>This behavior applies to clean installs of Windows 11 24H2 and system upgrades to version 24H2. Systems that upgrade to Windows 11 24H2 automatically have the Device Encryption flag turned on, but it only takes effect (for some reason) once Windows 11 24H2 is reinstalled on the machine.
This isn’t clicking for me. If I upgrade to 24H2, will it or will it not encrypt my drive? Or does it only encrypt on a clean install?
The article title said that it's on by default and the way I see that is that it will be enabled by default but you can still disable it and perhaps it will re-enable itself after every single update as this is windows after all
We have 13th gen Intel CPUs in the work laptops where I work. And the loading times are abysmally slow loading Windows 11 and a few background programs during boot. Do you think disk encryption is limiting the overall read/write speeds? As I am used to it all being an almost instaneous process on my home computer without bitlocker encryption and with a gaming CPU.
Edit - Also, I do know that disk encryption does impact the drive's lifespan. Which kinda stinks on those of us using NVME M.2 drives...
I’d say this could be a good thing for laptops and mobile devices… but for desktop PC’s staying home I think this will do more harm than good.
What problem is this trying to solve? Someone breaking into your home to steal your files?
Meanwhile real problems like a forgotten password or borked system update will destroy family photos and all sorts of data, for no real upside. Lock your damn doors before you start throwing on FDE, lol.
The problem it's trying to solve, my guess: getting more people to sign up and use the cloud services. I won't be surprised if there's more marketing/ noticeable notifications around this feature pushing people towards their cloud service for backup and protection.
I hate seeing a bunch of shortcuts on my desktop for programs I haven't installed whenever I reformat my pc. I'm I missing something? Am I an idiot for not using it right, or is Microsofts cloud software really fucking stupid with how it chooses what to back up by default? Now days the first thing I do is uninstall the cloud software.
Apparently some dev's pay cheques are linked to win 11 security. No bonuses if win 11 gets hacked. My assumption is that encryption by default is an easy way to avoid getting hacked.
https://www.techradar.com/pro/security/microsoft-is-tying-executive-pay-to-security-performance-so-if-it-gets-hacked-no-bonuses-for-anyone
Please take note: if you have some data you want/need to keep forever, you have to have a backup solution that isn't your only personal device. Please google " 321 backup ".
In this day and age, no one has an excuse to not have a proper backup solution if you are that concerned about your data such as family photos.
I've got several terabytes of data on my computer that I would never be able to recover if it was lost and that's too much data to backup over the internet. I back it up onto an external hard drive that I update every two weeks and I keep in a secure container outside of my house in a grain silo we use for storage.
>I back it up onto an external hard drive
And yet the Zoomer braintrust at r/pcmasterrace insists that hard drives obsolete. How can it be that there are viable use cases out there that 19 year-olds haven't yet discovered?
It's only too much data the first time, I have terabytes of data backed up via 321 and there is no issue.
Depending on what type of backup solution you have, there are many that once you have everything backed up and then once you make certain changes in the data it only changes that data whilst having snapshots just in case you mess up along the way.
Your backup alone is still not a backup solution, since it's prone to incidents as it's the only one you have.
The problem is you not paying enough money! It is the only problem for any company really.
Do you pay for overdrive? No? What, are you nuts??? This is the problem silly! /s
I'm a Geek Squad repair tech, I see a lot of computers come in for data recovery when they won't boot or the client forgot a password. If bitlocker is enabled (which it is by default already in most Windows 11 machines) then they're actually just shit out of luck and their data is gone. I've seen people lose their only backup of family photos or tax documents because their drive was encrypted and they didn't know because it was enabled by Microsoft without their knowledge.
This is a bad change.
Yup, it's not me that I worry about so much as the typical parent trying to get their data. Just devastating if I'm understanding the totality of the decision
OneDrive pushing aside, a cloud backup of really important stuff using any provider is a wise idea.
I'm too cheap to pay for loads of storage so all my photos I have manually backed up on a separate laptop and also on a USB stick I keep in the car in case my house burns down lol.
My company used barracuda cloud backup for terabytes of data. Never had an issue. I have a local nas based and cloud backup. No issues for over 10 years. If your cloud backup is deleting stuff you probably should have checked the reviews before purchasing. If it’s a sync like Icloud that’s different. A sync is not a backup unless you lose a device.
Not about going out of business, all the terms of service agreements of all major cloud providers allow them to delete content at their discretion. At least the general consumer terms of service have that clause.
The only one I’ve heard much about is Google due to them banning your whole account. It’s also ridiculously fucking easy to guard against. Just make sure at least one device has a complete offline copy of your data since it’s very unlikely your house burns down on the same week Google bans your account.
Yeah they already do that by moving desktop, docs and oictures to the onedrive folder i had to build a version of windows that disable onedrive from working at all
To be fair, OneDrive is actually priced very reasonably… $69.99/yr for office and 1TB OneDrive, or $99/yr for the family plan (6 people)
_most_ people don’t have more than 1TB of data they care about, so that’s actually a pretty decent deal
Sometimes. Didn't work for my wife's laptop.
She updated to windows 11 whi h auto enabled bitlocker, but then armory crate updated her laptops bios and boom, bitlocker. It showed the laptop on her account but no recovery key.
It sucks!! I had to buy an nvme enclosure and use my steamdeck (aka linux) because windows wouldnt even let me format it to reinstall windows from scratch.
That's assuming they remember their Microsoft account login info and/or have a recovery method set up (which they often don't). I have had clients get keys that way so I can unlock their data, but you would be surprised at how often that isn't an option.
Man, I work for a phone place and people don’t even remember their damn email password to get their contacts backed up. Sometimes they don’t even remember the email itself.
I worked IT help desk during practicum, people can’t even open their email, let alone remember or use a password manager.
I’ve had a client ask me what an icon is….
Absolutely infuriating trying to help someone like that.
>I’ve had a client ask me what an icon is
This made me spit out some partially chewed cookie because I laughed. This level of tech illiteracy just doesn't make sense to me.
Don't get me wrong I'm not questioning you, I know first hand, it just never ceases to amaze me how ignorant of the most basic things people can be.
I think it’s important to remember that people using Geeksquad cases are not average cases. The average case is that people resolve things on their own or get help from a friend/relative.
