Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.

Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.

Control Panel > System Security > Bitlocker Encryption.

BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.

    • starman2112@sh.itjust.works
      28·
      10 days ago

      Yeah, that is lie 48 characters that we’d had to pass by phone and they have to type it flawlessly.

      Wouldn’t be so bad if everyone knew their Alpha Bravo Charlies

      My one talent: alpha bravo charlie delta echo foxtrot golf hotel India Juliet kilo Lima mike November Oscar papa Quebec Romeo Sierra tango uniform Victor whiskey x-ray Yankee Zulu, typed using voice to text

      • ferngully@lemmy.world
        10·
        10 days ago

        You have a point. But Bitlocker recovery keys are all numeric. Really not all that hard to translate over the phone. Typically a secure email is what we use to deliver since 99% of employees also have email on their mobile devices.

          • ferngully@lemmy.world
            1·
            9 days ago

            Haha. You aren’t wrong. But just rotate the key after. Also, there are plenty of secure delivery methods and encrypted delivery options.

      • Empricorn@feddit.nlEnglish
        4·
        10 days ago

        Alpha bravo charlie Delta echo foxtrot golf hotel Juliet Lima kilo Manhattan November Ovaltine Papa Quebec Romeo Sierra Tatooine uniform Victor wet ass pussy x-ray yokai Zelda

        I’m a little fuzzy on some of them…

    • lud@lemm.ee
      7·
      10 days ago

      apparently it’ll pwrma lock itself after x amounts of invalid passwords which is just incredibly stupid. But don’t worry, there is a backup key! Yeah, that is lie

      If you only used TPM for bitlocker with no pre-boot authentication or something similar, it’s possible that you had the “MaxDevicePasswordFailedAttempts” policy configured. Apparently that is configured by default if you use the security baseline.

      IMO it makes a lot of sense to lockdown and require bitlocker recovery if there has been a few failed attempts.

      We use bitlocker on probably over 1000 devices I don’t believe we had any substantial issues with it. Of course users occasionally get locked out, but that should be planned for and a process should be in place to help them.

      I suggest deploying windows hello or smart cards to reduce the dependency on passwords. Window hello for business is especially great since it’s free, secure and way easier and faster for users to use, especially if your devices have fingerprint readers or face recognition. I wish Linux and MacOS had anything as useful as Windows Hello.

      • Lv_InSaNe_vL@lemmy.world
        2·
        10 days ago

        Yeah I’m with you. I also manage about 800 devices at my current role and I’ve never had any major issues with BitLocker.

        I’m tempted to think they’re just lying but that’s a little mean. Maybe they just didn’t know? I don’t know but BitLocker is not the problem here.