitLocker enabled on your Windows 11 Pro, we recommend turning it off. You don’t need to worry if you’re running Windows 11 Home.
How to Disable BitLocker
To verify the encryption status of your drive, initiate an elevated command prompt by running CMD as an administrator. Subsequently, input the command “manage-bde -status” into the command line. This should show you a screen similar to the one in the image below.
Over here, you only need to look at two specific fields: “Conversion Status” and “Encryption Method.” The “Conversion Status” field provides information regarding whether encryption is active or not, while the “Encryption Method” field discloses whether the encryption mechanism is of the hardware or software variety.
If the “Encryption Method” indicates “XTS-AES,” as shown in the example above, it signifies the utilization of software-based BitLocker encryption. Conversely, if it reads “Hardware Encryption,” your system employs hardware-based encryption.
To deactivate BitLocker, you can do so by issuing the following command in the CMD prompt: “manage-bde -off C:” — ensure to substitute “C:” with the appropriate drive letter if your encrypted drive is not labeled as such.
Encryption is good for some users at risk, but I don’t think many probably even know it is enabled. Also, if you are not using a Microsoft account which stores your encryption key you will have to manually record it or risk not being able to access your device someday. This is why I think encryption should still be a opt in type of security feature.