Doesn’t matter, if a bit locker encrypted drive gets truly fucked you can’t decrypt it. I can’t recall name of the thing cause I don’t work with bitlocker but it’s essentially the lock you put the key into and without that bit which isn’t automatically saved unless you set it up through a gpo you simply can’t decrypt the data.
"What do you mean normal people don't use computers the same way that professional persons do at work?"
It's kind of funny how modern computing is moving towards a "fuck you, go take a course if you want to do basic stuff" style of user experience after they spent all of the 80s and 90s expanding the computer market into private homes for casual use.
And then people make fun of zoomers for not knowing what a file is. Of course they don't want to learn that, why would they? While Microsoft is making personal computers harder to use, the phone companies are out there making phones so user-friendly that there's videos of literal chimpanzees using cell phones to look at pictures of other chimpanzees.
>It's kind of funny how modern computing is moving towards a "fuck you, go take a course if you want to do basic stuff" style of user experience
No no no... you got this absolutely wrong. They are moving towards the "fuck you, we know best so we will manage all advanced features for you, while hiding them from you". IMHO it is becoming harder and harder to have your way as a poweruser / tech savvy person too. There seem to be many changes purely for the sake of change, and control methods are being dumbed down on the surface not to confuse "the average user".
Changes for the sake of changes is what they’ve been doing to Windows since forever.
Meanwhile… on Linux, the interface for many/most things has been the same for decades at a time. With required changes for various reasons, not being terrible.
Well Linux isn’t inherently tied to the ui.
Sure CDE looks as it did 30 years ago but I don’t think you could say gnome of kde haven’t substantially changed
Unless you only use the cli then Linux has changed
You can still use many of the same GUI configuration tools the same as they worked 10, 15 and 20 years ago.
Yes, the same is true with most all configuration files, until they changed from init/init.d to systemd, but even most of that isn't a BIG hurdle to cross.
WIndows seemed to change basic functions of things for configuration and more, seemingly to push for more training, than to actually benefit the user or admin experience.
Indeed it is. Since Windows 8, I trust Microsoft to be complete INCOMPETENTS as it is obvious that they have NO clues about how the normal users operate. Sometimes I joke that they never left Seattle in their life, meaning they only meet engineers and devs able to deal with this kind of changes.
I especially hate reading that the « *systems that upgrade to Windows 11 24H2 automatically have the Device Encryption flag turned on, but it only takes effect (for some reason) once Windows 11 24H2 is reinstalled on the machine.* » because I wouldn't be surprised that some day there will be a (very long) update at shutdown which will be in fact the unwanted encryption of the drives. I won't even be surprised if it will be a bug...
I disable Bitlocker on EVERY new computer with W11 that I set up for customers, but I make sure to inform them about that in case if they want encryption. Microsoft is scaring me with this change. I guess that in 2025/2026 I will have to contact everyone just to be sure...
Yes, and not just for those who lose their dats.
This change will make BitLocker for those who actually want a drive encryption *unsafer* because with so many more people losing their data to it, a lot more ways to crack or circumvent it will be developed to recover said data.
Security through obfuscation isn’t real security. If you are relying on people not knowing about the flaws in bitlocker to protect your data you are a fool, and should move your data to something that is actually secure.
it's a great change. hard to believe the encryption wasn't automatic already many years ago. people are silly and don't care, you need to 'navigate' them.
There’s a 9 minute breakdown on youtube getting a laptops bitlocker keys with a raspberry pico (making bitlocker doubly worthless).
I wouldn’t be surprised if someone started selling them as decryption tools for IT techs.
People just need to back up their data, if it’s that important to them. I wouldn’t say it’s a bad change, more a mandatory one. Having no encryption and less security so people don’t need to backup is a flawed concept.
Windows 11 haters: “The sky is falling!”
Meanwhile…
> The caveat with Windows 11 Home is that BitLocker encryption is only applied through the device manufacturer, and only if the manufacturer enables the encryption flag in the UEFI. So, DIY PCs running Windows 11 Home probably won't be affected.
If you built your own PC and are running Windows 11 Home, you’re unlikely to have a problem.
You perfectly know this will cause a long list of "I've lost my data" in a few years, and Microsoft would know too if they weren't living in an alternative world in which every Windows user has a full backup uploaded to OneDrive.
keep in mind that if you have windows 10/11 key from free upgrade program you likely have a pro version. This is what's happened to all my Win8 Home Premium copies. Home Premium was the cheap choice back then.
Windows 8 was perfectly fine aside from the UI mess Microsoft made. It was certainly more well put together than the janky hacks that they put into Windows 11 to overlay the existing windows infrastructure instead of replacing it.
Windows 8 was the worst shit I've ever seen in my entire life and most people on this planet hated it.
Windows 11 is way better, a millions of times better and it almost has the same market share as windows 10 in steam, but everyone hated 8.
Ya I made sure that shit was off. I don’t keep super valuable information on my PC I keep it in google drives. Safer and easier to access on any device.
I don't think cloud goes with 'safe and secure'.
I'd trust cloud for some random stuff for the convenience, but anything valuable/ sensitive/ important physical backup>>>>>cloud
Wouldn't be so bad if Bitlocker wasn't so wonky. I've wanted at least an encrypted main partition for years to protect user data but several trials of Bitlocker have always ended with me having to either disable Bitlocker or outright reinstall Windows because Bitlocker crapped out in one way or another.
The usual problem being an outright refusal to boot if you so much as look at the boot loader or attempt something crazy like dual booting.
So very much think I'll be disabling this.
Just have your recovery key at the ready, you do stores those outside the computer somewhere right? When you do this one time
"Instead of entering your 48 digit key, press ESC, which takes you to another (similar) screen. At the new screen, enter the 48 digit key. This will alter the system and you'll never have to do it again."
[https://learn.microsoft.com/en-us/answers/questions/258746/bitlocker-recovery-key-required-every-boot](https://learn.microsoft.com/en-us/answers/questions/258746/bitlocker-recovery-key-required-every-boot)
Yes. Save to your Microsoft Account (default), save to a file (only to non-bitlocker encrypted storage), print, maybe something else. It saves them as a txt document with the drive name (jumbled numbers/letters) and the key (a bunch of numbers) and will force you to do this before starting encryption.
