Viewing a single comment thread. View all comments

Smith6612 t1_j9ynp52 wrote

They only encrypt the internal hard drive by default. Anything more requires paying for Windows Pro editions. At the point of auto encryption, it should only be a matter of them remembering the password to their Microsoft account.

That part I know can be challenging for many. They forget they even had an account!

6

epic_null t1_j9yp4rv wrote

The internal hard drive is what I have popped out of the system and put into a case for data recovery.

And if you can't decrypt an external without a pro account, that makes the problem WORSE not BETTER.

2

epic_null t1_j9yp7yh wrote

Oh yeah and because of pins, the chances of forgetting your windows account is HIGHER.

Because you aren't USING it.

5

Smith6612 t1_j9yyamw wrote

Yep you're not wrong. I've had a few of those come through where people ask me to clear the password from a computer they haven't used for months and forgot, only for me to find it's tied to a Microsoft account. I simply tell them they can go to <insert link here> to reset their password. Usually when I say that, it becomes dead air / Deer in headlights look, and they just seem to not want to reset their Microsoft account password. Maybe Microsoft could make it more obvious, or challenge people weekly for the password in order to sign in. I can remove the Microsoft account link, of course. It's just a big pain to do.

And yeah, for data recovery on a drive, have to get into the Microsoft account to retrieve the key. Return to above where the user forgot their credentials. Of course Microsoft doesn't tell people to back up their key before they encrypt the drive automatically so, yep.

3

epic_null t1_j9yz4em wrote

Hard drive encryption is GREAT for business who have an IT team. (Even just one guy who knows to back up that password.)

But for consumers? That shit shouldn't be on by default. The user has no clue what the risks of it are, and no warning that there are even risks to account for.

3

Smith6612 t1_j9z7y5s wrote

They should definitely prompt for it like Apple does/did on macOS. It can help consumers too, since computers do get stolen from homes all the time.

1

epic_null t1_j9zhbc4 wrote

There are benefits, no doubt, but personal experience tells me that the risk for a personal computer is more heavily leaning towards anything else happening, with the drive being the only recoverable bit. (This is reflected in how I choose and manage my machine, but may not be reflected in how people in higher theft areas choose and manage their machines. For obvious reasons.)

1

Exshot32 t1_j9z7squ wrote

I work in a repair store.

NO customer ever knows their drive is Bitlocker or Filevault encrypted. NONE.

I'm on board with encryption for consumer protection, but Microsoft and Apple do a horrid job of explaining what they are doing to your data. They want you using their cloud services. So encrypting your drive with auto cloud backup becomes kinda a sneaky maneuver.

If they just explained things better I'd be fully on board with this. But no one understands why I can't get their data from a dead machine with an encrypted drive. And good luck remembering your Microsoft or iCloud password and finding your recovery keys.

5

epic_null t1_j9zdcg4 wrote

I'm not saying don't make it available - just have the user turn it on at some point. Then if customers make a bad decision, at least then they'll have made a bad decision and understand why there's now a bigger problem.

1