Welcome to the PCMR, everyone from the frontpage! Please remember:
1 - You too can be part of the PCMR. It's not about the hardware in your rig, but the software in your heart! Your age, nationality, race, gender, sexuality, religion (or lack of), political affiliation, economic status and PC specs are irrelevant. If you love or want to learn about PCs, you are welcome!
2 - If you don't own a PC because you think it's expensive, know that it is much cheaper than you may think. Check http://www.pcmasterrace.org for our builds and don't be afraid to post here asking for tips and help!
3 - Join our efforts to get as many PCs worldwide to help the folding@home effort, in fighting against Cancer, Alzheimer's, and more: https://pcmasterrace.org/folding
4 - Need PC Hardware? We've joined forces with ASUS ROG for a worldwide giveaway. Get your hands on an RTX 4080 Super GPU, a bundle of TUF Gaming RX 7900 XT and a Ryzen 9 7950X3D, and many ASUS ROG Goodies! To enter, check https://www.reddit.com/r/pcmasterrace/comments/1c5kq51/asus_x_pcmr_gpu_tweak_iii_worldwide_giveaway_win/. There's 4 weeks of challenges, and you can find all the info you need on that thread.
-----------
We have a [Daily Simple Questions Megathread](https://www.reddit.com/r/pcmasterrace/search?q=Simple+Questions+Thread+subreddit%3Apcmasterrace+author%3AAutoModerator&restrict_sr=on&sort=new&t=all) if you have any PC related doubt. Asking for help there or creating new posts in our subreddit is welcome.
If BitLocker is enabled, you should ask around if anyone knows the BitLocker password. If the answer is no, you'll be absolutely screwed on the next PC failure
As discussed by many others, half the people won't save/keep the copy the computer strictly tells you to print out/save! But I'll keep my fingers crossed for the next one...
You can create an offline account, but only by not connecting the system to the internet during setup. It'll then fail when trying to create a Microsoft account, and it'll begrudgingly give you the offline option.
I have to set up some air gapped PCs from time to time at work and it feels like you're actively fighting with Windows to do something simple like create an offline account. If the users were comfortable with Linux, I'd switch in a heartbeat.
Tried that, but it'll fail the installation now and will refuse to install. *Politely* asking for an internet connection.
Perhaps I should try a couple more times during installation.
Also, business/enterprise users will be able to get the bitlocker keys through their domain if necessary, most home end-users will pretty much be fucked
Thats why they tie the keys to your windows account where you can look them up and if you use a local account, they straightup dont do it. Somehow this part keeps being left out in this discussion constantly
If you can login into their Microsoft account, you can access the bitlocker keys there.
I have faced this problem once, and now i don't forget to disable bitlocker before doing a windows installation.
This response really needs to be higher up. For a sub filled with the supposed PC Master Race nobody else knows that all bitlocker recovery keys are added to the MS account associated with the device, maybe some people need to up their game.
Whenever I talk in depth about IT issue I get downvoted by wanna be tech.
But since they are active in gaming and pc sub they think they know shit. I had someone tell me to teach him about networking cause he learns fast. Like my dude, I have a college degree. I'm not a teacher and not spending my free time teaching a random stranger.
But yeah bitlocker is a non issue. You can do some IT magic to bypass it too. I have a pc at work that someone deleted in AD and therefore lost bitlocker password. I need to repair it for it to boot first but I'm recovering it next Friday. It stopped booting 2 days ago.
Shout out for Backblze, 100 bucks a year, unlimited backup of your PC with 1 year version history.
Saved my ass a few times, for 100 bucks a year, worth it.
The Bitlocker recovery key can be found in the person's Microsoft account online. Try forgetting and resetting, finding it written down, or guessing the password. I did this for a client last month. Took about 2 hours of calling around and going through older papers but it worked.
Unfortunately you won't be able to recover anything from a BitLocker encrypted drive without the not publicly available knowledge and hardware that's required to bypass BitLocker encryption. Methods that were discovered and made public were done so for research and penetration testing purposes so they were patched before ever actually being announced. BitLocker encryption can 'technically be brute forced', however obscene amounts of compute power are required to crack a key in any amount of time that would be considered worth it which makes brute force attacks a pretty moot approach unless an individual or organization has enterprise / workstation class AI accelerated GPU's available to them.
A legitimate way around this would be in the event of a death where the now deceased had a Microsoft Account linked to the PC and you were able to prove to Microsoft that the account holder has indeed passed away and you're either a relative or someone who is legally allowed to take over ownership of the account for sentimental or archival purposes then the recovery key required to unlock the drive can be obtained from signing into the Microsoft Account in question once Microsoft gives you ownership.
> A legitimate way around this would be in the event of a death where the now deceased had a Microsoft Account linked to the PC and you were able to prove to Microsoft that the account holder has indeed passed away and you're either a relative or someone who is legally allowed to take over ownership of the account for sentimental or archival purposes then the recovery key required to unlock the drive can be obtained from signing into the Microsoft Account in question once Microsoft gives you ownership.
Ah, so you just need a few forged documents, and then you can use this 'legitimate' approach.
I'm unsure what the exact requirements for documentation are to provide proof of relativity to the original account holder as well as a transfer of ownership. I'd imagine in the event the aforementioned scenario became a reality that you would need more than just the notorized death certificate itself but I'm just speculating based off of examples of what some other companies have done for relatives of a deceased account holder on their platforms in the past. Microsoft could very well just function like Apple though and have a policy stating that under absolutely no circumstances will they relinquish ownership or the data of an account to anyone whether the original account owner is deceased or not. Obviously the only way to confirm what their particular policy is would be to contact them directly and inquire about what could be done, if anything, in that particular scenario.
If you can forge convincing enough documents, getting into someone's PC is generally a moot point. I'm sure people will point out exceptions, but it's very rare something is only on a local drive that couldn't be socially engineered with forged documents of the quality you're describing.
One of like, the top three uses of TPM is specifically disallowing you to yank a drive out of a computer and get the data off it. Much more than a feeling!
The answer is, no.
Unless you have a recovery key, there is 0 ways you are getting into a bitlocked drive.
Like, literally impossible.
The only reasonable way to get into one would probably be quantum computing? And I don't think you're a multi-billionaire.
Personally divided on this.
Plus side: Data is more secure even for those who are less tech savvy especially on new installs.
Cons: is a forced action which frankly should never be compulsory on an end user (non enterprise) OS that is already paid for. Along those lines, unless the user is guided through the setup of it, data loss is an extremely high outcome.
Side note: not sure if an encrypted drive is slower to access than a non encrypted one, game loading as an example.
