Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.

Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.

Control Panel > System Security > Bitlocker Encryption.

BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.

  • Phoenixz@lemmy.ca
    link
    fedilink
    arrow-up
    61
    arrow-down
    5
    ·
    6 months ago

    Meanwhile in Linux with luls, which I’ve had since a pre-pre-pre version somewhere back in the early 2000’s, I can have multiple keys, all works like sunshine, never had problems.

    On windows… So we work with highly sensitive data, and ever since I came in I thought it insane that people working remote don’t have that highly sensitive data encrypted. We can’t switch Linux yet, so okay, we go for BitLocker.

    Boy oh boy oh boy was that a mistake.

    50 remote users, 5 get encrypted devices with BitLocker as a trial and within a month, 3 of them already got locked up permanently because apparently it’ll pwrma lock itself after x amounts of invalid passwords which is just incredibly stupid. But don’t worry, there is a backup key! Yeah, that is lie 48 characters that we’d had to pass by phone and they have to type it flawlessly.

    Suffice to say, the remote users will be running Linux soon, like it or not.

    • starman2112@sh.itjust.works
      link
      fedilink
      arrow-up
      30
      arrow-down
      2
      ·
      6 months ago

      Yeah, that is lie 48 characters that we’d had to pass by phone and they have to type it flawlessly.

      Wouldn’t be so bad if everyone knew their Alpha Bravo Charlies

      My one talent: alpha bravo charlie delta echo foxtrot golf hotel India Juliet kilo Lima mike November Oscar papa Quebec Romeo Sierra tango uniform Victor whiskey x-ray Yankee Zulu, typed using voice to text

      • ferngully@lemmy.world
        link
        fedilink
        arrow-up
        10
        arrow-down
        2
        ·
        6 months ago

        You have a point. But Bitlocker recovery keys are all numeric. Really not all that hard to translate over the phone. Typically a secure email is what we use to deliver since 99% of employees also have email on their mobile devices.

          • ferngully@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            Haha. You aren’t wrong. But just rotate the key after. Also, there are plenty of secure delivery methods and encrypted delivery options.

      • Empricorn@feddit.nl
        link
        fedilink
        English
        arrow-up
        4
        ·
        6 months ago

        Alpha bravo charlie Delta echo foxtrot golf hotel Juliet Lima kilo Manhattan November Ovaltine Papa Quebec Romeo Sierra Tatooine uniform Victor wet ass pussy x-ray yokai Zelda

        I’m a little fuzzy on some of them…

      • Lv_InSaNe_vL@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        6 months ago

        Yeah I’m with you. I also manage about 800 devices at my current role and I’ve never had any major issues with BitLocker.

        I’m tempted to think they’re just lying but that’s a little mean. Maybe they just didn’t know? I don’t know but BitLocker is not the problem here.

      • Phoenixz@lemmy.ca
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        I suggest we move all our machines over to Linux, which is the actual plan. Fuck everything about windows

        Also, permanently locking a device after x failed attempts is just plain silly, security wise. You know I can take that drive out and just try to brute force it a million times per second without that silly rule being in my way, right? It’s an anti security pattern similar to requiring password changes every week, it’s a bad idea.