Microsoft is enabling BitLocker device encryption by default on Windows 11

Brkdncr , 37 minutes ago

The anti-MS here is annoying. They set up online accounts by default to improve usability and its complaints about privacy. They set up full disk encryption at rest by default to improve privacy and its complaints about usability.

gentooer , 30 minutes ago

These are valid complaints tho.

Badeendje , 20 minutes ago

From powerusers yes, and taking away their options is nonsense. But for the general populace it is arguably a good thing.

Romkslrqusz , 56 minutes ago

[…] device encryption will be enabled by default when you first sign in or set up a device with a Microsoft account or work / school account.

For devices with a TPM, this has literally been the case since Windows 10 1803 back in 2018.

db2 , 59 minutes ago

Clownstrike taught them nothing…

riskable , 1 hour ago

Tom’s Hardware tested this software version of BitLocker last year and found it could slow drives by up to 45 percent.

WTF‽ In Linux full disk encryption overhead is minimal:

While in pure I/O benchmarks like FIO there is an obvious impact to full disk encryption and other synthetic workloads, across the real-world benchmarks the performance impact of running under full disk encryption tended to be minimal

www.phoronix.com/review/hp-devone-encrypt/5

There’s like five million ways you can use disk encryption on Linux though and not all of them are very performant. So keep that in mind if you see other benchmarks showing awful performance (use the settings Phoronox used).

I suspect Microsoft made some poor decisions in regards to disk encryption (probably because of bullshit/insecure-by-design FIPS compliance) and now they’re stuck with them.

moe90 , 1 hour ago

I hope it does not affect performance

downpunxx , 1 hour ago

yeah, no kidding, a real bitch if you want to back up your systems, and the hit to processing speed is significant, though with it enabled, the days of popping out a hard drive, and grabbing whatever the hell's on there with a usb connection are over

dual_sport_dork , 1 hour ago

You can still mount it to another machine if you have the key. It’s an extra layer of pain in the ass, though.

I don’t use an M$ account so if your key is backed up to the cloud (aside: can’t wait to read the headline about when that gets breached) I don’t personally know offhand how difficult it is to extricate your BitLocker keys from Microsoft.

Brkdncr , 41 minutes ago

Source?

catloaf , 37 minutes ago

AES-NI has been standard for over a decade. There shouldn’t be a significant hit to processing speed.

downpunxx , 34 minutes ago

and i work with dozens of disparate windows systems on multiple hardware platforms on the regular, the speed degradation with bitlocker encryption still exists, and is noticeable

catloaf , 6 minutes ago

You’ve benchmarked this? Using what encryption algorithm, what processors, what benchmark?

Shadywack , 1 hour ago

Cool, let all the dumb fuck time vampires suffer. I won’t be helping anyone with shit. “Shoulda bought a Mac”

dual_sport_dork , 1 hour ago

Well, you probably can’t anyway. Your (l)users are not going to have their BitLocker keys, and it’s virtually guaranteed they won’t even know what that is. So it’s a total wipe and reinstall for you, my friend.

Shadywack , 53 minutes ago

Exactly, it’s wonderful news!

jeena , 1 hour ago

Perfect, this will finally lock out all the old people of their devices because they forget their bitlocker password :D

30p87 , 1 hour ago

I guess they’ll use TPM. I’m so excited to tell half of my “clients” (all seniors in the village) that they are fucked because their Laptop died.

wizardbeard , 1 hour ago

Yeah, this makes sense for corporate environments with keys backed up to a centralized location like Active Directory. Not for consumers with no reasonable way to keep some key like this in a safe place as a “break glass in case of emergency” option.

Romkslrqusz , 54 minutes ago

It backs up to the Microsoft Account

Still, some people create an @outlook.com email, set up no recovery options, forget the password, and find themselves locked out.

catloaf , 39 minutes ago

How do you get to your Microsoft account when your computer is locked?

AnyOldName3 , 32 minutes ago

If you’re doing things properly, you’ll know your Microsoft account password or have it in a password manager (and maybe have other account recovery options available like getting a password reset email etc.), and have a separate password for the PC you’re locked out of, which would be the thing you’d forgotten. If someone isn’t computer-literate, it’s totally plausible that they’d forget both passwords, have no password manager, and not have set up a recovery email address, and they’d lose all their data if they couldn’t get into their machine.

catloaf , 7 minutes ago

Even if you have your Microsoft account password, it doesn’t help when you can’t even boot into Windows.

T00l_shed , 32 minutes ago

Many people will have access to a secondary device, not all of course.

Brkdncr , 42 minutes ago

Keys are backed up to their MS account by default.

NeoNachtwaechter , 35 minutes ago

Then somebody can sell new devices to them and M$ can sell new windows with it.

Win-win-win-win…