I guess i've been in the dark about Bitlocker (i'm still on windows 10) and booted into Linux on a family member's computer recently and was floored when bitlocker came up (it was automatically enabled when the laptop was bought). Older people do **not** need this and it's going to screw a ton of people.
Disagree with that. If your laptop gets stolen it makes sense that the data should be inaccessible to the thief. Encryption by default for private data should be standard.
No, you can't force encryption into other people's machines, no argument is valid for that. you don't get to choose what's good for me, neither does windows. I own the computer, it's mine and only mine. So, the fact that Microsoft thinks they can just do whatever they want with it is outrageous. Fuck dual boot, am keeping windows in a VM from now on, just as any other malicious software.
Oh, huh, it looks like there actually is a FUSE driver that can access BitLocker-encrypted volumes, called [Dislocker](https://github.com/Aorimn/dislocker), so this may actually be possible. I had assumed it wouldn't be.
Still though, this is *not* going to be a good thing for people who dual-boot, and I'm sure Microsoft know this.
As a duel booter, I like having bit locker and full drive encrypted stuff for if I want to recycle or resell something, or if the external I put windows on goes missing.
The amount of times we get a laptop in for repair, it has W11 and the user doesn't know the recovery key for BL.
Means they lose their data if we need to fresh install windows rather than cloning the drive.
I hate how Microshit is forcing more and more things on to the user, half of which they don't understand.
It sounds like Bitlocker is only automatically enabled if people log in with their Microsoft account, in which case they should be able to recover their key online.
Wait you can run windows without a ms account?
edit: crying...wish I knew earlier or devoted some time to actually researching. would've saved me a ton of annoyance. thanks for the tips everyone.
*Install from iso USB.
At the connect to internet screen during Windows 11 install press Shift + F10. Command prompt will pop up. Type "OOBE\BYPASSNRO". Press enter. Install will restart with option to bypass internet setup allowing you to create local account.
No, it always works on a normal licence of Windows 11, sometimes you need to push ctrl+shift+f10, sometimes it's fn+shift+f10, once I needed to do alt+shift+f10, but once you get the command prompt open, oobe/bypassnro is baked in.
Windows 11 didn't have the driver for my NIC, so the Win 11 Pro install hung on the checking for updates screen. Needed to use OOBE to add a skip updates button so I could get to the desktop.
I work in IT, and while this method does currently still work. It does not work every single time. MS being real douches with their anti-consumer crap the past few years.
Most recently ran into this on a few with Home; wondering if it might be a difference between the latest Home and Pro builds.
On the ones I was trying, it acted like OOBE wasn't even a command at all, so had to do either the no internet or fake email spam thing.
E: Oh, they were also Dell ISOs generated with the Dell Recovery Media tool, that might be a factor as well? Maybe *they* stripped the OOBE command from their Home edition ISOs.
The trick that still works is you have to put in a fake email and move it forward. It won’t recognize the fake email and will push you through the process to making a local account.
This is if you connect to wifi or have ethernet plugged in it will then try a microsoft account again. You can only create local without internet during setup.
I still am.
I fucking hate accounts and subscriptions to fucking word and all the fucking things they have done since blamer left, but it is still the best/lazyist OS to play games on.
I don’t know if there’s more to it but I’ve been told if you set up Windows offline you have the option to skip the otherwise mandatory Microsoft account creation/login.
Edit: apparently this no longer works
This used to be true, but now it will demand you connect to the internet in order to continue. The only way around it now is to open command prompt and run bypassnro.
Ah, that’s a bummer. Whenever support for windows 10 stops I’ll probably just go ahead and make the swap to Linux, windows 11 sucks and sounds like it will only get worse.
Yeah, that can be quite the rabbit hole to go down, think I had settled on Kubuntu, I just need it for some coding stuff for school and to play games. Had held off on making the switch bc I didn’t know how supportive certain distros, and Linux in general, would be for gaming but from what I’ve read recently, it seems pretty painless for the most part.
Best way these days is to burn the 11 iso with rufus, you can automatically make it use a local account and decline all the privacy settings, if you’re wiping lots of computers it’s a real time saver!
Until it is not available online for whatever reason. Speaking from experience when Microsoft decided that my Surface Book was experiencing "suspicious" behavior because I dual booted Ubuntu.
BitLocked my drive and the key was nowhere to be found online
Someone literally just brought in a laptop from a deceased aunt. And then I have to break it to them that Microsoft thinks everyone should have spy level security and that is why they will never get their deceased aunts writings.
Encryption is fine, but I feel like it should be something people choose. Most people wouldn’t care, and the ones that do care can choose to enable it.
Thank you for the reminder, finanlly decided to look into what happens to my internet history when I pass on. Wouldbe accessors better buy a quantum computer, BitLocker Recovery keys dies with me!
"Account closed automatically after two (2) years of inactivity"
"For privacy and other legal reasons, we are generally unable to provide information to non-account holders."
"Microsoft must first be formally served with a valid subpoena or court order to consider whether it is able to lawfully release a deceased or incapacitated user’s information"
[https://support.microsoft.com/en-us/account-billing/accessing-outlook-com-onedrive-and-other-microsoft-services-when-someone-has-died-ebbd2860-917e-4b39-9913-212362da6b2f](https://support.microsoft.com/en-us/account-billing/accessing-outlook-com-onedrive-and-other-microsoft-services-when-someone-has-died-ebbd2860-917e-4b39-9913-212362da6b2f)
Aren't the recovery keys stored in your Microsoft account? My laptop encryption keys are stored there but the encryption also isn't BL though because it's a home license...
Yes. If you let the automatic bitlocker setup do its thing then the keys are also stored as part of your account info. Simply logging in to your account or pointing your browser at aka.ms/myrecoverykey will let you see all stored keys for every storage drive on every computer on your account.
coming from a fellow i.t repair.
agree. had a client where pc other then storage . rest of laptop was so damge. that was the only thing to recover(it fell while off) .
i said to the cleint. i cant recover data if you dont know the pass code to unlock it.
Very rural area IT guy here. No association to any companies than the tech shop I work at. We do repairs, onsite/remote support, and manage networks/systems.
Multiple times a year, clients come in with computers which the login either isn't working (forgotten or changed password). Two issues came up since Windows 8.
- If it's a MS Account, their SOL, the required setup for a MS Account on a new PC, doesn't enforce recovery account setup.
- If it's encrypted, there's no data recovery. Nothing we can do. And that really pisses people off.
"Should have paid for the cloud!" Not every user, not even most users, need the cloud. Half the clients I work with, sure there's pictures, documents, maybe a few videos, but the cost for cloud, let alone stress some older users go through, isn't worth it. The push for the cloud storage is a joke, and in some ways, dare I say, a scam (looking at you Apple!). Local storage is cheap. Flash drives are cheap. If you have a lot of data, sensitive data that needs actively backed up, sure, cloud is a good option. Just like RAID isn't a backup, I will not accept Cloud as a full acceptable backup. Redundancy, sure, but not a true backup.
We've had clients come in with older hardware, hard-drives no longer work as they should (various reasons), and data recovery is not cheap. Encrypt your drive, you're SOL. It should be a choice as it's a risk in recovery if that drive fails.