>Data is more secure even for those who are less tech savvy especially on new installs
I could imagine my mom's computer failing in some way, requiring to take the SSD/HDD out, only to find out the data was encrypted by BitLocker. “Mom, do you remember your key?” “What? Which key?”. It's always an issue, for example, when giving her a new phone or device, since she keeps forgetting passwords and codes.
This has been standard practice for microsoft accounts tied to computers it seems. Had a buddy that had a surface 3 years ago with windows 10 he obviously tied the device to his Microsoft account since they try to force that on fresh startup from the store. And it had bitlocker enabled by default he didn't even know what bitlocker was well sure enough something got messed up on a pushed update and we got stuck in a bitlocker screen i had him login to his microsoft account on my computer Go to https://account.microsoft.com/devices/recoverykey to find the recovery key. Its super dumb and i hate whoever's idea it was to tie online accounts to local devices.
The key is stored on your Microsoft account so you can accès it online so it's technically recoverable. But you have to remember your Microsoft password.
Is enabled by default: good
Forced: bad
Solution: on by default with option to disable
Easy…
Edit: Okay I get it. Idiots will get locked out of their PCs and this makes it harder to recover. You can stop telling me. Thanks
For me, it's less that they enable it by default and more that you can't use 11 if your hardware doesn't support the encryption. 10 had the same encryption as an option, but it didn't require that the hardware could handle it. It's creating a limitation where it didn't need to be made, which is very Apple of them.
And if your pc breaks and someone comes to fix it. Motherboard replacement triggers bit locker. And sooooo many people have no idea wtf it even is or how to find it. Great turn it on, tell people wtf it is or that it even exists for fucks sake.
Is it that much of a stretch to consider that people just genuinely think default on for encryption is a bad idea? As someone that does the tech support for their family and friends, this is a disaster.
So many people are going to forget their passwords and have all their important stuff locked away forever. How many times have I had to mount a hard drive of a broken PC or laptop to rescue someone's holiday photos or whatever...
Full disk encryption is 99.9% of the time just going to permanently separate a user from their data, as opposed to offering any actual security benefit
What thief doing a smash and grab through a car window is going to be sophisticated enough to then harvest your banking info off your laptop instead of just pawning it off immediately
This never actually happened, not from Microsoft. It was one dev with no executive power, who said it one time, and tech media + reddit ran it as gospel.
"windows 10 will be the last windows"
**5 years later**
"Windows 10 should have been the last windows"
Naw windows 11 has been fine for me, but I don't think I entirely like encryption by default. Like if we gotta recover drives then it sounds like a bit more of a pain in the ass.
Until you know that the Option is either turn off in UEFI, or the Shift + F10 menu during the install process. Tell me how many normies will know that.
uploaded to the microsoft account you logged in with, don't the encryption requires a microsoft account to begin with? If you installed w11 while skipping the internet requirement it wouldn't be encrypted to begin with.
To the MS account, but it is worthless without the hardware. Decoding a bitlocker encrypted partition needs the key (either the one stored in the TPM and accessed with the user password, or the recovery key in the MS account) and the physical hardware. So MS having the key is not an issue, as long as you don't send them your computer via mail.
Well, if the average user loses their notebook or has it stolen, all their data is accessible in plain text for everyone to see. Including active browser session IDs. That's a security nightmare.
The MS account is a great tool to regain access if they forget their login credentials, too.
Enabling encryption by default for users who are not tech savvy is an incredibly important step. And the people who know what encryption is and if they need it can just disable it if they don't want it.
Technically yes, they should be slower. However, if Windows is able to use Hardware Acceleration from the CPU (or the chipset, I don’t know if it does that) like with AES256, I don’t think that most user will notice
The hardware acceleration will be on the SSD itself. But you usually need to reformat the entire drive with the manufacturers software to enable this, then reinstall Windows.
Of course, if MS just encrypts your C drive without this step, you'll lose performance as it defaults to software.
This is the procedure for Samsung SSDs: [https://blog.odenthal.cc/how-to-enable-bitlocker-hw-encryption-with-modern-ssds-e-g-samsung-980-pro/](https://blog.odenthal.cc/how-to-enable-bitlocker-hw-encryption-with-modern-ssds-e-g-samsung-980-pro/)
Note: I've actually never got HW encryption/decryption to work, I gave up after reinstalling Windows twice and just don't put anything sensitive on my primary C drive.
I am all for security but the first thing I thought about when I saw this was
"oh god, if my OS becomes corrupted for some reason there is no way I'll ever get anything on that drive back". I know it is sometimes possible decrypt encrypted drives that no longer boot, but it still adds another step and another way things can go wrong.
In my life I've had many OS installs become corrupted, and 0 hard drives stolen...
Linux asks you directly: do you want to encrypt this drive?
Based on my experience with OneDrive I am fully expecting this to be a "you will comply" feature.
I'm team informed consent over here. I deal with end users who normally don't know what they are doing. They often give access to their OS to scammers, at which point Bitlocker doesn't matter anyways. From my perspective, the security benefits are marginal. On the flip side, the negatives are real, and at times, catastrophic.
> Data is more secure
But it's not. The only people I am worried about protecting my data from is Mircosoft. Give it a few years and they will be ransoming my now encrypted data for the price of some paid upgrade.
Since android 10 android phones started comming with encryption by default, iphones before that and apple laptops since apple silicon(maybe before not sure).
Windows computers where the only ones behind the trend, i would like the transparemcy of choice in all the diferent os but honestly ive always found pretty stupid that if you need the files on a windows instalation with password you can just plug the hardrive into another pc and view everything. people got a false sense of security.
And I don't see how having encryption enabled is a good thing for a consumer grade device. It needlessly slows down the device and makes it harder to recover data in case of a hardware failure.
Having no encryption at all was the right call from Microsoft.
The cons are slipping dangerously close to : you don't even own your own computer anymore.
The installation of WIndows 11 on a machine essentially takes over the entire machine all the way down to the silicon on the motherboard. You could swap new drives out. You could wipe drives at the sector level using "Boot-and-nuke" utilities. Do this all day. But a machine that has ever had Windows 11 installed on it any time in the past will have a persistent 'memory' of this occurring locked away into layers of encrypted IC modules.
>Side note: not sure if an encrypted drive is slower to access than a non encrypted one, game loading as an example.
Reading/writing performance is storage related. Encrypting/decrypting performance is cpu related. Your system will be limited by the slower one. In my system for example, the aes-xts with 512b key can encrypt at 3094,5 MiB/s and decrypt at 3114,4 MiB/s. My ssd is not that fast, so using that algorithm I don't notice performance degradation.
Also note that some nvme and sata drives perform encryption / decryption on the controller.
Idk about consumer drives, but for dell business laptops and oem drives from toshiba / kioxia, Samsung, and micron drives, disk encryption have nearly 0 overhead.
