Enable BitLocker encryption, and Windows will automatically unlock your drive each time you start your computer using the TPM built into most modern computers. But you can set up any USB flash drive as a “startup key” that must be present at boot before your computer can decrypt its drive and start Windows
Enable BitLocker (If You Haven’t Already)
This, obviously, requires BitLocker drive encryption, which means it only works on Professional and Enterprise editions of Windows. Before you can follow any of the steps below, you’ll need to enable BitLocker encryption on your system drive from the Control Panel.
If you go out of your way to enable BitLocker on a PC without a TPM, you can choose to create a USB startup key as part of the setup process. This will be used instead of the TPM. The below steps are only necessary when enabling BitLocker on computers with TPMs, which most modern computers have.
If you have a Home version of Windows, you won’t be able to use BitLocker. You may have the Device Encryption feature instead, but this works differently from BitLocker and doesn’t allow you to provide a startup key.