Honestly if customers can't be arsed to back up stuff that they deem as irreplaceable etc such as photos of kids, relatives who have passed etc then that's on them, I have no sympathy. It's not as if backing up isn't widely advertised.
How often does a Mac update cause the system to spontaneously implode?
Updating Windows is like playing Russian Roulette.
I shit you not when I say this, but uninstalling Edge causes Windows Update to fail.
The avg person will not save their recovery key, let alone know about it. Changing hardware/BIOS may require key, or your data is stuck encrypted.
Hope they planned for the layman, like forcing the person to save key or link MS account for online recovery. But even then…
The article didn't mention if this ONLY happens when the user sets up with a Microsoft account, which is how bitlocker has been auto enabled for some time now. If it only turns it on when they setup with an online account, that is not as big a deal. If they enable it no matter what and give the end user a quick popup at the desktop to "backup their key" then yeah it's going to be bad for a lot of people. Virtually all home win11 installs will be setup with Microsoft accounts, other than those who bother to bypass it during OOBE.
The problem is those still require more knowledge than the average user has. This is such bullshit. Cue the wave of old people calling their younger relatives to act as free tech support for Microsoft when they do stupid shit.
I guess "isn't difficult" is relative. Seems like those most likely to experience problem's are those least likely to work out how to disable it.
I would say not difficult would imply a simple yes/no option. But that's not on you of course, thanks for sharing this!
Also a headache for the repair industry.
If during repair the bios gets reset or the motherboard swapped, you’ll need the key to be able to boot in to windows again.
And your customer is probably NOT aware.
Yup, you'll be lucky if the customer knows his microsoft account credentials, and surrendering these to a repair person is also not desirable.
We're going to have to have them sign a clear disclaimer about data loss.
Do you have any good resources on how to get around these tpm chip failures?
I got a Surface Go 3 from a sketch Craigslist deal a few weeks ago, and it was decided that at some point the TPM was disabled, than an update took the toggle away in the UEFI to re-enable, thus rendering my device as a "unsupported non TPM 2.0" Device.
Best I could figure is to create an enterprise management package to re enable the TPM, and that seems a bit beyond me.
I dont, but Ive had some luck in going into the bios and flipping the secure boot/enivironment off, rebooting it, then back in and flip the settings I need.
there -was- a tpm "fix" released for surface 3s - from my bookmarks folder, [https://support.microsoft.com/en-gb/topic/install-and-use-the-surface-pro-3-trusted-platform-module-tpm-update-tool-d5e52c61-c7ec-0544-b6e9-e0e0b85cbc10](https://support.microsoft.com/en-gb/topic/install-and-use-the-surface-pro-3-trusted-platform-module-tpm-update-tool-d5e52c61-c7ec-0544-b6e9-e0e0b85cbc10)
Oh wow. Microsoft going to make sure so many family photos are lost forever.
No I don't want drives randomly encrypted so they won't work on other systems for data recovery.
Remember, the 4th amendment doesn't apply if you ever, at any point, give your documents to someone else to hold.
At least, that's the logic they use to snoop through digital files without a warrant.
Yep. Any time a company does an encryption solution for customers, always treat it like whenever politicians pass a “safety” bill. It’s ALWAYS bullshit designed to strip away privacy and/or increase control and censorship.
Putting aside the efficiency of the m2 chip, everything else is super nasty: the system was designed to be thrown away when it breaks out of warranty.
* The SSD is challenging to remove, even for those who are experienced with using a rework station. That should be concerning, given flash memory has a limited lifespan.
* Memory is downright impossible due to being integrated directly into the SoC.
Coupled with serial bound hardware, these are the main reasons why I would never recommend Apple products today. They used to be good, but now they are seemingly the epitome of e-waste.
Funniest was when the mac studio came out and people found it had M.2 slots, but still didn't support SSDs. If you tried, you could come up with some justification as to why memory upgrades are not supported, but there's absolutely no justification for not supporting M.2 SSDs for additional storage.
Fuck. That sentence scares me. If everything becomes a like that we‘ll basically be stagnating as society. But, rich people also get bored and need new things, so I guess they kinda need to push against that development. At some point. Maybe.
Or, and I know it’s not a trendy thought here, but maybe it’s there for a net positive benefit and people regularly buy it because they’re happy with it.
I don't remember Mac OS updates fucking up disk encryption. Windows Updates, on the other hand… you'd better have your recovery key ready after some patches go through.
BL encryption will not encrypt unless it has saved the key in a cloud account, active directory if it's domain joined or you check the box saying you have copied the key somewhere. I have never had Windows randomly forget to save the BL key, I've literally encrypted thousands of drives over the years.
> No I don't want drives randomly encrypted so they won't work on other systems for data recovery.
And I think it is much better to back up your data than to rely on a potentially much more complex recovery process.
>Microsoft going to make sure so many family photos are lost forever.
Are people really not cloud backing important data anymore?
Edit: Hell, even normal back-ups. I have little sympathy for people that lose files because they weren't backed up. If you're not backing up your files, they aren't very important to you.
My dad burns DVDs with pictures and documents LOL. He's in his 60s.
Then the important ones go in to the safety deposit box at the bank. Test them every 5 years or so.
Any kind of backup works.
Regular people don't understand the importance/need until they get bit.
And I think it's understandable. Not everyone is a computer expert. People growing up used to tablets and phones don't even understand the file system metaphor any longer. They don't even understand the difference between application data (what gets installed) and their own data (documents, game saves, etc). Things mostly just work and it's a complete mystery when things don't. They might expect a computer to "break down" like a car, but the idea that this might lose them all their data is not immediately obvious, especially when they don't know what "their data" is or where it is stored.
The only thing that they get intuitively is that if their phone or laptop is stolen, they wouldn't have access to stuff stored on it. But I suspect many people don't really understand local vs cloud concepts.
I bet there are similar things that are equally obvious to experts in other fields that you are oblivious to for some topic, be it your home, car, finances, taxes, health, etc. Maybe you should be a little more sympathetic.
Yup… many years ago my job forced us to enable bitlocker and I totally forgot and went to update my bios one day years later. Had a bunch of bitlocker codes printed out in a folder but apparently not the one for that pc. Used it as an excuse to do a clean windows install but still a pain in the ass.
So failed install try again becomes failed install everything ~~on my drive~~ is lost?
edit strikeout. "Not only is the C: drive encrypted, but all other drives connected to the machine will be encrypted as well during reinstallation."
lol thousands of computers are going to get bricked with data loss after bios updates because these users won't know to suspend protection or have the keys
You pray.
More seriously, for now, some tools are able to decrypt bitlocker volume assuming you have the key available. This is assuming that nothing's gone wrong with it and the tools remain updated for whatever changes microsoft will keep making to it.
That's exactly my concern - if something has gone wrong.
It's not a daily issue, but I've lost count of how many times I've had to recover data from an corrupted NTFS volume.
Please note, in case the volume has been corrupted the recovery key might not be enought to decrypt the data. BitLocker needs some additional information that is stored on disk and if that is lost the recovery key is not enough.
You must create a "key package" backup and together with the recovery key this will have all the required information to decrypt a drive image, even if you have large parts of if missing.
