Hi /r/cybersecurity,

Please help me understand the differences between the two. Trying to justify the trade-off between security and usability to myself before going to management with my recommendation.

Both scenarios assume secured BIOS configurations to eliminate physical threats. User Accounts are AAD managed with lockout after X unsuccessful login attempts. There may be sensitive or confidential assets that may be placed on these devices.

Scenario 1: Bitlocker FDE with Preboot Auth. User enters pin to unlock the OS. After drive is unlocked, user is presented with sign-in splash.

Scenario 2: Bitlocker FDE without Preboot Auth. User does not enter pin and loads OS automatically when booted. User is presented with sign-in splash.

What threats should I be concerned about in Scenario 2 that Scenario 1 protects against?

Many thanks in advance.

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.