cackles maniacally in Linux user who is a technician who bills labor to fix Windows
Called it. Enabling bitlocker by default for all Win11 users was going to bite them in the ass.
The protection of FDE is the carrot they give to get you to enable TPM 2.0. The stick is the remote attestation which can be used for nefarious purposes like DRM and other types of denial/system lockdown at Microsoft’s discretion.
It’s true it’s hard to motivate people into taking a better security posture for themselves but forcing them like this doesn’t come from a good and sincere place.
“Protection” that require you to create an account and have the key auto-uploaded to their servers before the encryption is active. Not even a secret, they literall tell you they will upload your key. Lol
Especially given how easy it is to bypass Bitlocker anyway: https://youtu.be/Cc6vrQSVMII
This 49 minute video ends with the presenter saying that fixes for what they demonstrated were shipped in July’s patch Tuesday
The recommended mitigation is the use of TPM and a PIN, which is going to apply to any machine where the user went “with the flow” during Windows 11’s OOBE
Thanks for this, I accidentally locked my wife’s tablet when I was testing if Linux would run on it from USB drive. Came back to win 11 and it was bitlocked, with no codes in her Microsoft account and no idea where else to find them. Hopefully I can study this and figure out a way to bypass it
Awww, Windows. You can mitigate that by using a PIN on bitlocker drive. Possibly.
Edit: also more secure with security keys: https://www.yubico.com/works-with-yubikey/catalog/secure-disk-for-bitlocker/
Other penguin should be Microsoft.
Ah, Windows 10, my beloved, look how your younger brother is acting a fool
Beloved is a strong word. Tolerated maybe.
This happened to my grandma’s laptop in September. Thankfully I was there and could fix it before she even had to deal with it, but…. Jfc microsoft