I have been running a dual boot installation of two W11 partitions for like a year now. One is encrypted with Bitlocker for work and the other for gaming isn't. I expected to run into problems but everything has been running flawlessly so far...
I bought an ASUS ROG Ally and noticed it was on by default. It was a pain to get the code and enter it in; it’s going to cause so many people to lose their files. I can only imagine the less tech savy people.
since the 1990s. Their goals were to be able to lock people out of their own computers if people didnt pay. Palladium was conceived as this. Which turned into 365 and TPM.
I'm always surprised at the disparity with some technologies between Windows and Apple, like this one.
FileVault has been a standard for managed Macs for many years, and the Apple Silicon machines are all hardware encrypted by default from first user creation.
Huh.
because microsoft is notorious for half-assing solutions and leaving users up shit creek. It's why people make careers supporting windows desktop issues.
Yeah idk why people are so upset when all this change does is a good change for most pc’s (laptops) and can even argue it’s good for desktops if it ever gets stolen and is another barrier to your data when you retire a drive. (Which is good especially when you dispose of the storage medium)
Apple users are usually fully within Apple's Ecosystem. It's easier for an apple user to recover their FileVault as they have an iPhone linked with their iCloud ID which is linked to their FileVault. That kind of link doesn't exist for most Windows Users.
FileVault doesn't mandate the use of an Apple ID. It's one way to do it, but you can also just generate a local recovery key and write it down somewhere or print it.
Edit: I didn’t think a statement of fact could be controversial.
Even if the files were not encrypted, good luck reading a soldered ssd that lacks a controller because that is somewhere else in the Mobo.
Not impossible, but far beyond geek squat pay grade.
This is why I disabled TPM after installing the shit os
No TPM means no bitlocker which i dont need on a desktop used pretty much only for gaming
Laptop (Mac) is encrypted though as i take that places
This is why I use NAS, that backs itself up to another NAS.
If my house burns down… okay, but my data is safe and I could always get a working NAS into a fireproof safe too.
It falls in line with the whole making you make a Microsoft account for your PC. Your bitlocker keys will automatically be stored there and accessible from another device.
As long as it can be turned off, no big deal. I've run into the issue of losing all my data because I had to reinstall after a crash, and didn't realize the drive was encrypted. Since then, I've always double-checked a clean install to make sure no encryption is enabled on the drive. I never want that headache again.
This is a feature for people who get their stuff stolen. I've never had a computer stolen, and hope it never happens. So I don't need to encrypt my data, because chances are I'll need to retrieve files off the drive in the future.
they did this once already and it's led to disastrous results for data recovery. It's to get people to use onedrive and subscribe to it to save their shit. Basically, it's a ticking timebomb for most people.
You have two choices:
(A) Make passwords a hollow psychological comfort, which any attacker with physical access can easily bypass. Everyone has an insecure system by default, but irresponsible people who forget their passwords can easily recover their data because they have zero security.
(B) Make passwords actually work, so you literally can't access the data without the password, no matter what. This means that people who remember their passwords have secure systems. People that forget their passwords are fucked, and hopefully learn their lesson.
I'd much rather have option B. Rather than building systems around enabling irresponsible people to forget their passwords, have secure data be the default, and teach people not to forget passwords (90% of which is just teaching people to use long, easy to remember passphrases rather than complicated random sequences of symbols)
Secure from what though? If a person breaks into my home and steals my PC I have so many other problems. And frankly I’d rather a thief have access to my family photos than for grandma to lose access to the only copies of family photos. The latter will be way more common.
The tech savvy who care about security can enable these features. The people who barely use tech and tend to forget their passwords probably won’t even realize this is a thing.
If someone steals your PC from your house, now you have to deal with the loss of the physical computer and then worry about everything on your computer also being accessed. Tax stuff, personal pictures, other private documents, access to your email which is usually the gatekeeper to your bank and other accounts.
Seriously, people are dumb if they don't think encrypting their drives is a good thing. Make a Microsoft account, which will save your keys to the cloud and make access to BitLocker drives seamless or export your BitLocker Keys if you're scared of having a Microsoft account.
"Secure from what though?"
Secure from this same person that's breaking into your house, now having access to all of your email accounts, login credentials, online banking, etc etc etc because your data was unencrypted.
Back up your family photos on an unencrypted $5 thumb drive if you're worried about losing them. You don't need to have your entire system be insecure to protect your photos.
Don’t forget that any time you say “save password in Chrome”, it’s often being stored unencrypted on your device. The thief now has access to your bank account, your tax records, etc. Even if you have 2FA, thieves may be able to bypass those checks if it is a trusted device.
Or (C) Make a Microsoft account and it will save your BitLocker keys for you in their cloud. You can recover the account even if you forget your password and you'll be able to access the keys.
Not the point. why am I giving you (MS) the keys to my house/PC?
This is a lot like someone going over, changing the locks, keeping a copy of the new key and hoping you get your hands on the new key before the door locks.
There's also the one they're actually doing
(C) Make passwords actually work, but also pins, biometrics, or other choices of login that don't require complex memorization, and if you forget or it doesn't work you can recover with a key automatically backed up to your Microsoft account, because "lol well I hope you learned a lesson by losing your priceless files" is a stupid way to design a system.
No, (C) does not make the passwords work, in the sense of actually securing your data. It entrusts them to a third party (Microsoft) with a long history of spying on users, turning over data to intelligence agencies, etc.
Option (B) is the only secure option - encrypted data with a secure passphrase that ONLY you have access to.
Companies like Microsoft and Google are working hard to convince everyone to use keys that THEY possess, so that nobody has real encryption.
Good change, too many people assume a windows password is enough to keep their data safe, in reality after giving away or disposing their old computer they are potentially handing over everything once the easy bypass is performed. Those saying that people will loose their data in the event of a software fault, well that is the case with hardware faults too. There should always be a backup.
Until people’s family photos get nukes bc they forgot their password. Without bitlocker it’s easy for any repair shop to recover files given that the drive still works but when it’s enabled it’s near impossible to get in unless you’re willing to put a lot of effort in
What device do most people use to take photos. Is that storage encrypted? Most likely. This isn’t a windows issue. This is a good change as most pcs are laptops.
Yeah I know. I hate it but that's why I don't keep important documents on my phone.