Not with bitlocker. It has SEDs disabled since a couple of years due to Microsoft (rightfully) not trusting the completely unreviewed and undocumented encryptions of SSD manufacturers.
There was a talk at I think 35c3 of a security researcher messing with just that. Iirc it took him less than half an hour to crack a hardware encrypted crucial drive and access all data.
You can force bitlocker to use the SSD internal cryptography via group policy, however. It's what I did. Otherwise my 980 Pro drops from 700k to 80k IOPS if the Ryzen 6850U handles encryption. If the SSD itself handles it, 0 penalty.
But wouldn’t it still theoretically be able to affect performance in CPU-intensive applications, if the CPU also has to decrypt files while processing other stuff?
your files are loaded once and then processed by CPU, memory is not encrypted
it will barely impact launch of applications that are stored at system drive, and writing in appdata, that's all
I just think that there must be a reason why they implemented this , so my conclusion was that they found a vulnerability and this was their solution or at least I hope so
As some who's been working in it for 20+ years ,Imma be real, millions of people are about to lose their data cuz they forget their passwords all the damn time.
Your note on the "OS that is already paid for" .... I HATE when they update something and it just absolutely ruins the once great feature. Doesn't happen on PC as much as mobile, but with mobile stuff....jfc. I've had my phone randomly shut off and force update without warning. After that update, the location of my brightness bar has changed.
It's looking like the only way to prevent encryption on new installs is messing with the registry *during* install. That's just ridiculous.
https://www.windowslatest.com/2024/05/08/microsoft-confirms-windows-11-24h2-turns-on-device-encryption-by-default/
Is this just happening now with a new update? God I fucking hate windows 11 that this is even a legitimate question and I'm not sure of the fucking answer.
I can't tell you how many laptops with bitlocker enabled by default as a UN DISCLOSED FEATURE get locked out and returned to stores because a update or something else flopped and caused an error.
And the owner doesn't have a encryption key and gives up the moment anything longer then 2 sentences pops up.
No, you can ask them for a bitlocker recovery key. Then when they assume you're speaking Greek and give you a blank stare, that's when they're cooked :)
A few moths ago, win 11 automatically encrypted new drives I put directly into the computer (not external USB drives). I wanted to disable it, but it wouldn't allow me, because I have the Home version and it doesn't allow you to manage encryption (bitlocker, I believe), unless you buy the Pro licence. It did backup encryption keys to OneDrive, but with no meaningful naming. This sucks! I want to be in control of my drives!
Try looking for "drive encryption" in settings.
The on-by-default encryption is distinct from bitlocker, which is a pro-license-only feature, but the recovery keys are still called bitlocker recovery keys because uh, it's Microsoft and at this point I count myself lucky that they didn't call it Outlook.
not to be fearmongering but it does seems like thats the goal here, i mean is there any other explanation for them to force it like that instead of making it optional?
If it’s not a toggle on setup then they’re trying to force it. If windows really thought “yes let’s make this as optional as possible” they would draw attention to it or have it off by default.
Doesn’t really effect us IT/Tech people but it does effect the majority of users who have no idea. Most people don’t know what encryption is let alone why it could stop them from accessing their data in the future.
So perhaps some clarification is needed here as there are a LOT of comments spreading misinformation.
1. Windows 11 Home version only has bitlocker when sold by OEMs, and only if the OEM has setup encryption flag in the UEFI (so if you're running some custom build where you installed W11 by yourself, you won't be affected unless you've gone out of your way to enable encryption... in which case, you're getting what you wanted?)
2. It will only take affect on new installs/ re-installs of W11. (Upgrading to 24H2 sets the flag to be enabled, but the encryption won't actually take effect until you re-install W11)
3. If you do plan to reinstall windows after installing the 24H2 update, you can turn off the encryption via registry.
So no, you won't wake up one day with your OS drive encrypted out of the blue.
Now I will wait for those incoming downvotes because the facts don't fit the outrage that people want to have so badly.
It is still kind of justified, so many people are going to be stuck with an encrypted drive.
I've got friends that are not exactly tech savvy, but they know their way when reinstalling windows since it is so much easier nowadays.
This. Tried to explain it to an IT company I work for, they still insisted that I have to encrypt OS drive + drive I keep my work files **on my private PC**, because that's company-wide policy and they will enforce it with a VPN...
The security guy literally said there is no point in arguing, because someone could steal the SSD from me and when I made it 100% clear he'd have to rip it apart to pull it out (custom water cooling, M.2 hard to reach) and it'll be easier to take the whole thing - he said the thief would have to know the password to go past the BIOS... like... that's not a thing anymore, thanks to TPM, and I don't use a password to login either.
idk it's kinda weird to allow work files on a private PC to begin with imo, that is strictly not allowed where I work and all our computers have BitLocker enabled
During COVID, some companies tried getting people to use their personal setups because they weren't prepared for everyone going remote. I was pressured by 2 different companies to do so, and I refused both. Had them both provide a workstation for me for specifically OPs situation.
I'm not giving corpo IT access to my private computer, plain and simple.
Don't use your personal computer for company work.. solved it!
By refusing to do so, they'll be wiping their own computer. Fine, whatever. No company I work for will ever get the luxury of that on my personal computer.
If they can't provide you with a computer to do your job, you should prob find a better company to work for.
They do have a valid point though.
Even with TPM, they would need to know your windows password, and if they tried to boot a different OS, it would cause secure boot to change its status making windows bitlocker ask for the recovery key
What does the TPM have to do with BIOS passwords?
Also to be compliant with not just corp policies but also external policies, drive encryption is standard and mandatory in lots of orgs.
Can they just provide you with a corp asset?
/serious
It's about backup, restore, and rescue operations for data.
Lets say you drop your laptop and your machine breaks. Plugging in a USB adapter or monitor isn't working because the OS won't post. The motherboard won't power on.
The traditional and cheap way to save the data is to plug the hard drive into another computer and copy the data. This usually doesn't require special software, aside from what's in Windows or Linux already.
But now, since the drive is encrypted to the TPM chip on the CPU/Motherboard, the only device that can get the data is broken.
For the average home user, this is a big deal. Not being able to recover data cheaply means they will lose the data. Taking it to a data specialist may cost around $3k, and that's not guarenteed to work.
Would this not make it possible for Microshaft to hold your PC for ransom? Eg: _"We've decided to go all-in with a subscription model, if you don't pay us regular instalments of (idk) all the money, you won't be able to access your data."_
Even with the US being way too lax with megacorporations, doing such a thing could be considered data theft/computer tampering. Doing it to the wrong people could be considered a felony or even treason if they do it to politicians/military. Would probably get M$ sent straight to Ohio, don't pass go and don't collect $200.
