Bitlocker Security Questions


newmann

Well-known member
VIP
Local time
9:30 AM
Posts
352
OS
Windows 11 Pro
I have windows 11 pro. I have bitlocker enabled last time with my local account. The moment I turn on my laptop, I have to enter my bitlocker pin. Then after that, I have to enter my local account password. My questions are



1. Assuming someone has access to my laptop when it isn't powered on... they need to know both my bitlocker pin and local password to get into my laptop right? Or if they get access to my bitlocker recovery key?



2. Assuming someone knows my bitlocker pin and enter it. Then they have to enter the local account password but does not know it. Can they access my account or not? I know back then with old windows 7, you if forgot your password, you could easily reset it. But this is completely different if you have bitlocker enabled right? But if someone has access to your laptop for a long time and knows your bitlocker pin but do not know your local account password, could they somehow brute force it or that isn't possible? They would take out your hard drive and plug it into their machine which would have the brute force machine/program or that isn't how it would work? Now if they don't even know your bitlocker pin... would it be impossible for them to brute force both the bitlocker pin and local account password or it is possible?



3. I turn on my laptop. Then enter my bitlocker pin. Then enter my local password to my account. Then I want to go outside for a bit not turn off my laptop as I will be planning to back soon. I then lock my laptop. When you do that, you are on this screen where when you press anything you need to enter your local account password to get in. If someone has access to my laptop when it is locked... can they get access to my laptop or not? Is locking my computer the same as the 2nd situation above where you just enter your bitlocker pin at startup but don't type in your local account password? Same thing right?



4. I heard of people putting malware/virus on people's computer if they can have access to your laptop for just 1 minute. Saw video where if you are at a local coffeeshop and are away from your computer for just a minute, someone could plug a usb drive with malware in it and then take it out and now you have malware. Now if you lock your computer while you are not there... are you still protected from any usb malware?



5. Same situation as above. But they have access to your laptop but do not know your bitlocker pin or local account password. Someone turning on your laptop but on bitlocker pin screen just plugging in a usb malware to your usb port does nothing right? It can't infect the usb ports on your laptop unless they access your computer?
 

My Computer

System One

  • OS
    Windows 11 Pro
1. Assuming someone has access to my laptop when it isn't powered on... they need to know both my bitlocker pin and local password to get into my laptop right? Or if they get access to my bitlocker recovery key?

Correct they'd need to know both password and BitLocker key.

2. Assuming someone knows my bitlocker pin and enter it. Then they have to enter the local account password but does not know it.

Again, they'd need to know both.

At the end of the day no matter how you cut it the person with the machine needs to know both password and BitLocker key. Period.

That said, and assuming you're talking about the OS drive that's using BitLocker, I'm baffled why you need to input the BitLocker key every time you log into the PC as that should be automatically unlock the drive during the login process. Something is odd there.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
Someone suggested a bios password. Thoughts on that? But if you don't do that, is it still safe though?


Like if I want to go outside for a short while and leave my laptop turned on... I lock it. So you have to enter the windows password in order to get in. If someone has access to this laptop for as long as possible while it is in the lock state... can they brute force it or not? I assume not because this would require them to power off the laptop and then take the hard drive and put it in their computer? So now they also need to enter the bitlocker pin? Many people keep saying bitlocker key... I am mainly talking about the bitlocker pin more so here.


If someone has access to my laptop and it is turned off but has the bitlocker recovery key... that is the same as knowing my bitlocker pin and my windows password to get access to my computer right?


But can someone put malware with a usb on my laptop though if my laptop is turned on and locked? Example imagine i am in cafe and leave my laptop there but lock it. If someone has access for a minute to it... can they put a usb in my usb port and put malware in it? I saw a video about this where someone can put malware on your laptop if you are gone for 1 minute. But if your laptop is locked... can they compromise your laptop? What if your laptop isn't turned on and they turn it on but don't know the bitlocker pin at startup and can't even get by that? Would a malware with usb flash drive infect the computer? Then after that... they turn off laptop. Then wait till someone use the computer again and now they can detect keystrokes and everything or that wouldn't work if the laptop isn't in the account?'


