If you use Windows RT 8.1 on a Surface or other RT device, your files are automatically encrypted using BitLocker whole disk encryption.
You never have to set it up or create a special password, you don't have to wait for the disk to get encrypted; the system is preset to use encryption and as soon as you sign in with a Microsoft account the encryption is turned on and the recovery key is saved to your SkyDrive account.
So far, so safe; if your device is lost or stolen, no-one can get at your files, even if they break it open and connect the SSD to another computer. If RT takes off, this could be the biggest adoption of encryption for consumers.
This isn't new; encryption has been in RT since it first came out with Windows 8. But since 8.1 came out, a number of RT users have run into an irritating problem. For some reason, for some people, when you power cycle your RT device - by restarting to apply a Windows Update patch or just by running out of power completely - when it turns back on, it won't start until you type in the BitLocker recovery key.
This is confusing, because most people don't know they have a BitLocker recovery key. (because they didn't have to do anything). And while the instructions tell you exactly what to do, you have to be able to use another computer or a phone to go online and get the recovery key - and that has to be what Microsoft calls a trusted device.
Read more at: Surface, BitLocker, and the future of encryption | ZDNet