2 minutes reading time (410 words)

BitLocker data encryption may be happening without your knowledge

BitLocker data encryption may be happening without your knowledge, that means that your automaticity getting extra security from Microsoft without any effort required on your part, but also a caution...

When you add an home user account to a new Windows PC as part of the initialisation (as Microsoft now requires) Microsoft can/will/may auto-encrypt the hard drive with windows BitLocker. It does this without asking or telling you. It associates the long encryption key with your Microsoft account (normally a or account) and stores the encryption key under your account on the web.
The reason that they do this is to make your PC more secure so if the hard drive is removed from the PC or laptop it can't be just plugged into another PC and have data read. While this is good in theory, forcing data encryption on unwitting home or small business users without asking or telling them I don't feel is a good policy. In an enterprise IT environment significant planning and testing would be implemented before even considering(!) encrypting the data. Having data is no use whatsoever if you can't access it.
There are a few things that can go wrong, under certain circumstances you PC may prompt for the key before stating Windows and if you don't have it your never (never ever, EVER) getting your 30 years worth of data back. Here are some examples:

  • Sometimes Microsoft just doesn't store the key (yes, I have seen it!)
  • A random Microsoft account may be used to setup the PC (for example a service providers account) then a local or domain accounts may be use from that point onward, in 5 years' time you may not know which Microsoft account was used or have access to it to find the key.
  • What if you get hacked and locked out of your Microsoft account?

So what should you do? That's difficult, I'm not going to 'recommend' that you deliberately use 'less security' than you could but here are some thoughts.

  • At least now you know, you've been warned
  • Consider going on to and printing out your BitLocker key and putting it in a safe place
  • BACKUP ALL YOUR DATA periodically to an independent medium or location

A PC that just sits in a factory, contains no data and/or just connects to a remote desktop session does NOT need BitLocker turned on its an unnecessary overhead.

Eset has released a short security Ebook
Email scam, don't click


Already Registered? Login Here
No comments made yet. Be the first to submit a comment


digitalwelcomemat now has a blog!

Subscribe for the news as it happens, call me for support on 0404 493 770 or access my remote support solution here:

Digitalwelcomemat provides IT consultancy and services for business customers on the NSW Central Coast in Australia.




Give me a call: 0404 493770

Go to top