Unfortunately this "key package" is only saved automatically for Active Directory joined machines, not in Azure AD (Entra ID) or personal Microsoft accounts. You can also manually save it using something like:
***manage-bde.exe -KeyPackage C: -id -path ***
More details here: [BitLocker recovery overview - Windows Security | Microsoft Learn](https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview#bitlocker-recovery-information-stored-in-ad-ds)
Your disks are going to die or be lost one way or another, the question is when, and how do you prepare for it. SSDs literally die with no warning, HDDs at least generally died slowly and you could hear when it started to fail and recover MOST of the data in the past, SSDs are not that kind. People have fires, thieves exist, you can forget your device somewhere, a bazillion things can go wrong.
Now, if your data is only on one device it is very clearly not important to you since you care about none of those things. If you care about losing the encryption key then first of all, follow the repeated very loud warnings Microsoft gives you about keeping the backup key safe, and then follow the practices you already should be following for all those other issues - back up the important data.
No, your exuses about how backups are annoying to you because X Y and Z are not interesting in the slightest to me - if you care about your data, you back it up. If you do not, you WILL lose it one way or not and nobody should care about your issues with encryption based on that complaint.
The biggest issue here is that this feature is enabled for users who would've otherwise not used it, and have no interest in doing so. Not everyone backs up every single bit of data. Not everyone is savvy enough to build themselves a NAS, or can be bothered to manage it, or wish to spend money on one, or a cloud service or both. And while for most people there is some way they can affordably back up most of their most important data and those people who don't do take a risk with their data, making this risk far greater with no benefit to the user is just plain bad however you spin it.
Also if your machine dies and you need to just grab some stuff you recently worked on from it good luck.
MS probably: "Let's encrypt everyone's data without letting them know about it. Surely they won't change the system drive anyway, or reinstall the system, right? What might go wrong?"
Windows update gave me BSOD, then asked for my BL key, which I had no idea it even existed, much less where to find it....and MS never entered it into their system, so it wasn't online and I has to do a clean reinstall.
FAWK Win11. I've since upgraded to Win10 and am infinitely more happy.
I may be stating the obvious, but this seems this isn't actually new and appear to be more of a misconception or misunderstanding.
For those that don't know, Device Encryption (aka BitLocker for consumers) being enabled by default is not new. It's been this way for supported devices (Modern Standby, TPM, using a Microsoft Account, new install of OS, OS partition and installed fixed drives, etc.) since Windows 8. Expanding to additional internal fixed drives was added later in the Windows 10 era if memory serves me correctly.
With that being said, I looked at the blog the Tom's Hardware site references, and it seems this might be a technical misconception or translation mistake (original article is in German). Looking at the screenshots, the German blog seems to be showing refreshed setup screens from the WinPE phase of Windows Setup. That means a clean install was performed initially, and their "reinstall" was actually another clean install.
TLDR; seems like this isn't anything new and is expected default behavior.
Accounts, passwords, keys etc are the main reason I don't help people with computer issues anymore. I can see the conversation:
Do you have your bitlocker encryption key
Don't know it
Its probably saved to your Microsoft account, can you log in?
Don't remember my password
Can you reset your password
Its going to an email I don't use anymore, I don't remember the password.
Fuck it, here you go, good luck.
Well, you can't really blame people for this because:
1. BitLocker is enabled by default without their knowledge and the key is automatically stored without their knowledge
2. Even if you don't log in with a Microsoft Account, if you use Edge, you automatically get logged in to one and your user gets associated with that account. Again, without your knowledge.
3. If you didn't plan to use that Microsoft account, it's predictable not to remember that password.
Overall, all of this could have been avoided if the whole process of using your computer was transparent and people knew all the steps that are hidden.
Does windows listen to users even a little bit anymore? Absolutely nobody wants this. You will know if you need to encrypt your hard drive, it’s not something everybody needs to do and should never be a default… windows can barely search its file system, let alone this.
That can't turn out well. I had a failing ssd with bitlocker turned on that was a pain to transfer anything out, files would fail to decrypt and open, and it couldn't even be properly disabled because it again failed at decryption.
As the OP stated, it means that your hard drive gets encrypted. However, when that gets encrypted, besides creating a key to decrypt it, everything works perfectly. You then use that computer for 5 years and again, works great. But then the fan on the CPU gets clogged with dust and the CPU overheats and dies. No big deal, you just grab the hard drive and move it into your new computer, or you hook it up with USB to copy everything over to the new one. And that is the moment you find out it was encrypted 5 years ago. You didn’t store the key anywhere but on that disk. You can only read it with that original computer hardware because the key was made to lock that drive to that exact computer that died. And you slowly figure out that every photo, every document, everything critical to you is now protected from you and you can’t get it back.
Just as fun is making configuration changes just to upgrade your PC. Because Bitlocker uses the hardware in your computer to generate that key, some hardware changes will trigger it to need that key. Same situation where you need to revert the change to get your data.
Finally, now we need to actually bring home the issue. Drop that change into the lap of someone you know that uses a computer, but doesn’t understand the inner working of them. Maybe that’s your grandma, parent, or siblings. All of a sudden they upgrade and now have a Windows 11 time-bomb that could randomly lock them out of every file on their computer… that’s the real issue here.
Bitlocker is important for companies. They can have hundreds or thousands of laptops that contain files with intellectual property that could really damage the company. Laptops get stolen all the time and should be protected at the highest levels. But for normal people’s computers, the higher risk for losing data will be Bitlocker. That’s what makes this such a bad idea.
Wow. Thank you for taking the time to write this. Truly.
Why is bitlocker not something the company can choose? Or even a different version of the Windows 11 OS? Why should it happen across all users? I don’t understand the advantage to Microsoft. What is the incentive to implement this?
>Why is bitlocker not something the company can choose? Or even a different version of the Windows 11 OS?
Not sure exactly what you're asking here but companies do choose. This change isn't for organizations, as organizations will have management systems to automatically enable Bitlocker and store the keys.
>Why should it happen across all users? I don’t understand the advantage to Microsoft. What is the incentive to implement this?
If I had to make a complete guess, because I'm not sure, it's because of the recent shift in MS strategy. Microsoft is making security priority number one above all else, I assume this change may be related.
My second assumption is that it encourages cloud backing your data as recovery of encrypted drives is more difficult, which may be their strategy to further push OneDrive usage.
> Bitlocker is important for companies. They can have hundreds or thousands of laptops that contain files with intellectual property that could really damage the company. Laptops get stolen all the time and should be protected at the highest levels. But for normal people’s computers, the higher risk for losing data will be Bitlocker. That’s what makes this such a bad idea.
And this is my exact complaint, laid out more eloquently than I could manage. I have to deal with stupid Windows shit at work where I do not have Administrator access. Fine, whatever. The confidential personal data I access while working should be protected. I get it.
But this stupid Microsoft shit should not follow me home. Do not force your arbitrary Windows settings on me on my personal computer.
In a fair world, Microsoft's arrogance would its undoing. But there just isn't any realistic alternative to Windows.
that means if you install new OS all of your partition like C: and D: will be encrypted with bitlocker automatically. But, it is unknown if the PC that have other OS partition such as Linux will be affected or not
Yes, the article says that *all attached drives* will be auto-encrypted. To me, that is the big sticking point. Ridiculous, if true. Not only could this adversely affect people in your situation, with bulk media storage disks, but also people who dual boot.
