Turn On or Off BitLocker for Operating System Drive in Windows 10  

Page 13 of 18 FirstFirst ... 31112131415 ... LastLast

  1. Posts : 1,035
    Windows 10
       #120

    @Brink


    I did not put a bitlocker pin or password as the other poster suggested to go with the bitlocker automatically unlock which seem to be step 3 in the bitlocker process. I ave the recovery key saved.


    When you say they wont be easily able to access the bitlocker encrypted hard drive, you mean they still can but its harder? The poster said that had i put a pin or password on bitlocker, not having a bios password is pretty much the same thing as same risk as it is now with no bios password. So that is correct or incorrect or partially correct?


    He said the way i have it set up now, a cold boot attack could be done because they can do something to my bios setting because i have no bios password for this. So this is correct or incorrect? He said a smart hacker can easily put some malicious usb in my computer because of my current setup with no secure password. So is that part correct?


    Because he just implies that my computer is not secure now because even though bios and bitlocker like you said work differently, it needs bios password to make system fully secure. He said a not so smart hacker might not be able to do this... but anyone that is competent or knows a bit, could easily bypass all this and change bios settings...
      My Computer


  2. Posts : 61,515
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #121

    BitLocker encryption makes it almost impossible to access. However, if you are data recovery expert with the right tools and knowledge, nothing is completely impossible.

    The TPM will act as your BitLocker password/PIN instead when you use automatically unlock. If someone has physical access to your computer, they will be able to access it though. It would be best to use a BitLocker password or PIN to help prevent that.

    What the other person is saying is basically only a possibility if a hacker gets physical access to your computer.

    Changing your BIOS settings will have no affect on the BitLocker encrypted drive. It will remain encrypted.
      My Computers


  3. Posts : 1,035
    Windows 10
       #122

    @Brink


    The main reason why i wanted to install bitlocker was because in case someone gets physical access to it, thus a hacker. So this is not the reason why people install bitlocker in the first place? That to me was the number one reason. So what would purpose of bitlocker then if you are not concerned with hacker having access to your computer?


    Well i did not put a password or pin because other person said do it the way he suggested which was let bitlocker unlock itself. He said i could do a pin or password but then i have to remember 2 of them... thus the pin or password to boot bitlocker, then the password for windows 10. So he suggested the easier method because most people wanted this.


    So am using TPM now right? But i could have done a password instead? So what i did was method 3 correct in your tutorial? So if someone did either step 4 or 5, is it safer, about the same or less safe than the step 3 I did?


    So do i need to secure my bios now or not? So if a hacker gets my laptop and tries to look at it, can they do it?

    What about them putting a malware usb or keylogger somehow whether its usb or whatnot.

    My main concern is if someone gets my laptop, they do something to it like put malware/keylogger and then put the computer where it was originally. Example i then go to my computer and turn on with my windows 10 password... only to start using it and any keystroke i type, its being recorded. Does that make sense? Thus if someone has my physical computer and takes it and they cant access anything or put anything on it, i dont mind because they only take the laptop so i cant type anything on it where my keystroke etc is recorded so then they view everything i do on it.


    Does that make sense what is my concern here?
      My Computer


  4. Posts : 61,515
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #123

    Using TPM is fine, but you have to remember that if someone gets physical access to your computer, the drive will automatically unlock just like it does for you.

    Considering your concern, I would recommend to use a BitLocker password or PIN instead.
      My Computers


  5. Posts : 1,035
    Windows 10
       #124

    brink one other question related to this. I have the bitlocker recovery key saved to a flash drive an external hard drive of mine. I did not print it out. But just to confirm, i can write the recovery code on a piece of paper and that is fine as well right? I also need to write the identifier as well?


    Also i save my important files to a program like dropbox or google drive. The thing however is i do encrypt those files though so i had issues with this. Thus if someone hacks my email, they still need to know the password for it.


