Turn On or Off BitLocker for Operating System Drive in Windows 10

paulyjustin · 08 Apr 2019

@Brink

But based on what that person mentioned, he said if you have bitlocker encrypted and put a bios password and secure it... which mean a hacker cannot change your bios settngs, he said it would be almost impossible for a hacker to either get into your encrypted drive or put a malware usb into it without your knowledger. So that statement is true or false?

He implied whether its a bitlocker password or pin or the method i did which he suggested... auto unlock itself, its like same thing, you just need to remember one more password or pin. So that is incorrect? He said had you put a pin or password but did not secure your bios settings, all i hacker has to do is go to your bios settings and now you are not protected... meaning they could put malware via usb stick since you are not protected from that.

But if you do secure bios... you are protected from that. So is this last statement true or false? Sorry for repeating many times brink.

Brink · 08 Apr 2019

A secure BIOS will help, but it's only help for BIOS settings. It will have no affect on the BitLocker encrypted drive.

If you want it more secure, have a BitLocker password or PIN instead of automatically unlock.

paulyjustin · 08 Apr 2019

@Brink i understand that.

But with a bitlocker pin or password with it... can a hacker put a virus/malware/keylogger on my laptop say with usb stick though even if they cannot boot my laptop? The other person says they still can because my bios is not secured.

Brink · 08 Apr 2019

It is possible for them to infect your computer with a USB flash drive with direct access to your computer.

You can help prevent this by having a BIOS password and change your BIOS settings to not boot from a USB or any other device than your Windows drive.

This still will not affect BitLocker encryption though.

paulyjustin · 11 Apr 2019

@Brink

Brink said:

The BitLocker drive will automatically unlock the the thief/hacker just as it does for you since you have BitLocker set to automatically unlock with the TPM. They would still need to know you Windows 10 password to make it easier to sign in to your account though.

BIOS password is completely unrelated other than for BIOS settings.

Sure, but nothing is going to stop that anyways if a hacker has physical access to your computer.

Nothing is 100% protected. All you can do is provide enough security to make it difficult and/or impossible for the average person.

I'd say using BitLocker along with a program like Axcrypt would be good.

Personally, I would use a BitLocker password or PIN instead of a TPM. This way anyone that get physical access to your computer will have to know the BitLocker password or PIN to unlock the drive instead of it automatically getting unlocked now.

'

Thus this is another extra layer of security right? But would you say doing this makes it much much more secure or not that much secure? But even if i do this without bios password, then a hacker can still put usb stick and i get malware/keylogger right?

What percentage of people would you guess use bitlocker with

1. TPM
2. TPM with options
3. pin or password

The guy who helped me with this since TPM unlocking is most simple and easy way but he said i believe most ppl choose this method. I have tough time thinking most ppl choose this method as oppose to pin or password. Also why would anyone choose pin? Someone could just type 200000, 200001 and 3000000 and keep typing it to get through right since pin is 6-20 digits?

paulyjustin · 11 Apr 2019

@Brink

Im curious but did you ever used veracrypt ? Would you say its better/worst or about the same as bitlocker?

Also what is more safer? Having bitlocker the way i have it as of right now with no boot pin or password.... or having a password at boot but no windows 10 password?

Brink · 11 Apr 2019

Adding more layers (password/PIN) helps it to be more secure.

I couldn't even begin to guess the percentage. I'd say use what you want to use.

I haven't used Veracrypt, but heard good things. I like BitLocker since it's integrated into the OS.

paulyjustin · 11 Apr 2019

@Brink

So right now you are using bitlocker as of now? Can you tell me your setup with bitlocker and how you have everything set up? Like do you have pin or password or usb to boot windows 10 and then the windows 10 password?

Brink · 11 Apr 2019

I'm not using BitLocker currently since I do to much testing and tinkering.

samerrustom · 03 May 2019

My company is using Bitlocker server edition (Microsoft BitLocker Administration and Monitoring (MBAM)) to protect our company laptops in case somebody stole it.
One of our colleague has HP Specter laptop 2 years old, joined on domain. TPM v 1.2
The company i work for upgraded the version of the Antivirus. The system admin asked me to uninstall the current version and install the new version. The upgrade step was straightforward.
The second step is to upgrade the BIOS version to the latest version. A pop msg promoted on the screen asking me to suspend or stop Bitlocker before upgrade the BIOS. I suspended the Bitlocker and ran the upgrade process smoothly.
On the second day the owner's laptop called me and saying he can not login with his Bitlocker password. I reset the passport via Bitlocker portal. I logged in with the recovery key then asked him to change the Bitlocker password.
The day after the same issue happened again and i solved by the same way. Again the laptop's owner got angry and start shouting at me about this annoying issue. I contacted the system admin to see if he can help, but his reply was short google it.
I believe that there are some expert here can help me to find a solution for this irritation issue.