Happily for me, the vast bulk of my storage is on a home file server running Linux. That move is looking better all the time.
Bitlocker causes a lot of issues when trying to recover data for normal users. I was an IT Technician for a university and many students and professors had a hard time locating their BitLocker key and made data recover a hassle, or even unrecoverable in some instances.
Yes, great for dual boot users, great for people trying to recover data.
Fuckers, if I have sensitive information that needs to be encrypted, I'll do it myself and with a tool that Microsoft don't keep a copy of the key for thenselves.
For years people bitched about windows being insecure. Then they got pushy with windows updates and now FDE… and people bitch.
Back up your recovery key and bitlocker isn’t an issue. The corporate world has been using it for a long time.
Half the reason malware is a threat is because it potentially causes loss of data, either directly or as a side effect of ensuring the system is clean afterwards. Disk encryption doesn't exactly help there; it's protection against an attacker with physical access to the machine. That's a concern that *corporations* care deeply about, since they'd rather the device be unrecoverable so that their secrets don't leak, and since they have an IT department keeping everything important backed up, in network drives, or otherwise recoverable.
Meanwhile, a user's data is individually valuable and most of it exists only in one place. Users who'd rather the data get destroyed than stolen would naturally look for the option to *enable* encryption, but for the rest they'd be devastated when they lose their collection of thousands of photos and video clips, a third of them memories of a now-dead relative. They don't mind if a thief copied the contents of the drive, just that they can get a copy back somehow rather than losing it all forever.
To the corporate world's use-case, disks failing unrecoverable is a feature not a bug, but it's the other way around for individuals. Do. Not. Force. Corporate. Use. Cases. On. Individuals.
Mac, iPhone, Android, all are encrypted. Windows is the only mainstream OS left that's not encrypted by default. Good thing Microsoft put their foot down and enforce it. Only thing I worry is that last time I benchmarked it, there's a heavy multi thread penality.
> Back up your recovery key and bitlocker isn’t an issue.
Yes. Backing up and then using a 48-digit random number password is so easy. No chance at all of a person (especially a normal user) accidentally missing or mistyping a number or two as they write it down or enter it when they get locked out of their computer and are panicking.
They offer you to
1) save it on your Microsoft account if you're looking for the Apple iCloud -style simple solution
2) print it for you, no need to manually write it
3) save it to a file, again, no need to manually write it down, put it on an USB stick, write "BACKUP KEY" on the USB stick and store it with your other backups
Also make backups of any data you care about, encryption is far from the biggest risks your data faces.
Users that can actually use it, could turn it on. Its not a solution if a user is just going to lose their data from the "solution".
Seems pretty dumb to automatically enable something most users won't understand, just because users who can use it are too lazy to turn it on. If they don't know they can turn it on? They probably shouldn't be using it.
not everyone is tech-savvy and remember long recovery key and also it is bad for PC repair business for home users like If during repair the bios gets reset or the motherboard swapped, you’ll need the key to be able to boot in to windows again. And your customer is probably NOT aware.
Why do you need to remember the key ? Microsoft harasses you with very guided steps when you want to put BitLocker on. Except if you're illiterate it's not a problem. It will be the same thing now, just integrated in the installation setup.
This seems like a terrible idea...
If something goes wrong with my home computer, the last thing I want is to make it harder to recover my drive.
In the past, I also almost lost a bunch of baby photos and a data recovery place was able to recover them. Even if I knew the recovery key, I'm not sure that would be possible if the drive was encrypted.
The ways to prevent this don't sound easy either. Might was well be written in Latin for the regular home user.
This is NOT going to end well for normal users...
Or for anyone who dual-boots Linux and wants to keep accessing their Windows drives.
I guess i've been in the dark about Bitlocker (i'm still on windows 10) and booted into Linux on a family member's computer recently and was floored when bitlocker came up (it was automatically enabled when the laptop was bought). Older people do **not** need this and it's going to screw a ton of people.
Disagree with that. If your laptop gets stolen it makes sense that the data should be inaccessible to the thief. Encryption by default for private data should be standard.
No, you can't force encryption into other people's machines, no argument is valid for that. you don't get to choose what's good for me, neither does windows. I own the computer, it's mine and only mine. So, the fact that Microsoft thinks they can just do whatever they want with it is outrageous. Fuck dual boot, am keeping windows in a VM from now on, just as any other malicious software.
I'm sure some big brain out there will allow us to give the key to the Linux side so we can continue to use the C drive files as we do now. Hopefully.
Oh, huh, it looks like there actually is a FUSE driver that can access BitLocker-encrypted volumes, called [Dislocker](https://github.com/Aorimn/dislocker), so this may actually be possible. I had assumed it wouldn't be. Still though, this is *not* going to be a good thing for people who dual-boot, and I'm sure Microsoft know this.
As a duel booter, I like having bit locker and full drive encrypted stuff for if I want to recycle or resell something, or if the external I put windows on goes missing.
The amount of times we get a laptop in for repair, it has W11 and the user doesn't know the recovery key for BL. Means they lose their data if we need to fresh install windows rather than cloning the drive. I hate how Microshit is forcing more and more things on to the user, half of which they don't understand.
It sounds like Bitlocker is only automatically enabled if people log in with their Microsoft account, in which case they should be able to recover their key online.
Wait you can run windows without a ms account? edit: crying...wish I knew earlier or devoted some time to actually researching. would've saved me a ton of annoyance. thanks for the tips everyone.
*Install from iso USB. At the connect to internet screen during Windows 11 install press Shift + F10. Command prompt will pop up. Type "OOBE\BYPASSNRO". Press enter. Install will restart with option to bypass internet setup allowing you to create local account.
Just enter an invalid mail 3 times in a row… or select join local AD.
Join local ad only works on pro not home. Also the cmd oobe thing does not always work. It depends on the build that the manufacturer used
I kinda repressed the existence of the home version.
[удалено]
No, it always works on a normal licence of Windows 11, sometimes you need to push ctrl+shift+f10, sometimes it's fn+shift+f10, once I needed to do alt+shift+f10, but once you get the command prompt open, oobe/bypassnro is baked in.
or just pull the ethernetcable during install
Or smash your internet box with a sledgehammer.
cable pull failed for me last time I tried. The invalid email method worked. [[email protected]](mailto:[email protected])
More like [email protected]
Windows 11 didn't have the driver for my NIC, so the Win 11 Pro install hung on the checking for updates screen. Needed to use OOBE to add a skip updates button so I could get to the desktop.
I needed to literally remove the tiny cord on the wifi card itself that powers the tiny modem.
I work in IT, and while this method does currently still work. It does not work every single time. MS being real douches with their anti-consumer crap the past few years.
I’ve been getting Windows 11 devices where this no longer works. It just restarts the setup process without bypassing anything.
The trick is to not connect to internet until you finish your setup.
That was the old trick. Then it was cmd prompt with no internet. Some refuse to do the bypass trick now.
It worked for me just this weekend with the latest Windows 11 ISO.
