Microsoft is enabling BitLocker device encryption by default on Windows 11 - eviltoast
  • nomad@infosec.pub
    link
    fedilink
    arrow-up
    22
    arrow-down
    1
    ·
    3 months ago

    Why? Because local data recovery will be that much harder, forcing people into online backups with Microsoft

  • JackbyDev@programming.dev
    link
    fedilink
    arrow-up
    15
    ·
    3 months ago

    OneDrive mysteriously moving and deleting your data without permission. BitLocker encrypting it without permission. What’s next?

  • edgemaster72@lemmy.world
    link
    fedilink
    arrow-up
    15
    ·
    3 months ago

    You can avoid device encryption by using a local account.

    But aren’t they also trying to do away with local accounts?

  • henfredemars@infosec.pub
    link
    fedilink
    arrow-up
    13
    ·
    3 months ago

    Device encryption is designed to improve the security of Windows machines by automatically enabling BitLocker encryption on the Windows install drive and backing up the recovery key to a Microsoft account or Entra ID.

    Once again, Microsoft is missing the importance of consent both in forcing the encryption and in not giving users a choice in who holds the keys to your data.

  • sylver_dragon@lemmy.world
    link
    fedilink
    arrow-up
    12
    ·
    3 months ago

    This is going to suck for a lot of people. I’m all for encryption. If any of the laptops, in the business I work for, lack encryption, I’m going to throw a fit. But, for home use the situation is not the same. I’d argue that the risk of device theft leading to critical data compromise is pretty low and the risk of the user needing someone to perform offline data recovery for that user is much higher. And the number of users who will actually have the key saved in a location they can get to it, and provide to the data recovery tech, can probably be counted without taking off my shoes.

    This is dumb. It’s yet another case of Microsoft picking a default for users which helps Microsoft but isn’t good for users.

    • cm0002@lemmy.world
      link
      fedilink
      arrow-up
      8
      ·
      3 months ago

      Not even fucking Apple, the so called “privacy company”, enables FDE by default.

      This is going to lose so many non-techie people’s data it’s not even funny. Now what used to be a 15 minute job to help mom/grandma after they forgot their password again to “recover” their photos is going to be impossible

      They’re not going to write down the recovery key, they’re not even going to know what it is or the importance of it.