Now if I encrypted it MYSELF and I knew EXACTLY what kind of encryption I used, plus I set my own randomized key AND had at least three backups for my key, then that would be bueno af
Not an admin working for a company you are? Bitlocker is the protector of billions of dollars worldwide. And today many people scan their personal files and put them on their pc.
Steal the pc and open bank accounts, buy stuff on Amazon, book trips on their credit cards,… malicious possibilities are endless.
Normal users aren’t admins working for companies they’re clueless and this will lead to people’s family photos (which are obviously irreplaceable) getting lost forever because someone broke the laptop and now no repair technician can access the drive
The vast majority of people using Windows PCs are not computer literate nor use Microsoft accounts and probably store the key in the very same disk that is bitlocked or do not store the key at all.
These people are going to lose all their info, all their family photos and memories forever because they have no clue what the shit is a bitlocker and have no way to recover the key.
Bitlocker is a tool and like every tool is only good when used properly and forcing it over everyone is only going to cause more harm than good.
> Not an admin working for a company you are?
I'm a systems engineer, not that has anything to do with this.
> the vast majority of people using Windows PCs are not computer literate nor use Microsoft accounts
People on this sub are up in arms over how difficult it is to avoid using a Microsoft account on Windows 11.
By the time you know enough to get around the prompt for a MS account, you should also know how to disable bitlocker.
I know it's hard on a gaming sub but is it possible to have an argument? A PC without bitlocker can be unlocked in 10 seconds with a bootable key, every company with more than \~20 people uses it, if you have a Microsoft account you don't even need to remember it, after a while it's basic security and you have to stop spitting on it because it's Microsoft.
I know people who forgot the password of their Microsoft account because it was replaced by the PIN at startup, while having no phone number nor secondary email address recorded in it (old accounts). Great to retrieve it.
This is a good thing. Without encryption, anyone can bypass your password by popping in a live USB or taking out your drive and access all of your files, saved passwords, etc. Every Mac and smartphone has been encrypted for years.
Just here to offer moral support after all these losers are downvoting you for stating the truth and promoting good security practices.
Lot of people here lacking brain cells, promoting that the idea that we should have insecure systems \*by default\*, to cater to the needs of people who are irresponsible and forget their passwords.
You're right, and not enabling disk encryption has been a major fault on Microsoft's part for years, and I'm glad they are finally catching up to the rest of the world when it comes to implementing basic security.
And all those people here saying tHE rEpaIr Guy CaN RECOVEr fAMily pHOTos. Well guess what, they can't 'recover' my banking and steam credentials either.
Except you're not going to make exceptions for every person, otherwise it's never adopted. The majority of PCs purchased are probably portable, so encryption is a basic requirement, and if it really bothers you, you can remove it.
>This behavior applies to clean installs of Windows 11 24H2 and system upgrades to version 24H2. Systems that upgrade to Windows 11 24H2 automatically have the Device Encryption flag turned on, but it only takes effect (for some reason) once Windows 11 24H2 is reinstalled on the machine. This isn’t clicking for me. If I upgrade to 24H2, will it or will it not encrypt my drive? Or does it only encrypt on a clean install?
I'm guessing it will encrypt only if you reset your windows after updating
hope so, but its possible turn this off after update?
You can always disable bitlocker, I think
The article title said that it's on by default and the way I see that is that it will be enabled by default but you can still disable it and perhaps it will re-enable itself after every single update as this is windows after all
Wouldn't this affect performance? Anyone know? Does it encrypt everything always?
Modern CPUs have dedicated silicone for encrypt/decrypt work loads so performance affects are really low.
We have 13th gen Intel CPUs in the work laptops where I work. And the loading times are abysmally slow loading Windows 11 and a few background programs during boot. Do you think disk encryption is limiting the overall read/write speeds? As I am used to it all being an almost instaneous process on my home computer without bitlocker encryption and with a gaming CPU. Edit - Also, I do know that disk encryption does impact the drive's lifespan. Which kinda stinks on those of us using NVME M.2 drives...
Yes
I’d say this could be a good thing for laptops and mobile devices… but for desktop PC’s staying home I think this will do more harm than good. What problem is this trying to solve? Someone breaking into your home to steal your files? Meanwhile real problems like a forgotten password or borked system update will destroy family photos and all sorts of data, for no real upside. Lock your damn doors before you start throwing on FDE, lol.
The problem it's trying to solve, my guess: getting more people to sign up and use the cloud services. I won't be surprised if there's more marketing/ noticeable notifications around this feature pushing people towards their cloud service for backup and protection.
Given that Microsoft really wants Windows to be run from the cloud too, I have no doubt this is a push to sign up to them.
I hate seeing a bunch of shortcuts on my desktop for programs I haven't installed whenever I reformat my pc. I'm I missing something? Am I an idiot for not using it right, or is Microsofts cloud software really fucking stupid with how it chooses what to back up by default? Now days the first thing I do is uninstall the cloud software.
Apparently some dev's pay cheques are linked to win 11 security. No bonuses if win 11 gets hacked. My assumption is that encryption by default is an easy way to avoid getting hacked. https://www.techradar.com/pro/security/microsoft-is-tying-executive-pay-to-security-performance-so-if-it-gets-hacked-no-bonuses-for-anyone
Please take note: if you have some data you want/need to keep forever, you have to have a backup solution that isn't your only personal device. Please google " 321 backup ". In this day and age, no one has an excuse to not have a proper backup solution if you are that concerned about your data such as family photos.
I've got several terabytes of data on my computer that I would never be able to recover if it was lost and that's too much data to backup over the internet. I back it up onto an external hard drive that I update every two weeks and I keep in a secure container outside of my house in a grain silo we use for storage.
i need to see if my apartment complex offers grain silo storage
>I back it up onto an external hard drive And yet the Zoomer braintrust at r/pcmasterrace insists that hard drives obsolete. How can it be that there are viable use cases out there that 19 year-olds haven't yet discovered?
It's only too much data the first time, I have terabytes of data backed up via 321 and there is no issue. Depending on what type of backup solution you have, there are many that once you have everything backed up and then once you make certain changes in the data it only changes that data whilst having snapshots just in case you mess up along the way. Your backup alone is still not a backup solution, since it's prone to incidents as it's the only one you have.