They can't even legally do that with cloud storage which is your data on **their** hardware. They need to allow you ample time to migrate your data elsewhere before cutting you off even if your subscription lapses. So that's not gonna be an issue without the FCC or something making a Trumpian ruling which would still give everyone a multi month heads up.
Just testing to see how much they can get away with... I fully expect 80% of screen space to be dedicated to ads, subscribe to Microsoft Prime for ad free operating system!
You're joking but I wouldn't put the idea past Microsoft. They'd do it if they thought users would put up with it. So much crap in these new operating systems. People hated W10 when it was released but it's looking pretty good now.
I am only half joking, it will be 10%, then 15% and slowly over time the subscription price will go up along with the amount of screen space dedicated to adds and the usability will continually circle the toilet.
I honestly deal with people who don’t know it or wanted it on a daily basis.
They do not like being told we cannot really get their data back.
I think its a response stupid option to have it enabled by default.
Out of all the reasons to get up in arms about Windows, this isn't it. Blame the lowest common denominators in the population if you want, but Windows had to do it because people cry when their unencrypted data gets stolen.
> but Windows had to do it because people cry when their unencrypted data gets stolen.
And what about when people cry because their encrypted data is irrecoverably lost because they don't know the password to decrypt it?
I have never. Absolutely never in my fucking life heard of thieves breaking into a house, stealing grandmas Gateway 2000 PC tower, bringing it back to the lab, and then rummaging through her grandchildrens graduation pictures looking for.... I don't even know.
The difference is Linux asks you
Would you like to encrypt this drive?
Microsoft does whatever the fuck it wants and then puts advertisements in all the spaces where you used to get work done.
Also LUKS (Linux's encryption) is software only, so if the computer fails you can plug the disk on another computer and just open it.
I've had multiple Windows installs suicide over the years, so I wouldn't trust Windows to keep itself alive. It is essencial to be able to recover data from the drive.
Honestly hate the windows 11 design, my favorite was Windows XP, Windows 7 and 10 was not bad.
Also am hating all the ad's and bloatware that keeps coming up as well as always asking me questions I always say no to, I even toggled the switch off in settings but they still keep asking for Location and do I want to make such and such my default whatever.
Talk about a broken OS, reminds me of Vista of how annoying it is, should have just stayed with windows 10, but only a matter of time till that loses support.
Yeah, I used to have my C drive encrypted ages ago. Then my Windows install got fucked up and refused to work *because the drive was encrypted*. Top 5 "I have to reinstall because of this shit" moments, for sure. (Hilariously, the drive still worked just fine and the data was there, it just didn't want to decrypt itself for some reason)
So the Biggest problem is that most people who this happens to wont even realise. and im guessing windows really doesnt stress how important the bitlocker key is.
But when Win 11 auto installed on my partners laptop and encrypted everything they were completely unaware of it. ...and then it crashed, locked out and all data was inaccessible.
From what I'm seeing lately I think Microsoft is focusing more on security rather than usability or performance.
Windows 11 is trash any ways they are just making it worse.
some of us wont have any problem managing your tpm. ;》lets get games working nativly on linux.. this has always been the solution. these TTPs have been on the horizon for decades. break the monopoly .. -a hacker
Welcome to the PCMR, everyone from the frontpage! Please remember: 1 - You too can be part of the PCMR. It's not about the hardware in your rig, but the software in your heart! Your age, nationality, race, gender, sexuality, religion (or lack of), political affiliation, economic status and PC specs are irrelevant. If you love or want to learn about PCs, you are welcome! 2 - If you don't own a PC because you think it's expensive, know that it is much cheaper than you may think. Check http://www.pcmasterrace.org for our builds and don't be afraid to post here asking for tips and help! 3 - Join our efforts to get as many PCs worldwide to help the folding@home effort, in fighting against Cancer, Alzheimer's, and more: https://pcmasterrace.org/folding 4 - Need PC Hardware? We've joined forces with ASUS ROG for a worldwide giveaway. Get your hands on an RTX 4080 Super GPU, a bundle of TUF Gaming RX 7900 XT and a Ryzen 9 7950X3D, and many ASUS ROG Goodies! To enter, check https://www.reddit.com/r/pcmasterrace/comments/1c5kq51/asus_x_pcmr_gpu_tweak_iii_worldwide_giveaway_win/. There's 4 weeks of challenges, and you can find all the info you need on that thread. ----------- We have a [Daily Simple Questions Megathread](https://www.reddit.com/r/pcmasterrace/search?q=Simple+Questions+Thread+subreddit%3Apcmasterrace+author%3AAutoModerator&restrict_sr=on&sort=new&t=all) if you have any PC related doubt. Asking for help there or creating new posts in our subreddit is welcome.
I just hope this means I'm still able to pull data from families dead PCd with Hirens and the like. I have a bad feeling I won't.
If BitLocker is enabled, you should ask around if anyone knows the BitLocker password. If the answer is no, you'll be absolutely screwed on the next PC failure
As discussed by many others, half the people won't save/keep the copy the computer strictly tells you to print out/save! But I'll keep my fingers crossed for the next one...
bonus points for only saving it on the encrypted drive itself
Even though it explicitly won't let you do that, but what you can do is print it as a PDF and save it that way.
You can also save the restoration key for Bitlocker within your Microsoft account if you really want to.
And half of the people don’t know what Microsoft account they have created for the setup…
Are they forcing Microsoft accounts with Windows 11?
You can create an offline account, but only by not connecting the system to the internet during setup. It'll then fail when trying to create a Microsoft account, and it'll begrudgingly give you the offline option. I have to set up some air gapped PCs from time to time at work and it feels like you're actively fighting with Windows to do something simple like create an offline account. If the users were comfortable with Linux, I'd switch in a heartbeat.
Tried that, but it'll fail the installation now and will refuse to install. *Politely* asking for an internet connection. Perhaps I should try a couple more times during installation.
[удалено]
Also, business/enterprise users will be able to get the bitlocker keys through their domain if necessary, most home end-users will pretty much be fucked
Thats why they tie the keys to your windows account where you can look them up and if you use a local account, they straightup dont do it. Somehow this part keeps being left out in this discussion constantly
Home PCs usually run on Home Edition, they won't be encrypted.
I find a lot of people with it enabled have the key attached to their MS account thanks to the login prompt / account create.
If you can login into their Microsoft account, you can access the bitlocker keys there. I have faced this problem once, and now i don't forget to disable bitlocker before doing a windows installation.
This response really needs to be higher up. For a sub filled with the supposed PC Master Race nobody else knows that all bitlocker recovery keys are added to the MS account associated with the device, maybe some people need to up their game.
Probably because this sub considers using a Microsoft account in conjunction with windows Satan
Gaming PCs does not equal technology guru\\pro.
