Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.

Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.

Control Panel > System Security > Bitlocker Encryption.

BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.

  • Godort@lemm.ee
    42·
    11 hours ago

    Not that it helps now, but you can also dump your bitlocker recovery key through powershell and save it independently.

    (Get-BitLockerVolume -MountPoint “C”).KeyProtector

    • yesman@lemmy.worldOP
      233·
      11 hours ago

      The control panel dialogue allows you to do this as well. Control Panel > system security > Bitlocker encryption. But it also has the superior option which is to turn it off.

      I didn’t loose any data BTW. I had my M$ account info, and a backup besides.

      • dan@upvote.au
        131·
        10 hours ago

        But it also has the superior option which is to turn it off.

        Why would you not want to encrypt your files? My Linux systems are encrypted too.

          • dan@upvote.au
            22·
            7 hours ago

            I know, I just meant why would someone willingly disable Bitlocker?

        • kablammy@sh.itjust.works
          11·
          6 hours ago

          Years ago I thought I was being smart encrypting my home dir on my Linux server. I found out the hard way this prevents remote login over ssh using public key encryption, as the .ssh dir is in the home dir, which is encrypted unless you are already logged in at the time! So every time I wanted to ssh in, I had to plug in a monitor and log in on the console first.

        • yesman@lemmy.worldOP
          64·
          10 hours ago

          Why would you not want to encrypt your files?

          Bitlocker is only as secure as Microsoft is. If someone hacks your account, they’ve got your keys. And Micosoft stores that key in plain text.

          • dan@upvote.au
            31·
            8 hours ago

            It sounds like you’re complaining about both approaches.

            If Microsoft doesn’t have the key: You can’t recover your files if you lose it.

            If Microsoft does have the key: An attacker could get in and take it (unlikely if you have two factor auth though).

            And Micosoft stores that key in plain text.

            How do you know this, though? It could be encrypted using your account password as a key or seed.

      • JasonDJ@lemmy.zip
        71·
        10 hours ago

        Disk encryption should absolutely be used, especially on laptops/portable systems.

        Otherwise someone steals your laptop and swaps the disk into another system and they’ve got all your stuff. Including that folder that nobody knows about.