Why I (No Longer) Avoid BitLocker
Vložit
- čas přidán 2. 06. 2024
- ➕ BitLocker is fine encryption if you avoid encrypting yourself into a corner. The problem is that it's too easy for the average user to skip steps that could result in data loss.
➕ Using Bitlocker safely
To encrypt your drive with BitLocker safely, right click the drive in Windows File Explorer and click on Turn on BitLocker. Save the recovery key as part of the setup process. Do not skip this step, or you may lose access to your data. Then back up your data as well.
Updates, related links, and more discussion: askleo.com/17437
🔔 Subscribe to the Ask Leo! CZcams channel for more tech videos & answers: go.askleo.com/ytsub
✅ Watch next ▶ Find Your Lost Bitlocker Recovery Key in Your Microsoft Account ▶ • Find Your Lost Bitlock...
Chapters
0:00 No Longer Avoid BitLocker
0:20 Encrypt yourself into a corner
1:00 Using Bitlocker safely
2:00 Back up your recovery key
4:20 A second opportunity to backup your key
4:20 Bitsocker enabled by default
5:00 Check if you have your recovery key
5:40 How you can get locked out
7:20 How to recover
8:00 Proper backups can protect you
9:24 Alternatives
❤️ My best articles: go.askleo.com/best
❤️ My Most Important Article: go.askleo.com/number1
More Ask Leo!
☑️ askleo.com to get your questions answered
☑️ newsletter.askleo.com to subscribe to the Confident Computing newsletter.
☑️ askleo.com/patron to help support Ask Leo!
☑️ askleo.com/all-the-different-... for even more!
#askleo #bitlocker #encryption - Věda a technologie
Another situation of Bit Locker not allowing access to the encrypted drive on boot up is a BIOS upgrade of a new machine by the manufacture after the Bit Locker encryption took place. The TPM (Trusted Platform Module) stores the Bit Locker key configuration of the encrypted drive.
it's a separate chip on the motherboard. Though the TPM 2.0 standard allows manufacturers like Intel or AMD to build the TPM capability into their chipsets rather than requiring a separate chip. If the data on the TPM (e.g. a bios upgrade) does not match the key data on the encrypted drive, you better have your Bit Locker key handy or you're screwed.
Thank you for this video! I've also always avoided BitLocker like the plague, not trusting that Microsoft wouldn't mess something up, lose my key, and leave me whistling in the dark to get my data back. Not happy that now they're trying to force BitLocker encryption on all Windows systems, which just seems unnecessarily stupid for anything other than easily stolen laptops.
Don't just save your Bitlocker keys on a thumb drive. *PRINT* your keys and include comments about what each key is for. Store the paperwork securely.
Printed, on a mobile device, and saved to usb ideally
Hi Leo.. I almost decided to turn on Bitlocker… then learned of the issue with SSD drive slowdowns with Windows 11. I’d love to hear your take on this problem?
I've used Bitlocker for several years now. Works great!
Works great.... until you have issues.
@@monza8844 Like everything else...ever. Like I said, several years and no issues. To me, that's working great.
@0:20 "...in every edition of Windows, other than Home."
The "Home" addition does have BitLocker (in a way). It is not enabled. If you were to enter a "Pro" license key, BitLocker would become enabled, and nothing BitLocker related gets installed (it was already there).
Windows does this with other tools, such as Remote Desktop.
Only Pro and above can act as the server. But Home versions of Windows can start the Remote Desktop client and connect to a Windows machine running the Server end of Remote Desktop.
Back to BitLocker...
If someone hands you a USB drive that is BitLocker encrypted, your Home version will be able to decrypt it, the same as Pro.
Update: 2024: Windows 11 Home version will now automatically enable bitlocker on internal drives if you log into a microsoft account on a modern device. Ref: czcams.com/video/qnqnIuGEnH0/video.html I can personally confirm this, as I bought a windows surface pro 8 last year with Windows Home and bitlocker is turned on on C: drive. Whats bad, is I didnt know it was on, but got lucky and noticed and have now made a backup of my c drive recovery key
I would do all three. Save to Microsoft account if you have one in use. Save the file to an external drive, and make sure it's backed up to several other drives as USB or SD cards or whatever are cheap. And 3rd, print out a few copies to keep a copy and maybe give a copy to a relative or keep in your car or something.
When someones steals my computer tpm+pin is there an way to decrypt it? Or is it 100% safe? I mean no one can bruteforce an long pin
According to TomsHardware, BitLocker slows down SSD by up to 45%.
Any chance you can provide a link? I'd love to confirm that. Fascinating if true, I was under the impression performance impact was negligible.
One thing I recently encountered on a bit-locked drive, I couldn't clone it. Only after turning off bitlocker could I clone drive (Win10).
logic if you try clone with windows
@@electrocat9 Not cloning with windows, using Acronis or AOMEi (Windows versions though..)
i saved the code for my combination lock on my computer before loading a corrupted world and i had bitlocker enabled and now I can’t open the combination lock
Leo the warning came too late to save me from Bitlocker being on by default. Encrypted into a corner describes it well. I ended up in frustration wiping everything and re-installing. I have Bitlocker turned off since then. This seems to me best described as a malicious booby trap in Windows waiting to ensnare the unwitting like me. Why is it on by default?
"For your protection" I would assume. It's totally safe AS LONG AS you back up the recovery key.
@@askleonotenboom This is not true. If you use Bitlocker and update your drivers, and then the computer won't boot, Bitlocker won't save you either. You should NEVER use Bitlocker under any circumstances. It is a bomb which can and will go off, destroying your data and hard drive. I know. I've dealt with this many times with clients who accidentally turned it on when they bought the computer, not knowing any better. Some day though, we find out that they didn't save the key, and they did somehow get themselves into a mess. Bitlocker is a horrible thing. Don't do it. Learn how to remove it so ignorant users don't accidentally screw themselves up. What an awful thing Microsoft has done here. If you need encryption, why is that? Find some other way, don't allow Microsoft to turn on anything that you are not sure of. They will screw you, for sure. Dang, Stop this, Microsoft. We don't want you to make something that people can accidentally enable and destroy their ability to get back into their computer and data.
