• Moonrise2473@feddit.it
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    On Windows 11 when you sign in with a Microsoft account and the device fully supports bitlocker, it starts encrypting the drive without any user consent or acknowledgement. It did so on my laptop

    Only with a local account you’re prompted to save a backup somewhere else, and it’s picky, doesn’t let you save it on the drive that’s going to be encrypted

    • XTornado@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Idk man… maybe is a recent change or something but on my three devices I installed Win 11, I activated Bitlocker after a while, it was not activated on my install/login. So my experience is completely different it didn’t start encrypting without consent. And to be clear I have used Microsoft accounts on all of them.

      • Moonrise2473@feddit.it
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        On my Lenovo laptop my drive was encrypted without my consent, I was very pissed (due to a bug that wiped the tpm during a firmware update, I had 20 minutes of panic because I had no idea what was the bitlocker decryption key)

        • Raxiel@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It seems to be a behaviour particular to portable devices. I’d argue encryption by default is a good thing on a device that’s more likely to be stolen (and the identity theft implications that brings) but clearly it needs to be better communicated to the end user.
          I reinstalled windows 11 recently and had to manually re-encrypt the boot drive, which also prompted me to save a copy of the key. I had the option of backing up to my MS account, saving a txt file (which it refuses to let you place on any encrypted drive, even if it’s a different one to the one you’re encrypting at the time), or print it (which can be to a PDF you can save anywhere). It’s possible to access the backup options at any time after that as well. I usually take the last option, save the pdf to the same drive then copy paste the key into my password manager then delete the file.