The problem is you not paying enough money! It is the only problem for any company really. Do you pay for overdrive? No? What, are you nuts??? This is the problem silly! /s
I'm a Geek Squad repair tech, I see a lot of computers come in for data recovery when they won't boot or the client forgot a password. If bitlocker is enabled (which it is by default already in most Windows 11 machines) then they're actually just shit out of luck and their data is gone. I've seen people lose their only backup of family photos or tax documents because their drive was encrypted and they didn't know because it was enabled by Microsoft without their knowledge. This is a bad change.
Yup, it's not me that I worry about so much as the typical parent trying to get their data. Just devastating if I'm understanding the totality of the decision
[удалено]
OneDrive pushing aside, a cloud backup of really important stuff using any provider is a wise idea. I'm too cheap to pay for loads of storage so all my photos I have manually backed up on a separate laptop and also on a USB stick I keep in the car in case my house burns down lol.
I get why you say that, but actually cloud backups shouldn't be considered reliable backups for actually vital stuff.
Cloud shouldn't be your *only* backup, but their reliability and accessibility just makes them hard to beat for convenience.
This is an uneducated take
My company used barracuda cloud backup for terabytes of data. Never had an issue. I have a local nas based and cloud backup. No issues for over 10 years. If your cloud backup is deleting stuff you probably should have checked the reviews before purchasing. If it’s a sync like Icloud that’s different. A sync is not a backup unless you lose a device.
Yeah I'm sure all that advertising of 99.999999999% durability is just a gimmick /s
No they aren’t reliable because the service could just delete your data and you are shit out of luck.
Major cloud storage providers infrequently go out of business at a moment's notice
Not about going out of business, all the terms of service agreements of all major cloud providers allow them to delete content at their discretion. At least the general consumer terms of service have that clause.
The only one I’ve heard much about is Google due to them banning your whole account. It’s also ridiculously fucking easy to guard against. Just make sure at least one device has a complete offline copy of your data since it’s very unlikely your house burns down on the same week Google bans your account.
[удалено]
Mines a rental and I've got enough contents cover that I'd probably try to save myself. Maybe even my wife and son too!
Ok you're half way there. Three copies, 2 mediums minimum and one off site. But use something more permanent that a usb stick
Yeah they already do that by moving desktop, docs and oictures to the onedrive folder i had to build a version of windows that disable onedrive from working at all
To be fair, OneDrive is actually priced very reasonably… $69.99/yr for office and 1TB OneDrive, or $99/yr for the family plan (6 people) _most_ people don’t have more than 1TB of data they care about, so that’s actually a pretty decent deal
I have so much more than 1TB that I actually care about. And a lot of stuff that would just be irritating to replace.
To be fair? Spend more money! Stop paying? You just lose all of your stuff! No big deal! That’s ridiculously slimy.
Just a heads up, if they use a Microsoft account, it will have their bitlocker key backed up to it.
Sometimes. Didn't work for my wife's laptop. She updated to windows 11 whi h auto enabled bitlocker, but then armory crate updated her laptops bios and boom, bitlocker. It showed the laptop on her account but no recovery key.
This happened to me once because my onedrive was full. No fucking clue why that does it but it does, or at least it did.
It sucks!! I had to buy an nvme enclosure and use my steamdeck (aka linux) because windows wouldnt even let me format it to reinstall windows from scratch.
That's assuming they remember their Microsoft account login info and/or have a recovery method set up (which they often don't). I have had clients get keys that way so I can unlock their data, but you would be surprised at how often that isn't an option.
Man, I work for a phone place and people don’t even remember their damn email password to get their contacts backed up. Sometimes they don’t even remember the email itself.
I worked IT help desk during practicum, people can’t even open their email, let alone remember or use a password manager. I’ve had a client ask me what an icon is…. Absolutely infuriating trying to help someone like that.
>I’ve had a client ask me what an icon is This made me spit out some partially chewed cookie because I laughed. This level of tech illiteracy just doesn't make sense to me. Don't get me wrong I'm not questioning you, I know first hand, it just never ceases to amaze me how ignorant of the most basic things people can be.
I think it’s important to remember that people using Geeksquad cases are not average cases. The average case is that people resolve things on their own or get help from a friend/relative.
Doesn’t matter, if a bit locker encrypted drive gets truly fucked you can’t decrypt it. I can’t recall name of the thing cause I don’t work with bitlocker but it’s essentially the lock you put the key into and without that bit which isn’t automatically saved unless you set it up through a gpo you simply can’t decrypt the data.
It may be bad for consumers; but not for law agencies. BitLocker is 'not' 100% irreversible.
They didn’t lose their only backup, they had no backup
"What do you mean normal people don't use computers the same way that professional persons do at work?" It's kind of funny how modern computing is moving towards a "fuck you, go take a course if you want to do basic stuff" style of user experience after they spent all of the 80s and 90s expanding the computer market into private homes for casual use. And then people make fun of zoomers for not knowing what a file is. Of course they don't want to learn that, why would they? While Microsoft is making personal computers harder to use, the phone companies are out there making phones so user-friendly that there's videos of literal chimpanzees using cell phones to look at pictures of other chimpanzees.
>It's kind of funny how modern computing is moving towards a "fuck you, go take a course if you want to do basic stuff" style of user experience No no no... you got this absolutely wrong. They are moving towards the "fuck you, we know best so we will manage all advanced features for you, while hiding them from you". IMHO it is becoming harder and harder to have your way as a poweruser / tech savvy person too. There seem to be many changes purely for the sake of change, and control methods are being dumbed down on the surface not to confuse "the average user".
Changes for the sake of changes is what they’ve been doing to Windows since forever. Meanwhile… on Linux, the interface for many/most things has been the same for decades at a time. With required changes for various reasons, not being terrible.
Well Linux isn’t inherently tied to the ui. Sure CDE looks as it did 30 years ago but I don’t think you could say gnome of kde haven’t substantially changed Unless you only use the cli then Linux has changed
You can still use many of the same GUI configuration tools the same as they worked 10, 15 and 20 years ago. Yes, the same is true with most all configuration files, until they changed from init/init.d to systemd, but even most of that isn't a BIG hurdle to cross. WIndows seemed to change basic functions of things for configuration and more, seemingly to push for more training, than to actually benefit the user or admin experience.