What do you mean you need to input the bitlocker key each time to unlock it during the login process? Everytime I turn on laptop, I have to enter my bitlocker pin... not the key. When you say bitlocker key, I am thinking about the bitlocker recovery key... which are you referring to here? The bitlocker recovery key or bitlocker pin? If you mean have it automatically unlock... then how is there any security? So you are saying you turn on laptop and the only thing you would need to enter is your windows password? If so, that would only be 1 barrier of security compared to 2. I am confused with what you mean here.
 

My Computer

System One

  • OS
    Windows 11 Pro
 

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
 

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
I think the OP is looking for someone to explain what they ought to be researching themselves given all the questions.

Additionally, the OP seems to have ignored my post as they're basically asking the same question I answered. There is no easy one sentence answer where BitLocker is concerned, sometimes you have to do the work yourself to find the answers you seek.

Additionally, a question was asked which was also completely ignored further indicating the OP is looking for a one-sentence fix all answer.

Good luck.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
@hdmi,

You don't need to "hack" BitLocker if you actually are using it correctly. Correctly as in following instructions and knowing what you're using before using it.

I'm using BitLocker on both my OS drive and Backup drive, and have been using it for ages, and never needed to "hack" anything!!! Nor do I have to input a BitLocker password of BitLocker Key every time I log into the PC. The drives are simply automatically unlocked upon login.

 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
@hdmi,

You don't need to "hack" BitLocker if you actually are using it correctly.
A lot of computer forensics experts need to hack BitLocker all the time. Which a lot of them can. And do.
, and never needed to "hack" anything!!!
I suppose you aren't a computer forensics expert then. LMAO
Nor do I have to input a BitLocker password of BitLocker Key every time I log into the PC. The drives are simply automatically unlocked upon login.
This can be configured like Kapil Arya has shown in the 1st vid that I linked. Watch, and learn.
 

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
A lot of computer forensics experts need to hack BitLocker all the time. Which a lot of them can. And do.
When in doubt run the standard "it can be hacked" line :cautious:

A lot of people's houses get broken into. Doesn't mean we should stop using locks!!! Anything can be hacked. Doesn't mean people should stop taking security measures.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
You can hack bitlocker? I never heard of that.


The thing is if I leave my laptop shut down... I know if someone has access to my laptop for as long as possible... they can't access my files unless they have my bitlocker pin and windows password or the bitlocker recovery key itself. So if they don't have access to those things, then my laptop files are safe right? Could a person brute force my hard drive and brute force the bitlocker pin and windows password if they have as much time as possible?


Well the thing is few times when I go outside, I might be out for few hours or less. I want to come back and continue to use my laptop as is without having to shut it down and power it on when I come back. So my question was... is it safe just locking it? If you do that... the person need your windows password only compared to bitlocker pin and the windows password. But is that good enough or not.


If you do not have a bios password and just bitlocker pin and windows password... can someone put malware in your laptop with a usb if they have your laptop but it isn't turned on?


If you do not have a bios password and just bitlocker pin and windows password but your laptop is in the lock screen... can someone put malware in your laptop usb flash drive. Example you are in a coffee shop and go do something for a minute but lock it. Can someone next to you connect a usb flash drive with malware and infect your computer in a minute or this isn't possible because it is locked. That is the important question here.
 

My Computer

System One

  • OS
    Windows 11 Pro
You can hack bitlocker? I never heard of that.
It's the nay-sayers who try to opine its child's play to hack BitLocker.

Yes, anything is hackable. No, it isn't as simple as some would have you believe. You have a better chance of winning a billion-dollar lottery twice in a row, before successfully hacking into BitLocker. And those with the capabilities to do it aren't wasting their time on small fry home users ;-)

Don't believe the hype, it's fear mongering ;-)
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
A lot of people's houses get broken into. Doesn't mean we should stop using locks!!! Anything can be hacked. Doesn't mean people should stop taking security measures.
The 1st video I linked in this thread explains how locks can also be added (with BitLocker) to separate drives [that are not the same drive as the OS drive that can also be encrypted with BitLocker], and how the automatic unlocking works in that regard when you log into your user account in Windows, how it also is possible for this automatic unlocking to be configured in settings. I have said nothing about whether it makes sense to use (a) lock(s), so not sure what's your point about that. My only point is that talk about locks is pretty useless if you don't know anything much about the various settings that can be associated with locks. The 2nd video I linked in this thread demonstrates why that is. My security advice to anyone starting to learn how security works is to unlock a few brain cells. It's not rocket science, but that doesn't mean that there can be no caveats. There are. It's Microsoft I mean. What else did people truly expect? :think:
 