Whenever I talk in depth about IT issue I get downvoted by wanna be tech. But since they are active in gaming and pc sub they think they know shit. I had someone tell me to teach him about networking cause he learns fast. Like my dude, I have a college degree. I'm not a teacher and not spending my free time teaching a random stranger. But yeah bitlocker is a non issue. You can do some IT magic to bypass it too. I have a pc at work that someone deleted in AD and therefore lost bitlocker password. I need to repair it for it to boot first but I'm recovering it next Friday. It stopped booting 2 days ago.
Techies could really use another COFFEE leak.
Shout out for Backblze, 100 bucks a year, unlimited backup of your PC with 1 year version history. Saved my ass a few times, for 100 bucks a year, worth it.
Ngl if I’m dead and my family looked through my pc I’ll be dead twice.
Homework.rar 11.7 GB
rookie numbers
TBs
they say you die twice once with your last breath and a final time when your mom/wife finds your gay donkey porn fetish
I mean, I meant the PC not the person was dead, but I'll promise not to trawl a dead man's PC
The Bitlocker recovery key can be found in the person's Microsoft account online. Try forgetting and resetting, finding it written down, or guessing the password. I did this for a client last month. Took about 2 hours of calling around and going through older papers but it worked.
Unfortunately you won't be able to recover anything from a BitLocker encrypted drive without the not publicly available knowledge and hardware that's required to bypass BitLocker encryption. Methods that were discovered and made public were done so for research and penetration testing purposes so they were patched before ever actually being announced. BitLocker encryption can 'technically be brute forced', however obscene amounts of compute power are required to crack a key in any amount of time that would be considered worth it which makes brute force attacks a pretty moot approach unless an individual or organization has enterprise / workstation class AI accelerated GPU's available to them. A legitimate way around this would be in the event of a death where the now deceased had a Microsoft Account linked to the PC and you were able to prove to Microsoft that the account holder has indeed passed away and you're either a relative or someone who is legally allowed to take over ownership of the account for sentimental or archival purposes then the recovery key required to unlock the drive can be obtained from signing into the Microsoft Account in question once Microsoft gives you ownership.
> A legitimate way around this would be in the event of a death where the now deceased had a Microsoft Account linked to the PC and you were able to prove to Microsoft that the account holder has indeed passed away and you're either a relative or someone who is legally allowed to take over ownership of the account for sentimental or archival purposes then the recovery key required to unlock the drive can be obtained from signing into the Microsoft Account in question once Microsoft gives you ownership. Ah, so you just need a few forged documents, and then you can use this 'legitimate' approach.
I'm unsure what the exact requirements for documentation are to provide proof of relativity to the original account holder as well as a transfer of ownership. I'd imagine in the event the aforementioned scenario became a reality that you would need more than just the notorized death certificate itself but I'm just speculating based off of examples of what some other companies have done for relatives of a deceased account holder on their platforms in the past. Microsoft could very well just function like Apple though and have a policy stating that under absolutely no circumstances will they relinquish ownership or the data of an account to anyone whether the original account owner is deceased or not. Obviously the only way to confirm what their particular policy is would be to contact them directly and inquire about what could be done, if anything, in that particular scenario.
If you can forge convincing enough documents, getting into someone's PC is generally a moot point. I'm sure people will point out exceptions, but it's very rare something is only on a local drive that couldn't be socially engineered with forged documents of the quality you're describing.
I just learned today that's a no. Tried to pre-emptively back up a hard drive with bitlocker using Clonezilla. It treats it as a full block of data.
One of like, the top three uses of TPM is specifically disallowing you to yank a drive out of a computer and get the data off it. Much more than a feeling!
Of course you won't
The answer is, no. Unless you have a recovery key, there is 0 ways you are getting into a bitlocked drive. Like, literally impossible. The only reasonable way to get into one would probably be quantum computing? And I don't think you're a multi-billionaire.
But why keep all data on the local drive when OneDrive prices are so affordable? / As
Personally divided on this. Plus side: Data is more secure even for those who are less tech savvy especially on new installs. Cons: is a forced action which frankly should never be compulsory on an end user (non enterprise) OS that is already paid for. Along those lines, unless the user is guided through the setup of it, data loss is an extremely high outcome. Side note: not sure if an encrypted drive is slower to access than a non encrypted one, game loading as an example.
>Data is more secure even for those who are less tech savvy especially on new installs I could imagine my mom's computer failing in some way, requiring to take the SSD/HDD out, only to find out the data was encrypted by BitLocker. “Mom, do you remember your key?” “What? Which key?”. It's always an issue, for example, when giving her a new phone or device, since she keeps forgetting passwords and codes.
I'm betting Microsoft won't even tell the user their key and quietly save it in their one drive account or motherboard memory or something
They do not... it just encrypts the drive without even telling you.
This has been standard practice for microsoft accounts tied to computers it seems. Had a buddy that had a surface 3 years ago with windows 10 he obviously tied the device to his Microsoft account since they try to force that on fresh startup from the store. And it had bitlocker enabled by default he didn't even know what bitlocker was well sure enough something got messed up on a pushed update and we got stuck in a bitlocker screen i had him login to his microsoft account on my computer Go to https://account.microsoft.com/devices/recoverykey to find the recovery key. Its super dumb and i hate whoever's idea it was to tie online accounts to local devices.
That's exactly what they do
The key is stored on your Microsoft account so you can accès it online so it's technically recoverable. But you have to remember your Microsoft password.
Bitlocker also locks itself if you boot a different device.
Is enabled by default: good Forced: bad Solution: on by default with option to disable Easy… Edit: Okay I get it. Idiots will get locked out of their PCs and this makes it harder to recover. You can stop telling me. Thanks
That's what it is.
Oh, well then why is everyone acting like it’s forced? Guess I fell for a troll post then. Oh well.
For me, it's less that they enable it by default and more that you can't use 11 if your hardware doesn't support the encryption. 10 had the same encryption as an option, but it didn't require that the hardware could handle it. It's creating a limitation where it didn't need to be made, which is very Apple of them.
Yeah my system just doenst cut it sooooo. I love my games and I'll figure out windows 11 when I build again.... later.
You can omit TPM2 and EFI/Secure Boot requirements from the Windows 11 ISO when you create a boot drive with Rufus.
Man I love Rufus. Such a useful damn tool
Because it’s being enabled automatically without any message to the user
And if your pc breaks and someone comes to fix it. Motherboard replacement triggers bit locker. And sooooo many people have no idea wtf it even is or how to find it. Great turn it on, tell people wtf it is or that it even exists for fucks sake.
Even just trying a Linux USB will trigger it Ask me how I know…
People are reactionary and looking for any reason to hate W11.
Is it that much of a stretch to consider that people just genuinely think default on for encryption is a bad idea? As someone that does the tech support for their family and friends, this is a disaster. So many people are going to forget their passwords and have all their important stuff locked away forever. How many times have I had to mount a hard drive of a broken PC or laptop to rescue someone's holiday photos or whatever...