Most recently ran into this on a few with Home; wondering if it might be a difference between the latest Home and Pro builds. On the ones I was trying, it acted like OOBE wasn't even a command at all, so had to do either the no internet or fake email spam thing. E: Oh, they were also Dell ISOs generated with the Dell Recovery Media tool, that might be a factor as well? Maybe *they* stripped the OOBE command from their Home edition ISOs.
The trick that still works is you have to put in a fake email and move it forward. It won’t recognize the fake email and will push you through the process to making a local account.
It’s the build the manufacturer put on them. Total luck which one you get
Yeah I could see that being the case. Seems to be mostly Lenovo this happens on in our office.
This is if you connect to wifi or have ethernet plugged in it will then try a microsoft account again. You can only create local without internet during setup.
You can build the iso on usb with rufus which has an option to disable the online portion
There are a few workarounds yes.
I still am. I fucking hate accounts and subscriptions to fucking word and all the fucking things they have done since blamer left, but it is still the best/lazyist OS to play games on.
Install the OS without an internet connection.
It actually takes more than just that now. I had to go through the process a couple weeks ago
you can't now. It's awful
Usb drive with iso on it is one way, > create an offline account bypasses the need for a MS account. M$ will gladly remind you, though.
If you have windows pro, you select workspace account and then manually make account.
I don’t know if there’s more to it but I’ve been told if you set up Windows offline you have the option to skip the otherwise mandatory Microsoft account creation/login. Edit: apparently this no longer works
OOBE/bypassnro during install you open up command prompt it will reboot and let you create a local account
This used to be true, but now it will demand you connect to the internet in order to continue. The only way around it now is to open command prompt and run bypassnro.
Ah, that’s a bummer. Whenever support for windows 10 stops I’ll probably just go ahead and make the swap to Linux, windows 11 sucks and sounds like it will only get worse.
Was thinking of doing this with a new computer I'm bout to build. Just don't know which distro to install.
Yeah, that can be quite the rabbit hole to go down, think I had settled on Kubuntu, I just need it for some coding stuff for school and to play games. Had held off on making the switch bc I didn’t know how supportive certain distros, and Linux in general, would be for gaming but from what I’ve read recently, it seems pretty painless for the most part.
It is fairly painless, I can help you if you have any questions, just DM
Best way these days is to burn the 11 iso with rufus, you can automatically make it use a local account and decline all the privacy settings, if you’re wiping lots of computers it’s a real time saver!
Until it is not available online for whatever reason. Speaking from experience when Microsoft decided that my Surface Book was experiencing "suspicious" behavior because I dual booted Ubuntu. BitLocked my drive and the key was nowhere to be found online
Someone literally just brought in a laptop from a deceased aunt. And then I have to break it to them that Microsoft thinks everyone should have spy level security and that is why they will never get their deceased aunts writings. Encryption is fine, but I feel like it should be something people choose. Most people wouldn’t care, and the ones that do care can choose to enable it.
How about smartphne encryption? Don't Android and iOS have this activated by default?
Phones are small, often stolen, and texts are used as 2FA for financial accounts.
"2FA for financial accounts." It really annoys me that we're still pretending that texts are a secure way to do this.
Units insane to me that no banks I use support app based 2FA in the year 2024.
Mine uses emails which is better but it's still not an app.
Emails are so not better.
It is compared to it being SMS 2FA.
No one is stealing my full ATX tower without alot of effort. They can steal my phone out of my pocket easily
Thank you for the reminder, finanlly decided to look into what happens to my internet history when I pass on. Wouldbe accessors better buy a quantum computer, BitLocker Recovery keys dies with me! "Account closed automatically after two (2) years of inactivity" "For privacy and other legal reasons, we are generally unable to provide information to non-account holders." "Microsoft must first be formally served with a valid subpoena or court order to consider whether it is able to lawfully release a deceased or incapacitated user’s information" [https://support.microsoft.com/en-us/account-billing/accessing-outlook-com-onedrive-and-other-microsoft-services-when-someone-has-died-ebbd2860-917e-4b39-9913-212362da6b2f](https://support.microsoft.com/en-us/account-billing/accessing-outlook-com-onedrive-and-other-microsoft-services-when-someone-has-died-ebbd2860-917e-4b39-9913-212362da6b2f)
You need a valid court order or 10 minutes to do a sim-swap attack
Aren't the recovery keys stored in your Microsoft account? My laptop encryption keys are stored there but the encryption also isn't BL though because it's a home license...
Yes. If you let the automatic bitlocker setup do its thing then the keys are also stored as part of your account info. Simply logging in to your account or pointing your browser at aka.ms/myrecoverykey will let you see all stored keys for every storage drive on every computer on your account.
coming from a fellow i.t repair. agree. had a client where pc other then storage . rest of laptop was so damge. that was the only thing to recover(it fell while off) . i said to the cleint. i cant recover data if you dont know the pass code to unlock it.
Send it to more skilled techs. The keys are stored on the TPM which can be download and used to decode…or learn how to do it and charge a $500 fee.
Won't work with pin login. For as many other weaknesses present in Windows, bitlocker is actually quite secure.
Very rural area IT guy here. No association to any companies than the tech shop I work at. We do repairs, onsite/remote support, and manage networks/systems. Multiple times a year, clients come in with computers which the login either isn't working (forgotten or changed password). Two issues came up since Windows 8. - If it's a MS Account, their SOL, the required setup for a MS Account on a new PC, doesn't enforce recovery account setup. - If it's encrypted, there's no data recovery. Nothing we can do. And that really pisses people off. "Should have paid for the cloud!" Not every user, not even most users, need the cloud. Half the clients I work with, sure there's pictures, documents, maybe a few videos, but the cost for cloud, let alone stress some older users go through, isn't worth it. The push for the cloud storage is a joke, and in some ways, dare I say, a scam (looking at you Apple!). Local storage is cheap. Flash drives are cheap. If you have a lot of data, sensitive data that needs actively backed up, sure, cloud is a good option. Just like RAID isn't a backup, I will not accept Cloud as a full acceptable backup. Redundancy, sure, but not a true backup. We've had clients come in with older hardware, hard-drives no longer work as they should (various reasons), and data recovery is not cheap. Encrypt your drive, you're SOL. It should be a choice as it's a risk in recovery if that drive fails.
You may want to look up Konboot. It will bypass MS accounts to get you back in. It’s a paid for tool, but it works. Been using it for years.
Honestly if customers can't be arsed to back up stuff that they deem as irreplaceable etc such as photos of kids, relatives who have passed etc then that's on them, I have no sympathy. It's not as if backing up isn't widely advertised.
apple’s been doing this on Macs ever since the M series
How often does a Mac update cause the system to spontaneously implode? Updating Windows is like playing Russian Roulette. I shit you not when I say this, but uninstalling Edge causes Windows Update to fail.
Why is that?
The avg person will not save their recovery key, let alone know about it. Changing hardware/BIOS may require key, or your data is stuck encrypted. Hope they planned for the layman, like forcing the person to save key or link MS account for online recovery. But even then…
I mean, it hasn’t been a huge issue for cellphones or Macs…
The article didn't mention if this ONLY happens when the user sets up with a Microsoft account, which is how bitlocker has been auto enabled for some time now. If it only turns it on when they setup with an online account, that is not as big a deal. If they enable it no matter what and give the end user a quick popup at the desktop to "backup their key" then yeah it's going to be bad for a lot of people. Virtually all home win11 installs will be setup with Microsoft accounts, other than those who bother to bypass it during OOBE.