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
@hdmi,

You don't need to "hack" BitLocker if you actually are using it correctly. Correctly as in following instructions and knowing what you're using before using it.
I suppose you aren't a computer forensics expert then. LMAO

I guess you feel it a requirement you be a "computer forensics expert" just to use BitLocker :cautious:
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
I guess you feel it a requirement you be a "computer forensics expert" just to use BitLocker :cautious:
No, I don't. As a matter of fact, just about anyone who uses the Home edition of Windows 11 can use it too, even though it also is true that the Pro edition (and all the other editions) of Windows 11 adds a more extensive featureset to it. All you really need is to understand the basics of how it works. And to know how to avoid setting it up wrong. Another caveat that is often overlooked is that using various software to access the data [that is automatically decrypted/encrypted by BitLocker on demand each time when this data gets read/written by software] can cause one or more copies of unencrypted data to end up getting stored in an unencrypted format, or plainsight format on a separate [non OS] drive when this separate drive is not protected by BitLocker nor is protected by any mechanism that is similar to BitLocker. Either the user needs to be aware of how all the software in question behaves in this regard (which most average users definitely are not) or the user needs to also protect all the other drives that will also be accessible by this software [besides the protected OS drive]. And/or restrict write access on unprotected drives if necessary, at least until all processes that can read/write sensitive data are terminated (and locked)─and all sensitive data has been fully erased from memory.

In a nutshell, protecting all the other drives also in addition to protecting the OS drive is an easy task with BitLocker, but you'd be surprised to find out how many people skip that extra step, just like you'd also be surprised to find out how much data gets bled onto separate drives by popular software. Not a problem if you are aware of what are the exact consequences of that, at least not if you use a proper strategy that holds these consequences adequately into account, and, therein lies the biggest problem, as most users lack the knowledge/experience when it comes to understanding the adequacy part of that equation.
 

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
No, I don't. As a matter of fact, just about anyone who uses the Home edition of Windows 11 can use it too, even though it also is true that the Pro edition (and all the other editions) of Windows 11 adds a more extensive featureset to it. All you really need is to understand the basics of how it works. And to know how to avoid setting it up wrong. Another caveat that is often overlooked is that using various software to access the data [that is automatically decrypted/encrypted by BitLocker on demand each time when this data gets read/written by software] can cause one or more copies of unencrypted data to end up getting stored in an unencrypted format, or plainsight format on a separate [non OS] drive when this separate drive is not protected by BitLocker nor is protected by any mechanism that is similar to BitLocker. Either the user needs to be aware of how all the software in question behaves in this regard (which most average users definitely are not) or the user needs to also protect all the other drives that will also be accessible by this software [besides the protected OS drive]. And/or restrict write access on unprotected drives if necessary, at least until all processes that can read/write sensitive data are terminated (and locked)─and all sensitive data has been fully erased from memory.

In a nutshell, protecting all the other drives also in addition to protecting the OS drive is an easy task with BitLocker, but you'd be surprised to find out how many people skip that extra step, just like you'd also be surprised to find out how much data gets bled onto separate drives by popular software. Not a problem if you are aware of what are the exact consequences of that, at least not if you use a proper strategy that holds these consequences adequately into account, and, therein lies the biggest problem, as most users lack the knowledge/experience when it comes to understanding the adequacy part of that equation.
Home device encryption requires a TPM and modern standby - so not "just about everyone" - in fact only a minority.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
Microsoft FAQ link:

Can I use BitLocker on an operating system drive without a TPM?​

Yes, BitLocker can be enabled on an operating system drive without a TPM version 1.2 or higher,
if the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment.

BitLocker won't unlock the protected drive until BitLocker's own volume master key is first released
by either the computer's TPM or by a USB flash drive containing the BitLocker startup key for that computer.