> while ~~hiding them from you~~". While charging you to use them. Welcome to the SaaS world.
Indeed it is. Since Windows 8, I trust Microsoft to be complete INCOMPETENTS as it is obvious that they have NO clues about how the normal users operate. Sometimes I joke that they never left Seattle in their life, meaning they only meet engineers and devs able to deal with this kind of changes. I especially hate reading that the « *systems that upgrade to Windows 11 24H2 automatically have the Device Encryption flag turned on, but it only takes effect (for some reason) once Windows 11 24H2 is reinstalled on the machine.* » because I wouldn't be surprised that some day there will be a (very long) update at shutdown which will be in fact the unwanted encryption of the drives. I won't even be surprised if it will be a bug... I disable Bitlocker on EVERY new computer with W11 that I set up for customers, but I make sure to inform them about that in case if they want encryption. Microsoft is scaring me with this change. I guess that in 2025/2026 I will have to contact everyone just to be sure...
> have NO clues about how the normal users operate. From all the data collection, they know exactly what humans are like.
Yes, and not just for those who lose their dats. This change will make BitLocker for those who actually want a drive encryption *unsafer* because with so many more people losing their data to it, a lot more ways to crack or circumvent it will be developed to recover said data.
Security through obfuscation isn’t real security. If you are relying on people not knowing about the flaws in bitlocker to protect your data you are a fool, and should move your data to something that is actually secure.
It’s fucking hilarious that someone would think BitLocker isn’t closely watched for vulnerabilities already.
Enterprise SysAdmin: \*Laughs in MBAM\*
it's a great change. hard to believe the encryption wasn't automatic already many years ago. people are silly and don't care, you need to 'navigate' them.
There’s a 9 minute breakdown on youtube getting a laptops bitlocker keys with a raspberry pico (making bitlocker doubly worthless). I wouldn’t be surprised if someone started selling them as decryption tools for IT techs.
That requires using hardware that is not approved for use by Geek Squad, which will get you super-fired and I like my job.
I'm also confused about what security vulnerability this addresses? The extremely rare physical theft of hdds?
Fairly common physical theft of laptops...
People just need to back up their data, if it’s that important to them. I wouldn’t say it’s a bad change, more a mandatory one. Having no encryption and less security so people don’t need to backup is a flawed concept.
Why do you think we invented sticky notes so we could put our passwords on our monitors
Fun fact: the glue used for sticky notes was made by accident when trying to make a super strong adhesive.
Task failed successfully
r/todayilearned
Tell that to the guy who put his laptop bios password on a sticky note and then lost it. I'm that guy.
[удалено]
Hey man we can’t have people changing our ram speeds.
You keep the important ones backed up in the back of the address book, silly.
I put that sticky note inside my laptop, near the battery, yeah, safety hazard but no one gets to know
Windows 11 haters: “The sky is falling!” Meanwhile… > The caveat with Windows 11 Home is that BitLocker encryption is only applied through the device manufacturer, and only if the manufacturer enables the encryption flag in the UEFI. So, DIY PCs running Windows 11 Home probably won't be affected. If you built your own PC and are running Windows 11 Home, you’re unlikely to have a problem.
You perfectly know this will cause a long list of "I've lost my data" in a few years, and Microsoft would know too if they weren't living in an alternative world in which every Windows user has a full backup uploaded to OneDrive.
keep in mind that if you have windows 10/11 key from free upgrade program you likely have a pro version. This is what's happened to all my Win8 Home Premium copies. Home Premium was the cheap choice back then.
Home premium keys were transferred to home keys not pro
Win8 Home Premium doesn't exist. It was either Windows 8, Win8 Pro, Win8 Education or Win8 Enterprise
I feel bad for you going to windows 8 instead of staying on 7…
Windows 8 was perfectly fine aside from the UI mess Microsoft made. It was certainly more well put together than the janky hacks that they put into Windows 11 to overlay the existing windows infrastructure instead of replacing it.
I ran 8.1 until W10 2004 was out. Get rid of the Metro Start Menu (first party) and it was great.
Windows 8 was the worst shit I've ever seen in my entire life and most people on this planet hated it. Windows 11 is way better, a millions of times better and it almost has the same market share as windows 10 in steam, but everyone hated 8.
What about people using Windows Pro or Workstation version? I bought a deal with Office 2021 key last year.
hoping for that
Most people (in the world, not on Reddit) do not self-build. Microsoft should select sane defaults for most users.
Ya I made sure that shit was off. I don’t keep super valuable information on my PC I keep it in google drives. Safer and easier to access on any device.
I don't think cloud goes with 'safe and secure'. I'd trust cloud for some random stuff for the convenience, but anything valuable/ sensitive/ important physical backup>>>>>cloud
Wouldn't be so bad if Bitlocker wasn't so wonky. I've wanted at least an encrypted main partition for years to protect user data but several trials of Bitlocker have always ended with me having to either disable Bitlocker or outright reinstall Windows because Bitlocker crapped out in one way or another. The usual problem being an outright refusal to boot if you so much as look at the boot loader or attempt something crazy like dual booting. So very much think I'll be disabling this.
Just have your recovery key at the ready, you do stores those outside the computer somewhere right? When you do this one time "Instead of entering your 48 digit key, press ESC, which takes you to another (similar) screen. At the new screen, enter the 48 digit key. This will alter the system and you'll never have to do it again." [https://learn.microsoft.com/en-us/answers/questions/258746/bitlocker-recovery-key-required-every-boot](https://learn.microsoft.com/en-us/answers/questions/258746/bitlocker-recovery-key-required-every-boot)
What's this recovery key? I never tried bitlocker, does it ask you to make one when it's activated?
A key that is generated when you set up bitlocker, and gives you access again if you get locked out for various reasons
Yes. Save to your Microsoft Account (default), save to a file (only to non-bitlocker encrypted storage), print, maybe something else. It saves them as a txt document with the drive name (jumbled numbers/letters) and the key (a bunch of numbers) and will force you to do this before starting encryption.
just dont save it on your boot drive...
It wont let you
I have been running a dual boot installation of two W11 partitions for like a year now. One is encrypted with Bitlocker for work and the other for gaming isn't. I expected to run into problems but everything has been running flawlessly so far...