Full disk encryption is 99.9% of the time just going to permanently separate a user from their data, as opposed to offering any actual security benefit What thief doing a smash and grab through a car window is going to be sophisticated enough to then harvest your banking info off your laptop instead of just pawning it off immediately
Exactly. What is all this fucking hard drive security for Grandmas wedding pictures?
And I just hate change, so I'm happy with my Windows 10.
At least you're honest.
I like change. I hate changing Windows versions until it's necessary. I've been down that road too many times. I'll let everyone else test it for me.
I bought a laptop with windows 11 and barely use it because I hate the UI. Now it streams 4k live concerts to my theater and doubles as a paperweight.
You can install W10 on it ya know?
[Open-shell-menu](https://github.com/Open-Shell/Open-Shell-Menu) will bring back the classic UI
A friend described windows 11 as “quirky” and I think that’s the worst thing a piece of software can be.
They said it would be the last version... Liars...
This never actually happened, not from Microsoft. It was one dev with no executive power, who said it one time, and tech media + reddit ran it as gospel.
My brother or sister in christ, "Windows 10 should be the last Windows release." -Windows circa 2015 Believe the prophecy...
"windows 10 will be the last windows" **5 years later** "Windows 10 should have been the last windows" Naw windows 11 has been fine for me, but I don't think I entirely like encryption by default. Like if we gotta recover drives then it sounds like a bit more of a pain in the ass.
If works well, why I change it? Happy cake day! 🍰
Thanks! Feel free to take a piece!
Oh, thanks 🤠
Is there a message to old users that it is enabled by deafault and you can turn it off ?
This is terrible for the average end user jsyk
It is only forced on uninformed users that will seek help from those of us who know about the new "feature".
Because it's on by default, does not tell you, and then people forget their Microsoft account password.
Posting complaints about Windows 11 stuff instead of just turning off what you don't like is the cool thing to do right now.
Which is ironic considering there are many *valid* things to complain about (settings spread out, right click menu, ads, etc.), so why make stuff up?
Until you know that the Option is either turn off in UEFI, or the Shift + F10 menu during the install process. Tell me how many normies will know that.
Does it tell you that or let you decide during the installation process? If not, then it's forced.
[удалено]
Not really because people don’t know it’s enabled and most won’t even know it’s a thing
Enabled by default is not good tho
Bad all around. Realistically the only time that encryption will do anything is when i need to pull the drive and recover my data.
Yeah, it makes sense in a corporate setting where someone stealing a drive might be a real risk; not so much in a home setting.
That sounds like commie-penguin talk to me.
Isn't one problem that the encryption key is tied to your account and uploaded to who knows where?
uploaded to the microsoft account you logged in with, don't the encryption requires a microsoft account to begin with? If you installed w11 while skipping the internet requirement it wouldn't be encrypted to begin with.
To the MS account, but it is worthless without the hardware. Decoding a bitlocker encrypted partition needs the key (either the one stored in the TPM and accessed with the user password, or the recovery key in the MS account) and the physical hardware. So MS having the key is not an issue, as long as you don't send them your computer via mail.
“Who knows where” aka your Microsoft account. Not having an online backup would be a disaster for most end users.
Maybe those most end user wouldn't need an encryption or a ms user account in the first place. Worked well from dos to win 10
Well, if the average user loses their notebook or has it stolen, all their data is accessible in plain text for everyone to see. Including active browser session IDs. That's a security nightmare. The MS account is a great tool to regain access if they forget their login credentials, too. Enabling encryption by default for users who are not tech savvy is an incredibly important step. And the people who know what encryption is and if they need it can just disable it if they don't want it.
Technically yes, they should be slower. However, if Windows is able to use Hardware Acceleration from the CPU (or the chipset, I don’t know if it does that) like with AES256, I don’t think that most user will notice
The hardware acceleration will be on the SSD itself. But you usually need to reformat the entire drive with the manufacturers software to enable this, then reinstall Windows. Of course, if MS just encrypts your C drive without this step, you'll lose performance as it defaults to software. This is the procedure for Samsung SSDs: [https://blog.odenthal.cc/how-to-enable-bitlocker-hw-encryption-with-modern-ssds-e-g-samsung-980-pro/](https://blog.odenthal.cc/how-to-enable-bitlocker-hw-encryption-with-modern-ssds-e-g-samsung-980-pro/) Note: I've actually never got HW encryption/decryption to work, I gave up after reinstalling Windows twice and just don't put anything sensitive on my primary C drive.
I am all for security but the first thing I thought about when I saw this was "oh god, if my OS becomes corrupted for some reason there is no way I'll ever get anything on that drive back". I know it is sometimes possible decrypt encrypted drives that no longer boot, but it still adds another step and another way things can go wrong. In my life I've had many OS installs become corrupted, and 0 hard drives stolen... Linux asks you directly: do you want to encrypt this drive? Based on my experience with OneDrive I am fully expecting this to be a "you will comply" feature.
I'm team informed consent over here. I deal with end users who normally don't know what they are doing. They often give access to their OS to scammers, at which point Bitlocker doesn't matter anyways. From my perspective, the security benefits are marginal. On the flip side, the negatives are real, and at times, catastrophic.
On Linux disk encryption via LUKS is negligible hit on read/write speeds per benchmarking.
It sucks to be end user
> Data is more secure But it's not. The only people I am worried about protecting my data from is Mircosoft. Give it a few years and they will be ransoming my now encrypted data for the price of some paid upgrade.
Since android 10 android phones started comming with encryption by default, iphones before that and apple laptops since apple silicon(maybe before not sure). Windows computers where the only ones behind the trend, i would like the transparemcy of choice in all the diferent os but honestly ive always found pretty stupid that if you need the files on a windows instalation with password you can just plug the hardrive into another pc and view everything. people got a false sense of security.
And I don't see how having encryption enabled is a good thing for a consumer grade device. It needlessly slows down the device and makes it harder to recover data in case of a hardware failure. Having no encryption at all was the right call from Microsoft.
The cons are slipping dangerously close to : you don't even own your own computer anymore. The installation of WIndows 11 on a machine essentially takes over the entire machine all the way down to the silicon on the motherboard. You could swap new drives out. You could wipe drives at the sector level using "Boot-and-nuke" utilities. Do this all day. But a machine that has ever had Windows 11 installed on it any time in the past will have a persistent 'memory' of this occurring locked away into layers of encrypted IC modules.
>Side note: not sure if an encrypted drive is slower to access than a non encrypted one, game loading as an example. Reading/writing performance is storage related. Encrypting/decrypting performance is cpu related. Your system will be limited by the slower one. In my system for example, the aes-xts with 512b key can encrypt at 3094,5 MiB/s and decrypt at 3114,4 MiB/s. My ssd is not that fast, so using that algorithm I don't notice performance degradation.