However, computers without TPMs won't be able to use the system integrity verification that BitLocker can also provide.

To help determine whether a computer can read from a USB device during the boot process, use the
BitLocker system check as part of the BitLocker setup process.

This system check performs tests to confirm that the computer can properly read from the USB devices
at the appropriate time and that the computer meets other BitLocker requirements.


 

My Computer

System One

  • OS
    Windows 10
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
    Motherboard
    Product : 190A Version : KBC Version 94.56
    Memory
    16 GB Total: Manufacturer : Samsung MemoryType : DDR3 FormFactor : SODIMM Capacity : 8GB Speed : 1600
    Graphics Card(s)
    NVIDIA Quadro K3100M; Intel(R) HD Graphics 4600
    Sound Card
    IDT High Definition Audio CODEC; PNP Device ID HDAUDIO\FUNC_01&VEN_111D&DEV_76E0
    Hard Drives
    Model Hitachi HTS727575A9E364
    Antivirus
    Microsoft Defender
    Other Info
    Mobile Workstation
Home device encryption requires a TPM and modern standby - so not "just about everyone" - in fact only a minority.
TPM 2.0 is required to run Windows 11 anyway in the first place. Sure, you can still bypass this requirement, but then, just about anyone who uses Windows 11 already has TPM 2.0 simply because the vast majority of Windows 11 users aren't even aware that it's possible to be bypassed. As for Modern Standby, AFAIK it isn't required to be able to use Device Encryption on Windows 11 Home. Device Encryption will be enabled (during OOBE) by default on systems that support Modern Standby. I am running Windows 11 Home, but I have disabled support for Modern Standby with this elevated command:
reg add HKLM\System\CurrentControlSet\Control\Power /v PlatformAoAcOverride /t REG_DWORD /d 0
...and rebooted for this registry change to take effect. Next, I am still able to run this elevated command:
manage-bde -status
...and can see my volumes appear under Disk volumes that can be protected with BitLocker Drive Encryption. I turned Device Encryption off before I disabled Modern Standby, though, and I haven't toyed with Device Encryption ever since. So I haven't done any tests to find out whether Modern Standby is an actual requirement or not. But AFAIK the docs from Microsoft don't explicitly state that it is. Either way, I don't think that the vast majority of Windows 11 Home users are running it on the type of older hardware that cannot support Modern Standby. They're using it mainly because it is what came bundled with their newly bought PC or else they're still on Windows 10. Mostly.
 

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
The bitlocker protector or protectors you setup are to protect the master key (what is used to decrypted the drive) only. Your local account password is how you authenticate your identity. If someone can gain access to the master key (which is loaded into the system memory) while the system is in use (this can be carved out of memory and stolen). If someone possesses the master key they could decrypt the drive offline and then reset the local password stored in the SAM database with Lazsoft or Hiren Offline NTFS password tool.

You don't need a bitlocker pin as it doesn't really add that much extra security. Pin + local passwords are both (Something you know) forms of authentication, instead you may want to look at MFA aka 2FA by setting up another form.
TPM protector is a good option.

As some others have stated bitlocker can be hacked. The most notible example was a security research was able to read the master key with an oscilloscope directly from the TPM pins. The reason this was successful is due to the fact that Windows reads the master key in plain-text (meaning it is not encrypted on the wire). Obviously the skills required to pull this off are not trivial so the chance of this time of attack are low.

To the comment about a firmware password these are not very useful and can easily be reset. There are some firmware/hardware technologies that are much more difficult to bypass but are often only found in some business grade computer models but are likely overkill.
 

My Computer

System One

  • OS
    Windows 11
Home device encryption requires a TPM and modern standby - so not "just about everyone" - in fact only a minority.
Microsoft FAQ link:

Can I use BitLocker on an operating system drive without a TPM?​

Yes, BitLocker can be enabled on an operating system drive without a TPM version 1.2 or higher,
if the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment.

Yes, per Microsoft, you CAN in fact use BitLocker without TPM. Yes, there are some caveats, but the bottom line is BitLocker can be used without TPM.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
Back
Top Bottom