Turn On or Off BitLocker for Operating System Drive in Windows 10  

Page 12 of 18 FirstFirst ... 21011121314 ... LastLast

  1. Posts : 61,510
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #110

    paulyjustin said:
    @brink
    '

    Choose which encryption mode to use


    new encryption mode (best for devices on this device)

    compatible modem (best for drives that can be moved from this device)




    In description it says if you use it with windows 10 at least, choose 1st option. If you use windows 7 or 8, choose 2nd option.



    Im confused here. So it seems to be the first one but the tutorial says choose 2nd option?


    You would want to use the "New encryption mode" as per step 13 for a Windows 10 OS drive.

    "New encryption mode" isn't supported by Windows 7 or Windows 8, so that is the only reason why you wouldn't use it for a drive that would be used with those operating systems.
      My Computers


  2. Posts : 1,035
    Windows 10
       #111

    @blink


    thanks for your help. I believe im done with this and its encrypted.
      My Computer


  3. Posts : 61,510
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #112

    paulyjustin said:
    @blink


    thanks for your help. I believe im done with this and its encrypted.

    You're most welcome Pauly.
      My Computers


  4. Posts : 1,035
    Windows 10
       #113

    @Brink


    The person who helped me on the other forum with this mention something i am concerned about. Because i have no pin or password when the computer boots and it goes straight to windows 10, he tells me that a hacker or thief could access your bios if you dont put a secure password for bios. Are you familiar with this? If so, is there a reason why nothing in the guide mentions this? Because if someone follow all the steps in the tutorial, they are not safe and secure if they did not secure bios? Because nothing is mentioned about bios in the article.


    I told him not long ago i got a power bank for my laptop and it ask me to update bios before use powerbank but i did not because i dont like touching those options so i did not bother with this. He said if you ever has a bios update, then you need to suspend bitlocker first before you update bios. I then told him, i never updated bios or did anytihng like this myself. I did say last year when i brought my laptop to a repair shop with a replacement battery to have him replace the old with new, the laptop didnt turn on. He checked my ssd drive in his computer and it worked but after a while, my laptop turned on. I think he might have touched the boot up or something like that or maybe bios but im not sure. But i told him i never put a password for bios or did anything like that to it.


    He then tells me... your computer is not safe and not secure if bios is not secure. Are you familiar with this? He said even though you did bitlocker, if your bios is not secure, your system is not secure. He says there are things like cold boot attack.


    This is what he says


    Yes. Absolutely. Last year a lot of security vulnerabilities were uncovered that require firmware patches to address them - unless you're OK with them being potentially exploited. For a laptop, BIOS is the firmware. Note that exploiting these vulnerabilities is harder than accessing your files or putting malware on unattended unencrypted laptop without password, but it is still possible.


    Yes. Otherwise skilled hacker can perform Cold Boot attack with a USB flash drive, by booting from it and dumping your RAM, then getting your encryption key from RAM dump. Or some malicious idiot can format your drive while the laptop is unattended, just for lulz. Or set BIOS user password (which is requested every boot) and HDD password (which is stored in HDD firmware) to make it impossible to use your laptop and access your data. BIOS is a powerful thing, you know.


    I ask so i have to secure bios, he says


    Thus, you don't want anyone except you to be able to boot from USB devices, and you don't want anyone else to change your BIOS settings. To prevent that, you need to adjust BIOS settings I described earlier.


    This is what he tells me i need to do to secure my laptop


    1. Set BIOS supervisor password so only you can change BIOS settings
    2. In boot order settings, allow boot only from your internal SSD, disable boot from all other devices.
    3. Lock boot order in BIOS, disable Boot menu - if these settings are present in your BIOS
    Read about accessing BIOS and adjusting BIOS settings in your laptop's user manual


      My Computer


  5. Posts : 1,035
    Windows 10
       #114

    Do you have any opinion on this? So all of this is correct? If so, then wouldn't that mean most ppl who installed bitlocker while following the guide on this site most likely never did anything with bios or secure it? Or do most ppl secure it already when they first get the computer?
      My Computer


  6. Posts : 61,510
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #115

    Pauly,

    The BIOS password is unrelated to BitLocker, so that would be why it's not in this tutorial.

    The BIOS password is to help prevent unauthorized access and changes to your UEFI/BIOS settings instead. Of course, you will need to have physical access (person or malware) to the computer to do anything with the UEFI/BIOS.

    The recommendations he suggested at the end of your post above are good to help make your computer more secure.

    Just be sure to keep your passwords written down and kept in a safe and secure location in case you should forget them.
      My Computers


  7. Posts : 1,035
    Windows 10
       #116

    @Brink


    Well isn't that the purpose of bitlocker though? Thus if someone gets access to your laptop whether its a thief or hacker, they cannot log into it without pin or password or/and the windows 10 password? Thus physical access is already assumed right for bitlocker's purpose? That is why im shocked he said this with bios.


    Well he said your computer is not secure at all if you didn't do anything with bios. So that is 100 percent true then right? So basically you do the entire bitlocker thing and encrypt it, but you didn't put a bios password, you are basically at risk just like someone with no bitlocker?


    Yes i know to keep passwords written down.


    But how is the bios not mentioned in the bitlocker article? I mean someone would think... okay i secured my computer with bitlocker by following all these steps. But because they never touched bios... then they are at risk just as before?
      My Computer


  8. Posts : 61,510
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #117

    A BIOS password is only to help prevent someone other than you to make changes your motherboard's BIOS settings.

    This is unrelated to BitLocker since BitLocker is for encrypting the hard drive instead. Having a BIOS password or not has no impact on BitLocker.

    It's not true that you computer is "not secure at all" without a BIOS password.

    These are just different tools that can be used to help make your computer more secure. The more tools you use, the more they can help make your computer more secure. Of course, nothing is ever 100% secure.
      My Computers


  9. Posts : 1,035
    Windows 10
       #118

    @Brink


    Yes that poster in another forum mentioned its to prevent someone from making changes to the bios settings. But if no password for bios, a person could make changes to the bios setting and thus get into the hard drive even with bitlocker on? I saw a short video on cold boot attack which basically is a hacker/thief opens up laptop because of no bios password and gets all the information through the RAM. Is that video then correct? Thus no bios password even with bitlocker on... any even not that smart hacker/thief can check whats inside? But that person said with no bios password, a hacker can just open up laptop do one of those things and then install a malicious usb stick or ram and then you are screwed. So all these statements are true?


    Okay so you say my computer is still secure but not fully secure? So those methods that i made in bold which the poster mentions... that is possible if no bios password correct? He said if a smart thief or hacker has access to this laptop, its easy for him to hack it. But for a not that smart hacker, it isn't that hard. This is true right?


    Well if i leave my computer as is now with bitlocker on but do nothing wth bios, that mean a smart hacker/thief can check my hard drive very easily right? That is what the other poster implies. But if i secure bios with a bios password, then a hacker cannot do anything to change the bios and thus my computer hard drive is safe from that. Is that true then?
      My Computer


  10. Posts : 61,510
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #119

    No. With or without a BIOS password, they won't be able to easily access a BitLocker encrypted hard drive unless they have the BitLocker password, PIN, or recovery key.
      My Computers


 

Tutorial Categories

Turn On or Off BitLocker for Operating System Drive in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 02:26.
Find Us




Windows 10 Forums