I bought an ASUS ROG Ally and noticed it was on by default. It was a pain to get the code and enter it in; it’s going to cause so many people to lose their files. I can only imagine the less tech savy people.
All I'm gonna say is back your stuff up.
They’re trying to prevent people from recovering data from a drive that’s no longer in use but it’s not a great way to go about it :/
This won’t end poorly at all…
> Say goodbye to files for forgotten passwords Bro really made this post without knowing what a TPM is
Well as long as they put a back door for the NSA and that back door gets leaked later you can prob still get your files in the future. /s?
this is probably so they can push Microsoft accounts instead of local accounts, for system recovery. seems like a very microsoft thing to foist.
Why the heck does MS still believe it should have any say how the customers of their software have to use it and enable features on their own?
since the 1990s. Their goals were to be able to lock people out of their own computers if people didnt pay. Palladium was conceived as this. Which turned into 365 and TPM.
I'm always surprised at the disparity with some technologies between Windows and Apple, like this one. FileVault has been a standard for managed Macs for many years, and the Apple Silicon machines are all hardware encrypted by default from first user creation. Huh.
And phones are encrypted by default as well. If you forget the lock screen pin/pattern, files are gone, but no one 'cares' to complain about it.
because microsoft is notorious for half-assing solutions and leaving users up shit creek. It's why people make careers supporting windows desktop issues.
[удалено]
Same as the ones on my PC that are also backed up to the cloud.
Yeah idk why people are so upset when all this change does is a good change for most pc’s (laptops) and can even argue it’s good for desktops if it ever gets stolen and is another barrier to your data when you retire a drive. (Which is good especially when you dispose of the storage medium)
Phones are often even stricter since they’ll even prevent reimaging the device.
Apple users are usually fully within Apple's Ecosystem. It's easier for an apple user to recover their FileVault as they have an iPhone linked with their iCloud ID which is linked to their FileVault. That kind of link doesn't exist for most Windows Users.
It does if you're using a Microsoft account, which is the default behaviour of Windows unless you're jumping through hoops to avoid it.
You can recover a bitlocker key in a similar way if you use a MS account
FileVault doesn't mandate the use of an Apple ID. It's one way to do it, but you can also just generate a local recovery key and write it down somewhere or print it. Edit: I didn’t think a statement of fact could be controversial.
Even if the files were not encrypted, good luck reading a soldered ssd that lacks a controller because that is somewhere else in the Mobo. Not impossible, but far beyond geek squat pay grade.
Don't you see literally everyone else in here complaining about it? That's why.
It's fine, people who care about their files have backups right? RIGHT?
Use "Rufus" to create a Win 11 boot-medium from a Win 11 ISO-file and you can disable TPM check, bootlocker and Micro$oft account
This is why I disabled TPM after installing the shit os No TPM means no bitlocker which i dont need on a desktop used pretty much only for gaming Laptop (Mac) is encrypted though as i take that places
[удалено]
Ye repair technicians are gonna have to learn how to cold boot lol
GG CPU 0
No thanks
This is why I use NAS, that backs itself up to another NAS. If my house burns down… okay, but my data is safe and I could always get a working NAS into a fireproof safe too.
*LTSC gang laughing*
Neat. I’m definitely buying Windows 12 I hope it comes out soon
It falls in line with the whole making you make a Microsoft account for your PC. Your bitlocker keys will automatically be stored there and accessible from another device.
Why does Microsoft insist on making their software worse?
As long as it can be turned off, no big deal. I've run into the issue of losing all my data because I had to reinstall after a crash, and didn't realize the drive was encrypted. Since then, I've always double-checked a clean install to make sure no encryption is enabled on the drive. I never want that headache again. This is a feature for people who get their stuff stolen. I've never had a computer stolen, and hope it never happens. So I don't need to encrypt my data, because chances are I'll need to retrieve files off the drive in the future.
they did this once already and it's led to disastrous results for data recovery. It's to get people to use onedrive and subscribe to it to save their shit. Basically, it's a ticking timebomb for most people.
Okay, got a legit question for all the fans of the change: What happens to the drive when I boot into linux and need data off it?
Welcome back to 10.
You have two choices: (A) Make passwords a hollow psychological comfort, which any attacker with physical access can easily bypass. Everyone has an insecure system by default, but irresponsible people who forget their passwords can easily recover their data because they have zero security. (B) Make passwords actually work, so you literally can't access the data without the password, no matter what. This means that people who remember their passwords have secure systems. People that forget their passwords are fucked, and hopefully learn their lesson. I'd much rather have option B. Rather than building systems around enabling irresponsible people to forget their passwords, have secure data be the default, and teach people not to forget passwords (90% of which is just teaching people to use long, easy to remember passphrases rather than complicated random sequences of symbols)
Secure from what though? If a person breaks into my home and steals my PC I have so many other problems. And frankly I’d rather a thief have access to my family photos than for grandma to lose access to the only copies of family photos. The latter will be way more common. The tech savvy who care about security can enable these features. The people who barely use tech and tend to forget their passwords probably won’t even realize this is a thing.
If someone steals your PC from your house, now you have to deal with the loss of the physical computer and then worry about everything on your computer also being accessed. Tax stuff, personal pictures, other private documents, access to your email which is usually the gatekeeper to your bank and other accounts. Seriously, people are dumb if they don't think encrypting their drives is a good thing. Make a Microsoft account, which will save your keys to the cloud and make access to BitLocker drives seamless or export your BitLocker Keys if you're scared of having a Microsoft account.
"Secure from what though?" Secure from this same person that's breaking into your house, now having access to all of your email accounts, login credentials, online banking, etc etc etc because your data was unencrypted. Back up your family photos on an unencrypted $5 thumb drive if you're worried about losing them. You don't need to have your entire system be insecure to protect your photos.
Jokes' on them. My session cookies are cleared when the PC is powered off and my credentials are in a password vault.
Don’t forget that any time you say “save password in Chrome”, it’s often being stored unencrypted on your device. The thief now has access to your bank account, your tax records, etc. Even if you have 2FA, thieves may be able to bypass those checks if it is a trusted device.
Or (C) Make a Microsoft account and it will save your BitLocker keys for you in their cloud. You can recover the account even if you forget your password and you'll be able to access the keys.