Hi, Does Macrium back up the data unencrypted? I am 99% sure that it does but want to ask you to be 100%. Thank You! 🤔
It does by default. You can password protect a backup, which encrypts it.
Question: does veracrypt need to be installed on a computer in order to make a veracrypt encrypted file accesable? Thanks for the video
I believe so, yes.
@@askleonotenboom o.k. Thanks again.
Thanks, I've been thinking about trying Bitlocker for some time, this helps alleviate some of my trepidation!
I'm pleased to learn that it has alleviated your trepidation. However, it has increased mine.
If you make an image backup of a Bitlocker encripted drive; if you have to boot from it, can you? or do you need the recovery key?
Generally you cannot boot from image backups - you need to restore them first. As to whether or not the key is needed depends on exactly how the backup was created and what tool was used.
Saving a single copy of all your important data. To a boot drive. For long term storage. A horrible idea.
Your OS drive. Should never be a permanent long term storage unit.
What happens if the owner of the computer is not tech-savvy, has never saved the recovery key, and now she is unable to log into the computer?
That's a perfect example of Bitlocker doing it's job. If it were that easy to recover, then it would be pointless to use any encryption.
@@frankdaeran352 My question is not if it is easy to recover; my question is, is it possible to recover without wiping out the disk?
Is bitlocker about physical theft of drives only? If there is no threat of that can it be disabled?
Mostly physical theft or access yes. I consider it important for mobile computers, and optional for desktop/stationary depending on their environment.
What are you talking about. I've been using bitlocker encrypted drive after new windows setup and on other computer
I believe you can buy SSD drives that are self incrypting, i.e. hardware encrypting. So may be a better way of doing it than via software. I have used Veracrypt a few times in the past when I went on vacation and brought my laptop with me. Though in that instance, I also loaded a new install of the OS on a spare drive and only loaded files that I may have needed access to while on vacation instead of using my main drive at the time that was loaded with all of my docs/pics, etc. Just in case it got stolen.
For the only time, find myself out of my depth with one of your admirable videos. It doesn't help that you begin with using BL before you've checked whether or not it has already been set by Microsoft and there is some sort of Key or password - confusing - to be found somewhere. (For information, I'd already tried another video and had to give up.) I'll have to persist somehow to protect myself against BL already running in situ, or suddenly find myself like the very unfortunate "spambedam" below.
Further to my comments two days ago, I've followed the video's advice to see if BL is on or not. But my Win 11 laptop, fully up to date, as of 17.11.23 / 11.17.23, displays neither "Manage BL" nor the ability to turn off BL (if "on"!) under Show More Options. Perhaps it's "off" and therefore no mention of BL is necessary?
Is your file data available if you share to another person or device?
I'd need more specifics. Of course something you share with someone else makes that available to them, so I'm certain I'm not understanding the question.
BitLocker Encryption is not listed in Control Panel on Windows 11 Home Edition, Leo. What should i do now?
It's only available on pro edition.
Thank you for letting me know
that the BitLocker Encryption is
available on Windows Pro Edition.
And here I struggle with eh idea that I even need to have a Microsoft account...
I admit I did not finish the video as the first half had nothing new or helpful. Its simply reading the bitlocker instructions...
im on windows 10 home so i dont have or use that
Same 😂
Never had to use it , i do not store photos etc , i use it as a gaming machine nothing more nothing less , if i want to use it for bank etc i use another pc that no one can use , but i have just noticed a bios flash update for the motherboard needs bitlocker turned on , that is not what i am happy about , It should be of choice to use it or not and not forced to use it .
So it looks like i will buy a fresh drive specifically for it .
I eccounter big problem because of it 😢
@@paijokotak6996 what encounter would that be ?
I must have a boring life I can't think of a reason I need this.
That is exactly the wrong thought process. If you keep information. Important to anything thief. It needs to be protected.
It's default on mobile devices and should be default on any desktops or laptops. There's no noticeable performance impact. My applications and games run smooth as before.@@jamesedwards3923
I avoid BitLocker totally. And also Windows.
After decades of Microsoft, starting before MS Windows, I got fed up with it, and moved from Windows to Linux Mint 26 months ago. Don't miss Windows at all, and am not going back.
Windows Shows Us How NOT To Encrypt Our Drives
czcams.com/video/JIia8Hj_3tE/video.html
Bit locker encryption sounds like a great option yet it's another poor Microsoft implementation. It's basically an inconvenience for someone that wants to get your data off of your Windows computer.
If you forget your PIN, a lot of times there is a link that will have Microsoft send a recovery code to your phone. (That's pretty damn insecure).
There are also multiple attacks known against the TPM directly which can obtain your encrypted data.
There are multiple other ways that an attacker can obtain your "encrypted" data in bitlocker.
Obviously, if you are using Windows, security is not your top concern, but be aware.
Again that is the point. You don't want your drive easily accessible. Either pin code or recovery key. If you lose both, then that's your fault.
Bitlocker is to prevent on site data stealing while the drive is locked. It doesn't do anything to prevent hacking because the Bitlocker is unlocked when you sign in obviously.
There is no TPM hack for CPU integrated TPM. That trick only worked for dedicated TPM modules by jumping it with a tool.
I will never buy Windows computer again, moving to Mac, less hassle
The following error is preventing bitlocker: failed to open the bitlocker control panel tool: error code 0x80004005
How do I fix this?