New
#31
Wrong - you do not need a BIOS password for your computer to be protected.
I use TPM to unlock bitlocker and a PIN or fingerprint (in place of Password) to unlock Windows. This is not a BIOS PIN - see here: Add PIN to your Account in Windows 10 | Tutorials
This is what MS recommend - see: BitLocker Security FAQ (Windows 10) | Microsoft Docs
No-one can access your disk without either your bitlocker recovery key or without using your Windows logon credentials. When system drive is encrypted with bitlocker you can't reset Windows password or PIN from boot media so your only risk is leaving it unlocked which applies to any encryption. As such locking your BIOS to stop people changing boot order and booting from USB is pointless as it doesn't help.
If you want extra security then you can use any or all of of a BIOS password, a harddisk password (if your BIOS supports it), a bitlocker startup password or setting bitlocker to require a USB key or smartcard to be present when booting.
I never used veracrypt but as it is software based encryption it will have some effect on battery.
Microsoft suggest software based bitlocker adds low single digit percentage CPU use but I can't say I ever noticed it. It depends on your setup I imagine but I'd be surprised if veracrypt was more efficient than bitlocker.
If you want to try vercrypt decrypt (not just disable) bitlocker first. This takes the same time as encrypting more or less.