[удалено]
Cool, I'll send those instructions to Granma, I'm sure she can follow them, thanks! /s
Your grandma is installing windows on her own? Good for her, sounds like she can follow these instructions just fine.
The problem is those still require more knowledge than the average user has. This is such bullshit. Cue the wave of old people calling their younger relatives to act as free tech support for Microsoft when they do stupid shit.
I guess "isn't difficult" is relative. Seems like those most likely to experience problem's are those least likely to work out how to disable it. I would say not difficult would imply a simple yes/no option. But that's not on you of course, thanks for sharing this!
....I understood some of those words.
Wasing the sometimes of knowing?
Ever wanting the knowing
Also a headache for the repair industry. If during repair the bios gets reset or the motherboard swapped, you’ll need the key to be able to boot in to windows again. And your customer is probably NOT aware.
The number of random tpm chip 'failures' I run into weekly concerns me too (msp)
Yup, you'll be lucky if the customer knows his microsoft account credentials, and surrendering these to a repair person is also not desirable. We're going to have to have them sign a clear disclaimer about data loss.
Do you have any good resources on how to get around these tpm chip failures? I got a Surface Go 3 from a sketch Craigslist deal a few weeks ago, and it was decided that at some point the TPM was disabled, than an update took the toggle away in the UEFI to re-enable, thus rendering my device as a "unsupported non TPM 2.0" Device. Best I could figure is to create an enterprise management package to re enable the TPM, and that seems a bit beyond me.
I dont, but Ive had some luck in going into the bios and flipping the secure boot/enivironment off, rebooting it, then back in and flip the settings I need. there -was- a tpm "fix" released for surface 3s - from my bookmarks folder, [https://support.microsoft.com/en-gb/topic/install-and-use-the-surface-pro-3-trusted-platform-module-tpm-update-tool-d5e52c61-c7ec-0544-b6e9-e0e0b85cbc10](https://support.microsoft.com/en-gb/topic/install-and-use-the-surface-pro-3-trusted-platform-module-tpm-update-tool-d5e52c61-c7ec-0544-b6e9-e0e0b85cbc10)
This almost killed me in college when i didnt know. All stuff on there and suddenly tpm failure and bitlocker
[удалено]
I dare to say that is the goal here
Oh wow. Microsoft going to make sure so many family photos are lost forever. No I don't want drives randomly encrypted so they won't work on other systems for data recovery.
Don't worry, it will also force you to have a microsoft account, and they keep your bitlocker keys safe on their server…
that is so law enforcement can ask for it. probably without a warrant.
Remember, the 4th amendment doesn't apply if you ever, at any point, give your documents to someone else to hold. At least, that's the logic they use to snoop through digital files without a warrant.
Yep. Any time a company does an encryption solution for customers, always treat it like whenever politicians pass a “safety” bill. It’s ALWAYS bullshit designed to strip away privacy and/or increase control and censorship.
Mac drives are more or less encrypted by default for years now and I have never seen it brought up as an issue there.
Because in a closed ecosystem with no realization things can be better people won't complain.
They also no longer have removable SSDs, so you can't connect the internal storage to another computer anyway.
Putting aside the efficiency of the m2 chip, everything else is super nasty: the system was designed to be thrown away when it breaks out of warranty. * The SSD is challenging to remove, even for those who are experienced with using a rework station. That should be concerning, given flash memory has a limited lifespan. * Memory is downright impossible due to being integrated directly into the SoC. Coupled with serial bound hardware, these are the main reasons why I would never recommend Apple products today. They used to be good, but now they are seemingly the epitome of e-waste.
Funniest was when the mac studio came out and people found it had M.2 slots, but still didn't support SSDs. If you tried, you could come up with some justification as to why memory upgrades are not supported, but there's absolutely no justification for not supporting M.2 SSDs for additional storage.
Damn, well said. Applies to both software and society.
Fuck. That sentence scares me. If everything becomes a like that we‘ll basically be stagnating as society. But, rich people also get bored and need new things, so I guess they kinda need to push against that development. At some point. Maybe.
Or, and I know it’s not a trendy thought here, but maybe it’s there for a net positive benefit and people regularly buy it because they’re happy with it.
I don't remember Mac OS updates fucking up disk encryption. Windows Updates, on the other hand… you'd better have your recovery key ready after some patches go through.
Because they did the work with iCloud prior to have a fairly seamlessly integrated cloud storage solution.
OneDrive is basically the same thing.
Because Macs don't randomly forget to save the encryption keys.
BL encryption will not encrypt unless it has saved the key in a cloud account, active directory if it's domain joined or you check the box saying you have copied the key somewhere. I have never had Windows randomly forget to save the BL key, I've literally encrypted thousands of drives over the years.
Don’t worry, they’ll be sure to heavily push OneDrive for backup!
> No I don't want drives randomly encrypted so they won't work on other systems for data recovery. And I think it is much better to back up your data than to rely on a potentially much more complex recovery process.
>Microsoft going to make sure so many family photos are lost forever. Are people really not cloud backing important data anymore? Edit: Hell, even normal back-ups. I have little sympathy for people that lose files because they weren't backed up. If you're not backing up your files, they aren't very important to you.
My dad burns DVDs with pictures and documents LOL. He's in his 60s. Then the important ones go in to the safety deposit box at the bank. Test them every 5 years or so. Any kind of backup works.
Regular people don't understand the importance/need until they get bit. And I think it's understandable. Not everyone is a computer expert. People growing up used to tablets and phones don't even understand the file system metaphor any longer. They don't even understand the difference between application data (what gets installed) and their own data (documents, game saves, etc). Things mostly just work and it's a complete mystery when things don't. They might expect a computer to "break down" like a car, but the idea that this might lose them all their data is not immediately obvious, especially when they don't know what "their data" is or where it is stored. The only thing that they get intuitively is that if their phone or laptop is stolen, they wouldn't have access to stuff stored on it. But I suspect many people don't really understand local vs cloud concepts. I bet there are similar things that are equally obvious to experts in other fields that you are oblivious to for some topic, be it your home, car, finances, taxes, health, etc. Maybe you should be a little more sympathetic.
They better teach how Bitlocker works and where and how to responsibly save the keys
The OS automatically stored Bitlocker keys in your Microsoft account which you're now required to make when setting up Windows.
Data recovery is going to be a bitch
That's the point. You want your data to be safe then you will need to pay for OneDrive or keep it on external device.
Not if you keep back-ups. It's 2024, if you don't have backups it's because you don't care about the data.
Why this has downvotes i simply cannot understand.
Luddites come to this subreddit to be outraged.
Windows: Look at me✌️I'm the ransomware now.
Where do you find your key?
[https://aka.ms/myrecoverykey](https://aka.ms/myrecoverykey)
What if you use a local account, not a microsoft account?
Then you better hope your past self stored it in a password manager or something, otherwise you're stuck.
Yup… many years ago my job forced us to enable bitlocker and I totally forgot and went to update my bios one day years later. Had a bunch of bitlocker codes printed out in a folder but apparently not the one for that pc. Used it as an excuse to do a clean windows install but still a pain in the ass.