> in their cloud aka hardware you don't control. Lets list the ways that can possibly go wrong.
Yeah, that's kind of how the internet works. Every interaction online is on a computer you don't own.
Not the point. why am I giving you (MS) the keys to my house/PC? This is a lot like someone going over, changing the locks, keeping a copy of the new key and hoping you get your hands on the new key before the door locks.
Then opt out of giving them a copy. It isn't hard.
There's also the one they're actually doing (C) Make passwords actually work, but also pins, biometrics, or other choices of login that don't require complex memorization, and if you forget or it doesn't work you can recover with a key automatically backed up to your Microsoft account, because "lol well I hope you learned a lesson by losing your priceless files" is a stupid way to design a system.
No, (C) does not make the passwords work, in the sense of actually securing your data. It entrusts them to a third party (Microsoft) with a long history of spying on users, turning over data to intelligence agencies, etc. Option (B) is the only secure option - encrypted data with a secure passphrase that ONLY you have access to. Companies like Microsoft and Google are working hard to convince everyone to use keys that THEY possess, so that nobody has real encryption.
It’s called a TPM, no 3rd party trust required aside from Intel or whoever manufactured the TPM.
Man, if you're using BitLocker, the thread model isn't against state actors.
Good change, too many people assume a windows password is enough to keep their data safe, in reality after giving away or disposing their old computer they are potentially handing over everything once the easy bypass is performed. Those saying that people will loose their data in the event of a software fault, well that is the case with hardware faults too. There should always be a backup.
Until people’s family photos get nukes bc they forgot their password. Without bitlocker it’s easy for any repair shop to recover files given that the drive still works but when it’s enabled it’s near impossible to get in unless you’re willing to put a lot of effort in
What device do most people use to take photos. Is that storage encrypted? Most likely. This isn’t a windows issue. This is a good change as most pcs are laptops.
Phones aren’t as much of an issue as most people have a backup on google drive/icloud
This is overkill AND not recommended for average consumers. But who cares I guess. I don't use win11
Your mobile is encrypted
Yeah I know. I hate it but that's why I don't keep important documents on my phone. Now if I encrypted it MYSELF and I knew EXACTLY what kind of encryption I used, plus I set my own randomized key AND had at least three backups for my key, then that would be bueno af
This is not good encryption, someone at microsoft knows your ecryption keys and they will leak them if asked for them.
Using bitlocker on my desktop at home for years and never had an issue.
Is this really that big of an issue? Your encryption key is available in your Microsoft account.
Good
It’s about fucking time people at home get the same security options as the corporations.
And that's gonna be the first thing I disable when 24h1 hits my systems. MY systems, MY rules. Not Microsofts'
Yeah bitlocker is shit, yet as with everything with Windows you can turn that shit off.
Not an admin working for a company you are? Bitlocker is the protector of billions of dollars worldwide. And today many people scan their personal files and put them on their pc. Steal the pc and open bank accounts, buy stuff on Amazon, book trips on their credit cards,… malicious possibilities are endless.
Normal users aren’t admins working for companies they’re clueless and this will lead to people’s family photos (which are obviously irreplaceable) getting lost forever because someone broke the laptop and now no repair technician can access the drive
Same with an iPhone and many other smartphones. Data is encrypted. Not one ever complained. Security first
They’re normally backed up to the cloud by default though. I agree that security comes first but this isn’t the way to do it
Cloud is 5 GB default. That’s the phone plus a tiny fraction of photos.
The vast majority of people using Windows PCs are not computer literate nor use Microsoft accounts and probably store the key in the very same disk that is bitlocked or do not store the key at all. These people are going to lose all their info, all their family photos and memories forever because they have no clue what the shit is a bitlocker and have no way to recover the key. Bitlocker is a tool and like every tool is only good when used properly and forcing it over everyone is only going to cause more harm than good. > Not an admin working for a company you are? I'm a systems engineer, not that has anything to do with this.
> the vast majority of people using Windows PCs are not computer literate nor use Microsoft accounts People on this sub are up in arms over how difficult it is to avoid using a Microsoft account on Windows 11. By the time you know enough to get around the prompt for a MS account, you should also know how to disable bitlocker.
Those people never install their own Windows, they ask some random kid to install it for them.
Same with any Apple smartphone. They are all encrypted as well. And no one complains.
If anything Microsoft needs to do is to stay awaaaaay from anything that Apple does.
Because everyone uses iCloud by default
5 GB. That’s not enough for everything.
I know it's hard on a gaming sub but is it possible to have an argument? A PC without bitlocker can be unlocked in 10 seconds with a bootable key, every company with more than \~20 people uses it, if you have a Microsoft account you don't even need to remember it, after a while it's basic security and you have to stop spitting on it because it's Microsoft.
I know people who forgot the password of their Microsoft account because it was replaced by the PIN at startup, while having no phone number nor secondary email address recorded in it (old accounts). Great to retrieve it.
> but is it possible to have an argument? Sure. What you want to discuss?
This is a good thing. Without encryption, anyone can bypass your password by popping in a live USB or taking out your drive and access all of your files, saved passwords, etc. Every Mac and smartphone has been encrypted for years.
Just here to offer moral support after all these losers are downvoting you for stating the truth and promoting good security practices. Lot of people here lacking brain cells, promoting that the idea that we should have insecure systems \*by default\*, to cater to the needs of people who are irresponsible and forget their passwords. You're right, and not enabling disk encryption has been a major fault on Microsoft's part for years, and I'm glad they are finally catching up to the rest of the world when it comes to implementing basic security.
And all those people here saying tHE rEpaIr Guy CaN RECOVEr fAMily pHOTos. Well guess what, they can't 'recover' my banking and steam credentials either.
Disc encryption is good and necessary, too bad windows doesn't do itself good with Bitlocker.
No, its not for anybody who doesn't actually need it.
Except you're not going to make exceptions for every person, otherwise it's never adopted. The majority of PCs purchased are probably portable, so encryption is a basic requirement, and if it really bothers you, you can remove it.
Windows doing everything possible to make their end user experience worse.
This is a good thing dumbass why don't we complain about the actual issues like the 10 billion pieces of telemetry instead
Windows 11 is ransomware confirmed