Technology @lemmy.ml dvdnet62 @feddit.nl 6 mo. ago

Windows 11 24H2 will enable BitLocker encryption for everyone — happens on both clean installs and reinstalls

www.tomshardware.com Windows 11 24H2 will enable BitLocker encryption for everyone — happens on both clean installs and reinstalls

You can still manually disable encryption if desired.

PC Master Race - PCMR: A place where all enthusiasts of PC, PC gaming and PC technology are welcome! @lemmit.online Lemmit.Online bot @lemmit.online

BOT

6 mo. ago

Windows to enable Disk Encryption by Default. Say Goodbye to Files for Forgotten Passwords

www.tomshardware.com /software/windows/windows-11-24h2-will-enable-bitlocker-encryption-for-everyone-happens-on-both-clean-installs-and-reinstalls

You're viewing a single thread.

73 comments

uhoh, and wait for the time when the user will update his BIOS, that resets TPM2, and at reboot bitlocker asks for the 48 digits key to decrypt hard drive, that the user never saved...
- What can you do when this happens... Asking for a friend...
  
  it should be in your MS online account as someone wrote, but in case of, I always save it on a USB key, hidden somewhere. You can also print it, or take a picture of it with your phone. Because there is no way to get it back.
  
  uploading encryption keys makes encryption much less meaningful
  
  Sure, but for most people encryption is mostly supposed to protect against the thief that took your laptop on the metro and not the NSA or whatever.
  
  personal data leaks frequently, that may include these
  
  Yes that is possible, but should I repeat what I wrote earlier or can you just read it again?
  
  I'd like you to repeat it please. But slower this time.
  
  Because they force you to use online accounts now, you can get it from the registered account via the Microsoft account page.
  
  In your Microsoft account: Open a web browser on another device. Go to https://account.microsoft.com/devices/recoverykey to find your recovery key.
- Wait? My Lenovo laptop did exactly this. It first encrypted the SSD without telling me, then it updated the bios via windows update (or via Lenovo assistant, but still it was unattended)
  
  Luckily I was using a Microsoft account (usually I don't because fuck that) so the keys were automatically backupped
  
  The automatic encryption and subsequent backup both took place because you were using a Microsoft Account
- I updated my BIOS few days ago and on reboot got a warning about bitlocker and resetting fTPM, but I'm on linux. I dumped luks headers, and master priv keys before resetting just in case but everything worked as usual. Do you know if I just got lucky or if luks dosn't use TPM? Should I hold on to the luks headers and master priv key backup?
  
  LUKS don't use TPM
  
  There's an extension that can unlock LUKS drives using the TPM, but by default it does not do that, and probably that extension isn't installed either

You've viewed 73 comments.