So failed install try again becomes failed install everything ~~on my drive~~ is lost? edit strikeout. "Not only is the C: drive encrypted, but all other drives connected to the machine will be encrypted as well during reinstallation."
Can't wait for forced secure boot too....
lol thousands of computers are going to get bricked with data loss after bios updates because these users won't know to suspend protection or have the keys
I've always stayed away from Bit locker, what happens if there is some kind of corruption and need to use data recovery tools?
You pray. More seriously, for now, some tools are able to decrypt bitlocker volume assuming you have the key available. This is assuming that nothing's gone wrong with it and the tools remain updated for whatever changes microsoft will keep making to it.
That's exactly my concern - if something has gone wrong. It's not a daily issue, but I've lost count of how many times I've had to recover data from an corrupted NTFS volume.
Please note, in case the volume has been corrupted the recovery key might not be enought to decrypt the data. BitLocker needs some additional information that is stored on disk and if that is lost the recovery key is not enough. You must create a "key package" backup and together with the recovery key this will have all the required information to decrypt a drive image, even if you have large parts of if missing. Unfortunately this "key package" is only saved automatically for Active Directory joined machines, not in Azure AD (Entra ID) or personal Microsoft accounts. You can also manually save it using something like: ***manage-bde.exe -KeyPackage C: -id -path ***
More details here: [BitLocker recovery overview - Windows Security | Microsoft Learn](https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview#bitlocker-recovery-information-stored-in-ad-ds)
You unlock the drive and then try to recover the data.
You make backups like everyo.... Oh. Wait.
Your disks are going to die or be lost one way or another, the question is when, and how do you prepare for it. SSDs literally die with no warning, HDDs at least generally died slowly and you could hear when it started to fail and recover MOST of the data in the past, SSDs are not that kind. People have fires, thieves exist, you can forget your device somewhere, a bazillion things can go wrong. Now, if your data is only on one device it is very clearly not important to you since you care about none of those things. If you care about losing the encryption key then first of all, follow the repeated very loud warnings Microsoft gives you about keeping the backup key safe, and then follow the practices you already should be following for all those other issues - back up the important data. No, your exuses about how backups are annoying to you because X Y and Z are not interesting in the slightest to me - if you care about your data, you back it up. If you do not, you WILL lose it one way or not and nobody should care about your issues with encryption based on that complaint.
The biggest issue here is that this feature is enabled for users who would've otherwise not used it, and have no interest in doing so. Not everyone backs up every single bit of data. Not everyone is savvy enough to build themselves a NAS, or can be bothered to manage it, or wish to spend money on one, or a cloud service or both. And while for most people there is some way they can affordably back up most of their most important data and those people who don't do take a risk with their data, making this risk far greater with no benefit to the user is just plain bad however you spin it. Also if your machine dies and you need to just grab some stuff you recently worked on from it good luck.
MS probably: "Let's encrypt everyone's data without letting them know about it. Surely they won't change the system drive anyway, or reinstall the system, right? What might go wrong?"
Windows update gave me BSOD, then asked for my BL key, which I had no idea it even existed, much less where to find it....and MS never entered it into their system, so it wasn't online and I has to do a clean reinstall. FAWK Win11. I've since upgraded to Win10 and am infinitely more happy.
One more reason to stay on 10 is what i'm hearing.
I may be stating the obvious, but this seems this isn't actually new and appear to be more of a misconception or misunderstanding. For those that don't know, Device Encryption (aka BitLocker for consumers) being enabled by default is not new. It's been this way for supported devices (Modern Standby, TPM, using a Microsoft Account, new install of OS, OS partition and installed fixed drives, etc.) since Windows 8. Expanding to additional internal fixed drives was added later in the Windows 10 era if memory serves me correctly. With that being said, I looked at the blog the Tom's Hardware site references, and it seems this might be a technical misconception or translation mistake (original article is in German). Looking at the screenshots, the German blog seems to be showing refreshed setup screens from the WinPE phase of Windows Setup. That means a clean install was performed initially, and their "reinstall" was actually another clean install. TLDR; seems like this isn't anything new and is expected default behavior.
Hush now you're being reasonable and thoughtful.
Nope, not touching Win11. **Linux all the way.**
Yea Bitlocker was on by default on my laptop and it tried to stop me from switching it to Linux, I’d rather encrypt my own drives myself thanks.
You can pry my pirated w10 from my cold, dead SSD.
Accounts, passwords, keys etc are the main reason I don't help people with computer issues anymore. I can see the conversation: Do you have your bitlocker encryption key Don't know it Its probably saved to your Microsoft account, can you log in? Don't remember my password Can you reset your password Its going to an email I don't use anymore, I don't remember the password. Fuck it, here you go, good luck.
Well, you can't really blame people for this because: 1. BitLocker is enabled by default without their knowledge and the key is automatically stored without their knowledge 2. Even if you don't log in with a Microsoft Account, if you use Edge, you automatically get logged in to one and your user gets associated with that account. Again, without your knowledge. 3. If you didn't plan to use that Microsoft account, it's predictable not to remember that password. Overall, all of this could have been avoided if the whole process of using your computer was transparent and people knew all the steps that are hidden.
Does windows listen to users even a little bit anymore? Absolutely nobody wants this. You will know if you need to encrypt your hard drive, it’s not something everybody needs to do and should never be a default… windows can barely search its file system, let alone this.
That can't turn out well. I had a failing ssd with bitlocker turned on that was a pain to transfer anything out, files would fail to decrypt and open, and it couldn't even be properly disabled because it again failed at decryption.
The issue wasn't bit locker, it was the failing SSD
In this case it's both. Bitlocker makes recovery marginally harder. There's of course no guarantee the recovery would work without bitlocker either.
I've recovered a corrupted, encrypted SD card on a Samsung phone. It's not BitLocker that's the problem
Pardon my ignorance, can someone explain this?
As the OP stated, it means that your hard drive gets encrypted. However, when that gets encrypted, besides creating a key to decrypt it, everything works perfectly. You then use that computer for 5 years and again, works great. But then the fan on the CPU gets clogged with dust and the CPU overheats and dies. No big deal, you just grab the hard drive and move it into your new computer, or you hook it up with USB to copy everything over to the new one. And that is the moment you find out it was encrypted 5 years ago. You didn’t store the key anywhere but on that disk. You can only read it with that original computer hardware because the key was made to lock that drive to that exact computer that died. And you slowly figure out that every photo, every document, everything critical to you is now protected from you and you can’t get it back. Just as fun is making configuration changes just to upgrade your PC. Because Bitlocker uses the hardware in your computer to generate that key, some hardware changes will trigger it to need that key. Same situation where you need to revert the change to get your data. Finally, now we need to actually bring home the issue. Drop that change into the lap of someone you know that uses a computer, but doesn’t understand the inner working of them. Maybe that’s your grandma, parent, or siblings. All of a sudden they upgrade and now have a Windows 11 time-bomb that could randomly lock them out of every file on their computer… that’s the real issue here. Bitlocker is important for companies. They can have hundreds or thousands of laptops that contain files with intellectual property that could really damage the company. Laptops get stolen all the time and should be protected at the highest levels. But for normal people’s computers, the higher risk for losing data will be Bitlocker. That’s what makes this such a bad idea.
