Yeah I think so, like it ask you where you can to store the key and if you want to upload a copy or something like that it has been a while since I did setup the encryption.
That said OMG there should be a nicer way to introduce the damn key on boot… with a USB or something I had to type it so many times when I was fixing a booting issue.
On Windows 11 when you sign in with a Microsoft account and the device fully supports bitlocker, it starts encrypting the drive without any user consent or acknowledgement. It did so on my laptop
Only with a local account you’re prompted to save a backup somewhere else, and it’s picky, doesn’t let you save it on the drive that’s going to be encrypted
Idk man… maybe is a recent change or something but on my three devices I installed Win 11, I activated Bitlocker after a while, it was not activated on my install/login. So my experience is completely different it didn’t start encrypting without consent.
And to be clear I have used Microsoft accounts on all of them.
On my Lenovo laptop my drive was encrypted without my consent, I was very pissed (due to a bug that wiped the tpm during a firmware update, I had 20 minutes of panic because I had no idea what was the bitlocker decryption key)
It seems to be a behaviour particular to portable devices. I’d argue encryption by default is a good thing on a device that’s more likely to be stolen (and the identity theft implications that brings) but clearly it needs to be better communicated to the end user.
I reinstalled windows 11 recently and had to manually re-encrypt the boot drive, which also prompted me to save a copy of the key. I had the option of backing up to my MS account, saving a txt file (which it refuses to let you place on any encrypted drive, even if it’s a different one to the one you’re encrypting at the time), or print it (which can be to a PDF you can save anywhere).
It’s possible to access the backup options at any time after that as well.
I usually take the last option, save the pdf to the same drive then copy paste the key into my password manager then delete the file.
Yeah I think so, like it ask you where you can to store the key and if you want to upload a copy or something like that it has been a while since I did setup the encryption.
That said OMG there should be a nicer way to introduce the damn key on boot… with a USB or something I had to type it so many times when I was fixing a booting issue.
On Windows 11 when you sign in with a Microsoft account and the device fully supports bitlocker, it starts encrypting the drive without any user consent or acknowledgement. It did so on my laptop
Only with a local account you’re prompted to save a backup somewhere else, and it’s picky, doesn’t let you save it on the drive that’s going to be encrypted
Idk man… maybe is a recent change or something but on my three devices I installed Win 11, I activated Bitlocker after a while, it was not activated on my install/login. So my experience is completely different it didn’t start encrypting without consent. And to be clear I have used Microsoft accounts on all of them.
On my Lenovo laptop my drive was encrypted without my consent, I was very pissed (due to a bug that wiped the tpm during a firmware update, I had 20 minutes of panic because I had no idea what was the bitlocker decryption key)
It seems to be a behaviour particular to portable devices. I’d argue encryption by default is a good thing on a device that’s more likely to be stolen (and the identity theft implications that brings) but clearly it needs to be better communicated to the end user.
I reinstalled windows 11 recently and had to manually re-encrypt the boot drive, which also prompted me to save a copy of the key. I had the option of backing up to my MS account, saving a txt file (which it refuses to let you place on any encrypted drive, even if it’s a different one to the one you’re encrypting at the time), or print it (which can be to a PDF you can save anywhere). It’s possible to access the backup options at any time after that as well. I usually take the last option, save the pdf to the same drive then copy paste the key into my password manager then delete the file.