you need an active online account and the key will be saved online
Is there a legit reason for this? Why can’t they just encrypt the data with the password used to access the online account?
polle@feddit.org 5 days ago
I read the article but am not smarter than before. I heard some time ago that windows does encrypt the drive but you need an active online account and the key will be saved online. So do people forget their online passwords and methods to recover that said account? I dont like m$ and am using linux, but people loosing their passwords, being uninformed about their systems and dont so backups is not the direct fault of the operating system.
pressanykeynow@lemmy.world 5 days ago
calcopiritus@lemmy.world 4 days ago
Because then you can’t change your password. Since you would have to decrypt all the hard drives that use windows with that account, and then encrypt them again with the new one.
This also means that if you forget your password you are fucked.
michaelmrose@lemmy.world 4 days ago
Typically an actual key is effectively just a very long pseaudorandom binary blob and the passphrase is just used to unlock the actual key. This means you can add a new key just by encrypting the actual key with the new passphrase
taladar@sh.itjust.works 4 days ago
Typically that is also the way you can use multiple accounts to unlock the same hard drive encryption. You just encrypt the actual key with each of the account passwords.
habitualcynic@lemmy.world 5 days ago
I helped my sister deal with this. Bitlocker activated itself, the keys were in her account which she had access to. She had done everything properly but nothing worked to resolve it.
There’s countless forum posts on it since about 2021 if you go looking for it. None of the recovery processes worked so I reformatted and enabled bitlocker at the start. Next time I visit, she’s getting Linux Mint.
Fuck Microsoft. End users shouldn’t be expected to troubleshoot like that.
michaelmrose@lemmy.world 4 days ago
Setting up encryption has previously been an affirmative step wherein the user opted into being unable to access their data if they lose their password. Because of this users have the opportunity to back up their recovery key you know after they even learn what one is.
Having it happen on upgrade to an existing machine is inherently confusing and its easy to see how it could lead to data loss.
Killer@lemmy.world 5 days ago
Bitlocker can be turned on without having an account on device iirc.
StuffYouFear@lemmy.world 5 days ago
Correct, can be turned on and it will provide you the key to be saved as a file if I recall
LoveSausage@discuss.tchncs.de 5 days ago
Just did a fresh win 11 install . In order to update bios before installing Linux. Refused to let me install without wifi but a quick googling and a command prompt later it was possible to work around easily
InnerScientist@lemmy.world 4 days ago
It seems like they just got locked out of their Microsoft account (which stores the bitlocker key). Idk why they can’t just reset their password or if this article talks about the times where people couldn’t do that due to missing email access or maybe resetting the password deletes the bitlocker keys?
Either way though, the problem is that Microsoft is forcing encryption on everyone and not properly educating them on the consequences like “Backup your decryption key if you care about the data” in a way a normal user actually listens to.