    Would you say saving your bitlocker recover key online to a cloud like google drive or dropbox is fine as long as its encrypted with a program like axcrypt? Reason i do this is because of theft, fire or anything that can physically destroy your computer and flash drive and external hard drives, then there is still a copy of it in my dropbox or google drive that i can access. Thoughts on this?


    But im much more concerned with the bitlocker questions i have above as right now im not sure if i need to do the bios things or not.


    Thanks.
      My Computer


  6. Posts : 1,035
    Windows 10
       #125

    @Brink


    they why did that person suggested to have it unlocked the way it is then? He said if you do the pin or password which was at that step i was on earlier before i cancelled it and followed his way, it will be you entering 2 passwords instead of one. I thought well that isn't that of a big issue. He is someone who is very secure with his laptop as he mention things with fingerprint and other complex things that i do not need.


    But why did he suggest i have it automatically unlock and thus it go straight to windows 10 instead? So what he suggested is less secure than putting a password or pin and then windows 10 right? However... even if i put the password or pin for bitlocker, a hacker with physical access to my laptop can still put a virus/malware/keylogger whether usb stick or not even if i have a password or pin for bitlocker? That person said me putting the pin or password for bitlocker is not going to do anything to prevent a hacker from doing something physically wrong to it.


    He said with bios, your computer is not secure at all...
      My Computer


  7. Posts : 61,515
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #126

    paulyjustin said:
    brink one other question related to this. I have the bitlocker recovery key saved to a flash drive an external hard drive of mine. I did not print it out. But just to confirm, i can write the recovery code on a piece of paper and that is fine as well right? I also need to write the identifier as well?
    Correct. As long as you have those two items wherever you lilke, you'll be fine.

    paulyjustin said:
    Also i save my important files to a program like dropbox or google drive. The thing however is i do encrypt those files though so i had issues with this. Thus if someone hacks my email, they still need to know the password for it.
    BitLocker encryption will only be applied to the drive you encrypted. The file will not be BitLocker encrypted on your Google Drive.

    They will need to know the password for you Google Drive to gain access to it.

    paulyjustin said:
    Would you say saving your bitlocker recover key online to a cloud like google drive or dropbox is fine as long as its encrypted with a program like axcrypt? Reason i do this is because of theft, fire or anything that can physically destroy your computer and flash drive and external hard drives, then there is still a copy of it in my dropbox or google drive that i can access. Thoughts on this?
    That would be fine, but I don't know if a program like Axcrypt will encrypt your Google Drive or not, at lease not the online version.

    paulyjustin said:
    But im much more concerned with the bitlocker questions i have above as right now im not sure if i need to do the bios things or not.
    It's up to you for what you want.

    The BIOS password will not affect BitLocker. The BIOS password is only to password protect your BIOS settings.
      My Computers


  8. Posts : 1,035
    Windows 10
       #127

    @Brink

    It's up to you for what you want.

    The BIOS password will not affect BitLocker. The BIOS password is only to password protect your BIOS settings.



    1a. So no bios password. Just the way i have set it up now. Start up laptop, it auto unlocks. Ask me for my windows 10 password. If a thief/hacker has access to my laptop and stole it, could they encrypt my hard drive because my bios is not password protected?


    1b. Same scenario as above. But that person is only a hacker only but wants to leave my computer appear untouched. Example they get access to my laptop when im not there. Can they do anything whether plug my hard drive into something or plug it malicious usb or whatever they want... then turn off my computer. Then later on i come back and turn on my computer and enter my windows 10 password as is because i assume my computer was untouched. Its possible anything i type now on my computer whether logging into programs, emails etc already has my computer compromised due to keylogger/malware etc?


    Again this is my main concern here. Im not that upset if a thief comes and takes my laptop at my apartment while im not there. Im more concerned if they could either view my files in my laptop... or my bigger issue would be they do something to it leave malware/keylogger on it... leave my apartment, i come back to apartment then use my computer as if nothing has happened.