Also note that some nvme and sata drives perform encryption / decryption on the controller. Idk about consumer drives, but for dell business laptops and oem drives from toshiba / kioxia, Samsung, and micron drives, disk encryption have nearly 0 overhead.
Not with bitlocker. It has SEDs disabled since a couple of years due to Microsoft (rightfully) not trusting the completely unreviewed and undocumented encryptions of SSD manufacturers. There was a talk at I think 35c3 of a security researcher messing with just that. Iirc it took him less than half an hour to crack a hardware encrypted crucial drive and access all data. You can force bitlocker to use the SSD internal cryptography via group policy, however. It's what I did. Otherwise my 980 Pro drops from 700k to 80k IOPS if the Ryzen 6850U handles encryption. If the SSD itself handles it, 0 penalty.
But wouldn’t it still theoretically be able to affect performance in CPU-intensive applications, if the CPU also has to decrypt files while processing other stuff?
your files are loaded once and then processed by CPU, memory is not encrypted it will barely impact launch of applications that are stored at system drive, and writing in appdata, that's all
I just think that there must be a reason why they implemented this , so my conclusion was that they found a vulnerability and this was their solution or at least I hope so
Not every hard drive needs encrypting, not every website needs ssl Google, eff off.
As some who's been working in it for 20+ years ,Imma be real, millions of people are about to lose their data cuz they forget their passwords all the damn time.
Your note on the "OS that is already paid for" .... I HATE when they update something and it just absolutely ruins the once great feature. Doesn't happen on PC as much as mobile, but with mobile stuff....jfc. I've had my phone randomly shut off and force update without warning. After that update, the location of my brightness bar has changed.
It should be the users choice at setup or installation to have it encrypted.
It's looking like the only way to prevent encryption on new installs is messing with the registry *during* install. That's just ridiculous. https://www.windowslatest.com/2024/05/08/microsoft-confirms-windows-11-24h2-turns-on-device-encryption-by-default/
Is this just happening now with a new update? God I fucking hate windows 11 that this is even a legitimate question and I'm not sure of the fucking answer.
I can hear this picture.
"smells like bitch in here"
I can't tell you how many laptops with bitlocker enabled by default as a UN DISCLOSED FEATURE get locked out and returned to stores because a update or something else flopped and caused an error. And the owner doesn't have a encryption key and gives up the moment anything longer then 2 sentences pops up.
So next time someone in my fam asks me to see if I can get stuff off their drive its cooked?
No, you can ask them for a bitlocker recovery key. Then when they assume you're speaking Greek and give you a blank stare, that's when they're cooked :)
A few moths ago, win 11 automatically encrypted new drives I put directly into the computer (not external USB drives). I wanted to disable it, but it wouldn't allow me, because I have the Home version and it doesn't allow you to manage encryption (bitlocker, I believe), unless you buy the Pro licence. It did backup encryption keys to OneDrive, but with no meaningful naming. This sucks! I want to be in control of my drives!
YOU WILL CONSUME AND YOU WILL LIKE IT FOR YOU HAVE NO ALTERNATIVE
Try looking for "drive encryption" in settings. The on-by-default encryption is distinct from bitlocker, which is a pro-license-only feature, but the recovery keys are still called bitlocker recovery keys because uh, it's Microsoft and at this point I count myself lucky that they didn't call it Outlook.
It's so they can ransomware you later. YOU WILL UPGRADE!
Pretty much. They just created an entire market for backup software and a "need" for OneDrive. Or Acronis or other software.
not to be fearmongering but it does seems like thats the goal here, i mean is there any other explanation for them to force it like that instead of making it optional?
... it is optional but on by default
Which is different from what it was 6 months ago. Optional, but off by default.
yeah idk no point in being naive about it:; it's definitely going to keep getting worse until they go too far
If it’s not a toggle on setup then they’re trying to force it. If windows really thought “yes let’s make this as optional as possible” they would draw attention to it or have it off by default. Doesn’t really effect us IT/Tech people but it does effect the majority of users who have no idea. Most people don’t know what encryption is let alone why it could stop them from accessing their data in the future.
"For your safety"
Watch this 15 second mandatory advertisement while Windows decrypts your hard drive
Disable TPM in your bios and they cannot upgrade you.
So perhaps some clarification is needed here as there are a LOT of comments spreading misinformation. 1. Windows 11 Home version only has bitlocker when sold by OEMs, and only if the OEM has setup encryption flag in the UEFI (so if you're running some custom build where you installed W11 by yourself, you won't be affected unless you've gone out of your way to enable encryption... in which case, you're getting what you wanted?) 2. It will only take affect on new installs/ re-installs of W11. (Upgrading to 24H2 sets the flag to be enabled, but the encryption won't actually take effect until you re-install W11) 3. If you do plan to reinstall windows after installing the 24H2 update, you can turn off the encryption via registry. So no, you won't wake up one day with your OS drive encrypted out of the blue. Now I will wait for those incoming downvotes because the facts don't fit the outrage that people want to have so badly.
This is good knowledge. Look silly with that outrage comment
It is still kind of justified, so many people are going to be stuck with an encrypted drive. I've got friends that are not exactly tech savvy, but they know their way when reinstalling windows since it is so much easier nowadays.
Don't phoned have encryption on by default ? Why is it such a bad thing if it becomes the norm on pcs too ?
Phones are much more likely to be stolen than a desktop PC.
This. Tried to explain it to an IT company I work for, they still insisted that I have to encrypt OS drive + drive I keep my work files **on my private PC**, because that's company-wide policy and they will enforce it with a VPN... The security guy literally said there is no point in arguing, because someone could steal the SSD from me and when I made it 100% clear he'd have to rip it apart to pull it out (custom water cooling, M.2 hard to reach) and it'll be easier to take the whole thing - he said the thief would have to know the password to go past the BIOS... like... that's not a thing anymore, thanks to TPM, and I don't use a password to login either.
idk it's kinda weird to allow work files on a private PC to begin with imo, that is strictly not allowed where I work and all our computers have BitLocker enabled
During COVID, some companies tried getting people to use their personal setups because they weren't prepared for everyone going remote. I was pressured by 2 different companies to do so, and I refused both. Had them both provide a workstation for me for specifically OPs situation. I'm not giving corpo IT access to my private computer, plain and simple.
Don't use your personal computer for company work.. solved it! By refusing to do so, they'll be wiping their own computer. Fine, whatever. No company I work for will ever get the luxury of that on my personal computer. If they can't provide you with a computer to do your job, you should prob find a better company to work for.
