this post was submitted on 08 May 2024
131 points (96.5% liked)

Technology

34511 readers
416 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
[email protected]
131
Windows 11 24H2 will enable BitLocker encryption for everyone — happens on both clean installs and reinstalls (www.tomshardware.com)
submitted 4 months ago by [email protected] to c/[email protected]
47 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 20 points 4 months ago (1 children)

Hi, repair shop owner here.

Automatic Bitlocker encryption has been a thing since TPM 2.0 devices hit the market in 2018.

If a device is UEFI, Secure Boot is enabled, TPM 2.0 is present, and the user signs in with a Microsoft Account , then the disk is encrypted and the recovery key is saved to that Microsoft Account.

If those conditions aren’t met, automatic encryption doesn’t happen.

As long as they know their Microsoft Account Identifier, users can easily get to that key through the first search engine result for “bitlocker recovery key”: https://support.microsoft.com/en-us/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6

We don’t really have a hard time with it - if a user provides their login PIN, a short terminal command will let us grab a copy of their key before BIOS updates or battery disconnects.

I have had very few cases where folks suffered data loss because of Bitlocker. Most of them were HP Laptops that used Intel Optane accelerated SSDs - encrypting what is effectively a software RAID0 is a recipe for disaster.

The other few had an unhealthy paranoia where they were reluctant to share anything about themselves with Microsoft, yet still decided to use a Microsoft operating system. While setting up the computer, they created a new Outlook.com email (instead of using their primary email), made up a random birthday, and did not fill in any recovery options like a phone number or secondary email. With the password (and sometimes even email) forgotten, they created a situation where they could not prove the online account was theirs and therefore could not get to the recovery key that had been backed up.

I do think that Microsoft should have this as an opt-in feature during the out of box experience, which is how Apple has it set up for Filevault and how most Linux distributions are set up. Ultimately, most users will still mash “next’ through the process and later blame the computer.

I have had quite a few clients have their laptops stolen after car breakins. Their biggest stressor was the possibility of thieves having access to the data on those machines, and the fact that we knew their systems were encrypted with Bitlocker brought them a lot of relief.

[–] [email protected] -2 points 4 months ago* (last edited 4 months ago) (1 children)

well, the thing is not everyone want to have their PC connected to MS account for privacy reason

[–] [email protected] 4 points 4 months ago* (last edited 4 months ago)

Then don’t?

If you still want to use Windows and use their encryption solution, manually enable Bitlocker and store the recovery key yourself.

There are also third party encryption options.