    Am i not protected here? If not, does installing the bios password and securing that protect me from this? This is my main worry when it comes to computer security for my laptop.

      My Computer


  9. Posts : 1,035
    Windows 10
       #128

    @Brink


    This is what i do with axcrypt. Its a program that you download and have one password to turn it on. Then you could encrypt documents/files/pictures. Example i do this with one file and encrypt it. When i log off axcrypt and try to open that document that is encrypted, i cannot do it. Because i need to know the axcrypt password for it. Does that make sense?


    Example before i upload a file or document to dropbox or google drive and if document is important, i right click it and encrypt it with axcrypt. So now let say i sign out of axcrypt. Now i go to my dropbox or google drive and log into it. Now i want to download that document. I can do that... but when i open it, it will ask me for the password. Thus only way to do this would be log in with my axcrypt password. Does that make sense? Example all my documents if i encrypt them, they all use the same password. Thus imagine having 50 documents encrypted in my computer. I put all of them in my dropbox or google drive in case something happens to my laptop. I would then go to my dropbox or axcrypt and its there. But in order for me to log in, i need the password that is my axcrypt username account. To use axcrypt, you need an email. So example my example is paulyjustin123@yahoo.com to make it simple. I set up a password and that is the password i need to type in to log into my axcrypt. So when im logged into axcrypt, let say i want to open 10 documents that are encrypted. Well i could open all 10 of them because as long as im signed in my axcrypt account, i can open them. If i log out, i cannot.


    So based on this, storing your bitlocker key pass in say dropbox or google drive and making sure you encrypt it using axcrypt on your computer before you upload it to dropbox/google drive... that is safe and makes sense right because you should want a digital backup?
      My Computer


  10. Posts : 61,515
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #129

    paulyjustin said:
    It's up to you for what you want.

    The BIOS password will not affect BitLocker. The BIOS password is only to password protect your BIOS settings.

    1a. So no bios password. Just the way i have set it up now. Start up laptop, it auto unlocks. Ask me for my windows 10 password. If a thief/hacker has access to my laptop and stole it, could they encrypt my hard drive because my bios is not password protected?
    The BitLocker drive will automatically unlock the the thief/hacker just as it does for you since you have BitLocker set to automatically unlock with the TPM. They would still need to know you Windows 10 password to make it easier to sign in to your account though.

    BIOS password is completely unrelated other than for BIOS settings.

    paulyjustin said:
    1b. Same scenario as above. But that person is only a hacker only but wants to leave my computer appear untouched. Example they get access to my laptop when im not there. Can they do anything whether plug my hard drive into something or plug it malicious usb or whatever they want... then turn off my computer. Then later on i come back and turn on my computer and enter my windows 10 password as is because i assume my computer was untouched. Its possible anything i type now on my computer whether logging into programs, emails etc already has my computer compromised due to keylogger/malware etc?
    Sure, but nothing is going to stop that anyways if a hacker has physical access to your computer.

    paulyjustin said:
    Again this is my main concern here. Im not that upset if a thief comes and takes my laptop at my apartment while im not there. Im more concerned if they could either view my files in my laptop... or my bigger issue would be they do something to it leave malware/keylogger on it... leave my apartment, i come back to apartment then use my computer as if nothing has happened.

    Am i not protected here? If not, does installing the bios password and securing that protect me from this? This is my main worry when it comes to computer security for my laptop.

    Nothing is 100% protected. All you can do is provide enough security to make it difficult and/or impossible for the average person.

    I'd say using BitLocker along with a program like Axcrypt would be good.

    Personally, I would use a BitLocker password or PIN instead of a TPM. This way anyone that get physical access to your computer will have to know the BitLocker password or PIN to unlock the drive instead of it automatically getting unlocked now.
      My Computers


 

Tutorial Categories

Turn On or Off BitLocker for Operating System Drive in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:37.
Find Us




Windows 10 Forums