July 8, 2021

Question about BitLocker Drive Encryption

In the past I used VeraCrypt. When I booted the work laptop, it required the password to decrypt the drive and boot.

Now I have BitLocker / Win 10 and the weird thing is it doesn’t require a password.

So by the time the computer has booted, the drive is likely decrypted and filesystem accessible internally. I’m using the usual password/pin/fingerprint methods to log in. The same applies to all company laptops, we only use laptops and there are a few.

Some are taken on the road just like mine. Others left at firm but hey, a theft is always possible despite alarms etc.

Is there something I need to do to increase security with BitLocker? I don’t mind entering yet a password if that is needed.

Attack scenario – laptop is lost and someone would be able to access company data if the drive is already decrypted and data might be accessible through hardware methods – connecting to it internally or anything in the line.

Note, it’s a modern laptop 11 Gen Intel if anything in the boot sequence /security matters as hardware.

TIA for any advice!

Comments

Cypher_Blue

If your computer has a TPM, then the TPM is taking on the role of entering that key for you when you boot up.

If you pull the HDD out of the computer and try to access it outside the TPM, then it prompts for the bitlocker password or recovery key.

So, right now, if someone steals your laptop, they will need to EITHER break the bitlocker encryption to access the data externally, OR break your windows password to access the data through the UI.

So if you have a secure Windows password, you should be fine.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.