The anti-MS here is annoying. They set up online accounts by default to improve usability and its complaints about privacy. They set up full disk encryption at rest by default to improve privacy and its complaints about usability.
Tom’s Hardware tested this software version of BitLocker last year and found it could slow drives by up to 45 percent.
WTF‽ In Linux full disk encryption overhead is minimal:
While in pure I/O benchmarks like FIO there is an obvious impact to full disk encryption and other synthetic workloads, across the real-world benchmarks the performance impact of running under full disk encryption tended to be minimal
There’s like five million ways you can use disk encryption on Linux though and not all of them are very performant. So keep that in mind if you see other benchmarks showing awful performance (use the settings Phoronox used).
I suspect Microsoft made some poor decisions in regards to disk encryption (probably because of bullshit/insecure-by-design FIPS compliance) and now they’re stuck with them.
yeah, no kidding, a real bitch if you want to back up your systems, and the hit to processing speed is significant, though with it enabled, the days of popping out a hard drive, and grabbing whatever the hell's on there with a usb connection are over
You can still mount it to another machine if you have the key. It’s an extra layer of pain in the ass, though.
I don’t use an M$ account so if your key is backed up to the cloud (aside: can’t wait to read the headline about when that gets breached) I don’t personally know offhand how difficult it is to extricate your BitLocker keys from Microsoft.
and i work with dozens of disparate windows systems on multiple hardware platforms on the regular, the speed degradation with bitlocker encryption still exists, and is noticeable
Well, you probably can’t anyway. Your (l)users are not going to have their BitLocker keys, and it’s virtually guaranteed they won’t even know what that is. So it’s a total wipe and reinstall for you, my friend.
Yeah, this makes sense for corporate environments with keys backed up to a centralized location like Active Directory. Not for consumers with no reasonable way to keep some key like this in a safe place as a “break glass in case of emergency” option.
If you’re doing things properly, you’ll know your Microsoft account password or have it in a password manager (and maybe have other account recovery options available like getting a password reset email etc.), and have a separate password for the PC you’re locked out of, which would be the thing you’d forgotten. If someone isn’t computer-literate, it’s totally plausible that they’d forget both passwords, have no password manager, and not have set up a recovery email address, and they’d lose all their data if they couldn’t get into their machine.