They do have a valid point though. Even with TPM, they would need to know your windows password, and if they tried to boot a different OS, it would cause secure boot to change its status making windows bitlocker ask for the recovery key
What does the TPM have to do with BIOS passwords? Also to be compliant with not just corp policies but also external policies, drive encryption is standard and mandatory in lots of orgs. Can they just provide you with a corp asset?
Sure, but Windows also runs on laptops.
/serious It's about backup, restore, and rescue operations for data. Lets say you drop your laptop and your machine breaks. Plugging in a USB adapter or monitor isn't working because the OS won't post. The motherboard won't power on. The traditional and cheap way to save the data is to plug the hard drive into another computer and copy the data. This usually doesn't require special software, aside from what's in Windows or Linux already. But now, since the drive is encrypted to the TPM chip on the CPU/Motherboard, the only device that can get the data is broken. For the average home user, this is a big deal. Not being able to recover data cheaply means they will lose the data. Taking it to a data specialist may cost around $3k, and that's not guarenteed to work.
Also, encryption slows down a computer. Some people want speed, not security. Specifically, gamers and large data editors.
The difference is your phone doesn’t have removable drives that you can transfer to another phone
Phone is a controlled hell device aimed to control and pacify you, computers are at least still tools for work, learning and fun. For now.
[удалено]
Common windows L
Why does Microsoft behaving like a ransomeware not surprise me?
manage-bde c: -off
Recently my friend's laptop was encrypted for some reason without his approval. Any way to decrypt?
Refusing to update from windows 10 winning again 🥳 Honestly if it still worked for modern games I'd be running XP 😅
Jokes on them, I disabled Trusted Platform Module in my Bios so you cannot upgrade me to Windows 11.
Me still using Win 10:
Me using friggin Linux:
Me using both:
Windows 11 mentioned, I'll grab some popcorn
Would this not make it possible for Microshaft to hold your PC for ransom? Eg: _"We've decided to go all-in with a subscription model, if you don't pay us regular instalments of (idk) all the money, you won't be able to access your data."_
Even with the US being way too lax with megacorporations, doing such a thing could be considered data theft/computer tampering. Doing it to the wrong people could be considered a felony or even treason if they do it to politicians/military. Would probably get M$ sent straight to Ohio, don't pass go and don't collect $200.
They can't even legally do that with cloud storage which is your data on **their** hardware. They need to allow you ample time to migrate your data elsewhere before cutting you off even if your subscription lapses. So that's not gonna be an issue without the FCC or something making a Trumpian ruling which would still give everyone a multi month heads up.
Yeah, I'll be sticking with W10 for now. Looks like W11 has a lot of issues and there's ads everywhere? No thank you.
Just testing to see how much they can get away with... I fully expect 80% of screen space to be dedicated to ads, subscribe to Microsoft Prime for ad free operating system!
You're joking but I wouldn't put the idea past Microsoft. They'd do it if they thought users would put up with it. So much crap in these new operating systems. People hated W10 when it was released but it's looking pretty good now.
I am only half joking, it will be 10%, then 15% and slowly over time the subscription price will go up along with the amount of screen space dedicated to adds and the usability will continually circle the toilet.
Fuck W11. It continues to do everything I don't want.
meanwhile I'm chilling with 7 and 10 on dual boot, ha ha!
If you know what BitLocker is then you know how to install it. If you don't know then you don't need it Another stupid decision from Microsoft
Talking a pensioner through getting their bitlocker recovery key on their phone is not an easy process :( www.onedrive.com/recoverykey
I honestly deal with people who don’t know it or wanted it on a daily basis. They do not like being told we cannot really get their data back. I think its a response stupid option to have it enabled by default.
yeah you ain't catching me installing this garbage os id sooner learn Linux
[удалено]
Maybe my data dont need protection, maybe i just dont want to. No excuse to force it, Bill can always ask the user or give him an option.
You are of course aware of the fact that you can just disable it....
It's enabled by default, not forced.
So we're gonna protect it even from yourself.
Home version of Win11 saves your decryption key in your MS account. There is no other way other than finding the obscure way to decrypt your drive.
Out of all the reasons to get up in arms about Windows, this isn't it. Blame the lowest common denominators in the population if you want, but Windows had to do it because people cry when their unencrypted data gets stolen.
> but Windows had to do it because people cry when their unencrypted data gets stolen. And what about when people cry because their encrypted data is irrecoverably lost because they don't know the password to decrypt it?
I have never. Absolutely never in my fucking life heard of thieves breaking into a house, stealing grandmas Gateway 2000 PC tower, bringing it back to the lab, and then rummaging through her grandchildrens graduation pictures looking for.... I don't even know.
Context?
Computer doing shit without you explicitly telling it to MALWARE!
Linux looking good right about now
I mean my Linux install drive is encrypted lol
The difference is Linux asks you Would you like to encrypt this drive? Microsoft does whatever the fuck it wants and then puts advertisements in all the spaces where you used to get work done.
Also LUKS (Linux's encryption) is software only, so if the computer fails you can plug the disk on another computer and just open it. I've had multiple Windows installs suicide over the years, so I wouldn't trust Windows to keep itself alive. It is essencial to be able to recover data from the drive.
Honestly hate the windows 11 design, my favorite was Windows XP, Windows 7 and 10 was not bad. Also am hating all the ad's and bloatware that keeps coming up as well as always asking me questions I always say no to, I even toggled the switch off in settings but they still keep asking for Location and do I want to make such and such my default whatever. Talk about a broken OS, reminds me of Vista of how annoying it is, should have just stayed with windows 10, but only a matter of time till that loses support.
Yeah, I used to have my C drive encrypted ages ago. Then my Windows install got fucked up and refused to work *because the drive was encrypted*. Top 5 "I have to reinstall because of this shit" moments, for sure. (Hilariously, the drive still worked just fine and the data was there, it just didn't want to decrypt itself for some reason)
Encryption? Yes. Strongly encouraging to use encryption? Also yes. Forcing encryption? No.
So the Biggest problem is that most people who this happens to wont even realise. and im guessing windows really doesnt stress how important the bitlocker key is. But when Win 11 auto installed on my partners laptop and encrypted everything they were completely unaware of it. ...and then it crashed, locked out and all data was inaccessible.
Legit ransomware.
I haven't tears laughing at this. I couldn't put my finger on it but windows 11 is a f****** bully
From what I'm seeing lately I think Microsoft is focusing more on security rather than usability or performance. Windows 11 is trash any ways they are just making it worse.
As a Windows 10 user, the more I hear about Windows 11, the more I think about switching to Linux.
Switch to Linux. Come on do it.
some of us wont have any problem managing your tpm. ;》lets get games working nativly on linux.. this has always been the solution. these TTPs have been on the horizon for decades. break the monopoly .. -a hacker