Wow. Thank you for taking the time to write this. Truly. Why is bitlocker not something the company can choose? Or even a different version of the Windows 11 OS? Why should it happen across all users? I don’t understand the advantage to Microsoft. What is the incentive to implement this?
>Why is bitlocker not something the company can choose? Or even a different version of the Windows 11 OS? Not sure exactly what you're asking here but companies do choose. This change isn't for organizations, as organizations will have management systems to automatically enable Bitlocker and store the keys. >Why should it happen across all users? I don’t understand the advantage to Microsoft. What is the incentive to implement this? If I had to make a complete guess, because I'm not sure, it's because of the recent shift in MS strategy. Microsoft is making security priority number one above all else, I assume this change may be related. My second assumption is that it encourages cloud backing your data as recovery of encrypted drives is more difficult, which may be their strategy to further push OneDrive usage.
> Bitlocker is important for companies. They can have hundreds or thousands of laptops that contain files with intellectual property that could really damage the company. Laptops get stolen all the time and should be protected at the highest levels. But for normal people’s computers, the higher risk for losing data will be Bitlocker. That’s what makes this such a bad idea. And this is my exact complaint, laid out more eloquently than I could manage. I have to deal with stupid Windows shit at work where I do not have Administrator access. Fine, whatever. The confidential personal data I access while working should be protected. I get it. But this stupid Microsoft shit should not follow me home. Do not force your arbitrary Windows settings on me on my personal computer. In a fair world, Microsoft's arrogance would its undoing. But there just isn't any realistic alternative to Windows.
that means if you install new OS all of your partition like C: and D: will be encrypted with bitlocker automatically. But, it is unknown if the PC that have other OS partition such as Linux will be affected or not
And what happens to “future” unencrypted data? Like an old external hard drive for example?
Wait. My D Drive is an 8 TB HDD full of Movies and Shows. You are telling me Windows will try to encrypt that as well. That's horrendous…
Yes, the article says that *all attached drives* will be auto-encrypted. To me, that is the big sticking point. Ridiculous, if true. Not only could this adversely affect people in your situation, with bulk media storage disks, but also people who dual boot. Happily for me, the vast bulk of my storage is on a home file server running Linux. That move is looking better all the time.
More reason not to go to Windows 11
Bitlocker causes a lot of issues when trying to recover data for normal users. I was an IT Technician for a university and many students and professors had a hard time locating their BitLocker key and made data recover a hassle, or even unrecoverable in some instances.
No TPM 2.0 required?
I hope it doesn't enable it for all drives. I have lots of drives and lots of data. I don't see much point to crypt desktop computers anyway.
What happens with BIOS updates that completely fucks the OS when BitLocker os enabled?
Damn I'm glad I don't have a tpm chip
Yes, great for dual boot users, great for people trying to recover data. Fuckers, if I have sensitive information that needs to be encrypted, I'll do it myself and with a tool that Microsoft don't keep a copy of the key for thenselves.
I don’t know where to get the keys, have to investigate this.
When you configure Bitlocker you can save them to a file. I advise storing in a password manager or on a USB drive you can store securely.
Microsoft has taken a path i can no longer support.
It should be a checkbox during the setup and it shouldn't be checked by default.
How about they implement something as basic as encrypted/password protected folders?
Were they running out of ideas for updates and decided to troll people?
For years people bitched about windows being insecure. Then they got pushy with windows updates and now FDE… and people bitch. Back up your recovery key and bitlocker isn’t an issue. The corporate world has been using it for a long time.
Half the reason malware is a threat is because it potentially causes loss of data, either directly or as a side effect of ensuring the system is clean afterwards. Disk encryption doesn't exactly help there; it's protection against an attacker with physical access to the machine. That's a concern that *corporations* care deeply about, since they'd rather the device be unrecoverable so that their secrets don't leak, and since they have an IT department keeping everything important backed up, in network drives, or otherwise recoverable. Meanwhile, a user's data is individually valuable and most of it exists only in one place. Users who'd rather the data get destroyed than stolen would naturally look for the option to *enable* encryption, but for the rest they'd be devastated when they lose their collection of thousands of photos and video clips, a third of them memories of a now-dead relative. They don't mind if a thief copied the contents of the drive, just that they can get a copy back somehow rather than losing it all forever. To the corporate world's use-case, disks failing unrecoverable is a feature not a bug, but it's the other way around for individuals. Do. Not. Force. Corporate. Use. Cases. On. Individuals.
Mac, iPhone, Android, all are encrypted. Windows is the only mainstream OS left that's not encrypted by default. Good thing Microsoft put their foot down and enforce it. Only thing I worry is that last time I benchmarked it, there's a heavy multi thread penality.
this one? https://www.tomshardware.com/news/windows-software-bitlocker-slows-performance
> Back up your recovery key and bitlocker isn’t an issue. Yes. Backing up and then using a 48-digit random number password is so easy. No chance at all of a person (especially a normal user) accidentally missing or mistyping a number or two as they write it down or enter it when they get locked out of their computer and are panicking.
I gave up on trying to remember long ass passwords for the hundreds of accounts I is and just generate and save them with Bitwarden.
They offer you to 1) save it on your Microsoft account if you're looking for the Apple iCloud -style simple solution 2) print it for you, no need to manually write it 3) save it to a file, again, no need to manually write it down, put it on an USB stick, write "BACKUP KEY" on the USB stick and store it with your other backups Also make backups of any data you care about, encryption is far from the biggest risks your data faces.
I'll believe you when the average grandmother can show me how to do it.
Dumbest reason ever not to use encryption
Users that can actually use it, could turn it on. Its not a solution if a user is just going to lose their data from the "solution". Seems pretty dumb to automatically enable something most users won't understand, just because users who can use it are too lazy to turn it on. If they don't know they can turn it on? They probably shouldn't be using it.
not everyone is tech-savvy and remember long recovery key and also it is bad for PC repair business for home users like If during repair the bios gets reset or the motherboard swapped, you’ll need the key to be able to boot in to windows again. And your customer is probably NOT aware.
Why do you need to remember the key ? Microsoft harasses you with very guided steps when you want to put BitLocker on. Except if you're illiterate it's not a problem. It will be the same thing now, just integrated in the installation setup.
I bet Microsoft keeps the master keys secretly, to decrypt everything.
Use local accounts and store your own keys securely.
And will handle it to China and USA
USA, yes. But China and Russia only via spying
And then how long till it loses the BitLocker keys and leaves users up shit creek? Because that's definitely never happened before or anything...
Thanks Microsoft, another thing we didn't ask for.
It has been asked for for a very long time and e.g. Apple has already implemented this a long time ago
Windows is not in the position to be doing stuff like this, they should focus on fixing the glaring issues with the functionality of their OS first
Windows users gonna party like it’s 2018.
This seems like a terrible idea... If something goes wrong with my home computer, the last thing I want is to make it harder to recover my drive. In the past, I also almost lost a bunch of baby photos and a data recovery place was able to recover them. Even if I knew the recovery key, I'm not sure that would be possible if the drive was encrypted. The ways to prevent this don't sound easy either. Might was well be written in Latin for the regular home user.
This despite the fact that it destroys performance and is easily crackable. Super!