Many consumer SSDs claim to support encryption and BitLocker believed them. But, as we learned last year, those drives often weren’t securely encrypting files. Microsoft just changed Windows 10 to stop trusting those sketchy SSDs and default to software encryption.

In summary, solid-state drives and other hard drives can claim to be “self-encrypting.” If they do, BitLocker wouldn’t perform any encryption, even if you enabled BitLocker manually. In theory, that was good: The drive could perform the encryption itself at the firmware level, speeding up the process, reducing CPU usage, and maybe saving some power. In reality, it was bad: Many drives had empty master passwords and other horrendous security failures. We learned consumer SSDs can’t be trusted to implement encryption.

Now, Microsoft has changed things. By default, BitLocker will ignore drives that claim to be self-encrypting and do the encryption work in software. Even if you have a drive that claims to support encryption, BitLocker won’t believe it.

This change arrived in Windows 10’s KB4516071 update, released on September 24, 2019. It was spotted by SwiftOnSecurity on Twitter:



Read more: Windows 10’s BitLocker Encryption No Longer Trusts Your SSD