Windows 10: Bit-locker Encryption / Cracking Windows Password Solved

  1.    23 May 2018 #1

    Bit-locker Encryption / Cracking Windows Password


    Hello all,

    Looking to implement Bit-Locker Encryption at my company. I've found you can actually add a pin to be used at the boot screen thus adding more security. I was wondering if I just use the encryption and don't use the pin at boot would this leave open a hole for someone to use a Windows Password Reset memory stick to crack the windows password and be able to login on the PC/Laptop.

    Would having a pin on boot stop this from happening?

    It just seems to me adding a pin is going to be more of an inconvenience than a security feature?

    Any feedback welcome.
      My ComputerSystem Spec

  2.    23 May 2018 #2

    Yes, if you don't use a PIN then the drive automatically unlocks upon boot and you get to the normal login screen where any password recovery tools will work as usual.
      My ComputerSystem Spec

  3.    23 May 2018 #3

    PolarNettles said: View Post
    Yes, if you don't use a PIN then the drive automatically unlocks upon boot and you get to the normal login screen where any password recovery tools will work as usual.
    Thanks for that. So how would the drive show if the pin was disabled for example, I unplugged the drive and put it in another machine? What would happen/show?
      My ComputerSystem Spec

  4.    23 May 2018 #4

    D3LL said: View Post
    Hello all,

    Looking to implement Bit-Locker Encryption at my company. I've found you can actually add a pin to be used at the boot screen thus adding more security. I was wondering if I just use the encryption and don't use the pin at boot would this leave open a hole for someone to use a Windows Password Reset memory stick to crack the windows password and be able to login on the PC/Laptop.

    Would having a pin on boot stop this from happening?

    It just seems to me adding a pin is going to be more of an inconvenience than a security feature?

    Any feedback welcome.
    BitLocker is designed to protect the data at rest, just like any other full drive encryptions. Without starting the OS residing on the encrypted drive, the data cannot be accessed, even if the drive in itself can be.

    The PIN will not stop the system from booting, if allowed in the BIOS, the PIN is for decrypting the drive at system start up. Booting the system to a password reset sticks/CD will work, but will not be able to recover account passwords from the BitLocker encrypted drive.

    As for inconvenience/security feature...

    Without PIN, the BitLocker encrypted drive will load the OS and presents the login prompt. At this point the system has all services, including network active. So, I could take your BitLocker encrypted laptop, hook it up to my network and have my ways with it. Not to mention the direct memory access requirement for fire-wire port, that could be exploited to access the memory that loaded at boot up.

    It seems that you'd want to remove two different level of authentication and simplify management for encrypting company devices. Maybe you can have your cake and....

    There are third-party companies that can integrate domain authentication with BitLocker encryption, like this one:

    Secure Disk for BitLocker - Safeguard Add-On for Microsoft BitLocker

    There are others as well and it really depends on the financial funding available for such third-party solution. If you have any regulatory requirements for encrypting the drive, they pretty much explicit description for compliance. You could use that to convince the bean-counters to approve funding for such.
    Last edited by Cr00zng; 23 May 2018 at 08:48. Reason: Clarity, I think...
      My ComputerSystem Spec

  5.    23 May 2018 #5

    D3LL said: View Post
    Thanks for that. So how would the drive show if the pin was disabled for example, I unplugged the drive and put it in another machine? What would happen/show?
    You'd need at least TPM, or startup key, if the PIN is not used. In which case, the BitLocker encrypted drive will not boot in another system, even if it is pretty much the same as the original system.
      My ComputerSystem Spec

  6.    24 May 2018 #6

    Thanks for the input/feedback all.
      My ComputerSystem Spec


 

Related Threads
Source: Cracking Down on Platform Abuse | Facebook Newsroom See also: Hard Questions: Update on Cambridge Analytica | Facebook Newsroom
Licensed Macrium Reflect v.7.1.2885 on Windows 10 Professional, 64-bits... The system has three drives for different purposes, such as system, business and personal data. Yes, a dual purpose small business PC... The current schedule creates a...
I'm looking for a mail client that encrypts not only my mail ids and passwords but also downloaded messages. Possibly with mail-to-mail end encryption. It would be even better if the application was open-source. Is there anything like that or is it...
Solved Encryption Password change in General Support
I read that if a folder is encrypted and I change my login password, then I can't login to that folder anymore. I was testing that on my folder, I did encrypt it, now it's green, I went and changed my password and login again, but I still can access...
Encryption of personal files with CTB-Locker in AntiVirus, Firewalls and System Security
https://www.pcrisk.com/removal-guides/8120-your-personal-files-are-encrypted-virus So my friend has this problem and i would like to give him good advice. Anyone here that had this problem before? My friend is on Windows 10. Thanks
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 08:28.
Find Us