Turn On or Off BitLocker for Operating System Drive in Windows 10  

@Brink


I did not put a bitlocker pin or password as the other poster suggested to go with the bitlocker automatically unlock which seem to be step 3 in the bitlocker process. I ave the recovery key saved.


When you say they wont be easily able to access the bitlocker encrypted hard drive, you mean they still can but its harder? The poster said that had i put a pin or password on bitlocker, not having a bios password is pretty much the same thing as same risk as it is now with no bios password. So that is correct or incorrect or partially correct?


He said the way i have it set up now, a cold boot attack could be done because they can do something to my bios setting because i have no bios password for this. So this is correct or incorrect? He said a smart hacker can easily put some malicious usb in my computer because of my current setup with no secure password. So is that part correct?


Because he just implies that my computer is not secure now because even though bios and bitlocker like you said work differently, it needs bios password to make system fully secure. He said a not so smart hacker might not be able to do this... but anyone that is competent or knows a bit, could easily bypass all this and change bios settings...

@Brink


The main reason why i wanted to install bitlocker was because in case someone gets physical access to it, thus a hacker. So this is not the reason why people install bitlocker in the first place? That to me was the number one reason. So what would purpose of bitlocker then if you are not concerned with hacker having access to your computer?


Well i did not put a password or pin because other person said do it the way he suggested which was let bitlocker unlock itself. He said i could do a pin or password but then i have to remember 2 of them... thus the pin or password to boot bitlocker, then the password for windows 10. So he suggested the easier method because most people wanted this.


So am using TPM now right? But i could have done a password instead? So what i did was method 3 correct in your tutorial? So if someone did either step 4 or 5, is it safer, about the same or less safe than the step 3 I did?


So do i need to secure my bios now or not? So if a hacker gets my laptop and tries to look at it, can they do it?

What about them putting a malware usb or keylogger somehow whether its usb or whatnot.

My main concern is if someone gets my laptop, they do something to it like put malware/keylogger and then put the computer where it was originally. Example i then go to my computer and turn on with my windows 10 password... only to start using it and any keystroke i type, its being recorded. Does that make sense? Thus if someone has my physical computer and takes it and they cant access anything or put anything on it, i dont mind because they only take the laptop so i cant type anything on it where my keystroke etc is recorded so then they view everything i do on it.


Does that make sense what is my concern here?

brink one other question related to this. I have the bitlocker recovery key saved to a flash drive an external hard drive of mine. I did not print it out. But just to confirm, i can write the recovery code on a piece of paper and that is fine as well right? I also need to write the identifier as well?


Also i save my important files to a program like dropbox or google drive. The thing however is i do encrypt those files though so i had issues with this. Thus if someone hacks my email, they still need to know the password for it.


Would you say saving your bitlocker recover key online to a cloud like google drive or dropbox is fine as long as its encrypted with a program like axcrypt? Reason i do this is because of theft, fire or anything that can physically destroy your computer and flash drive and external hard drives, then there is still a copy of it in my dropbox or google drive that i can access. Thoughts on this?


But im much more concerned with the bitlocker questions i have above as right now im not sure if i need to do the bios things or not.


Thanks.

@Brink


they why did that person suggested to have it unlocked the way it is then? He said if you do the pin or password which was at that step i was on earlier before i cancelled it and followed his way, it will be you entering 2 passwords instead of one. I thought well that isn't that of a big issue. He is someone who is very secure with his laptop as he mention things with fingerprint and other complex things that i do not need.


But why did he suggest i have it automatically unlock and thus it go straight to windows 10 instead? So what he suggested is less secure than putting a password or pin and then windows 10 right? However... even if i put the password or pin for bitlocker, a hacker with physical access to my laptop can still put a virus/malware/keylogger whether usb stick or not even if i have a password or pin for bitlocker? That person said me putting the pin or password for bitlocker is not going to do anything to prevent a hacker from doing something physically wrong to it.


He said with bios, your computer is not secure at all...

@Brink

It's up to you for what you want.

The BIOS password will not affect BitLocker. The BIOS password is only to password protect your BIOS settings.



1a. So no bios password. Just the way i have set it up now. Start up laptop, it auto unlocks. Ask me for my windows 10 password. If a thief/hacker has access to my laptop and stole it, could they encrypt my hard drive because my bios is not password protected?


1b. Same scenario as above. But that person is only a hacker only but wants to leave my computer appear untouched. Example they get access to my laptop when im not there. Can they do anything whether plug my hard drive into something or plug it malicious usb or whatever they want... then turn off my computer. Then later on i come back and turn on my computer and enter my windows 10 password as is because i assume my computer was untouched. Its possible anything i type now on my computer whether logging into programs, emails etc already has my computer compromised due to keylogger/malware etc?


Again this is my main concern here. Im not that upset if a thief comes and takes my laptop at my apartment while im not there. Im more concerned if they could either view my files in my laptop... or my bigger issue would be they do something to it leave malware/keylogger on it... leave my apartment, i come back to apartment then use my computer as if nothing has happened.


Am i not protected here? If not, does installing the bios password and securing that protect me from this? This is my main worry when it comes to computer security for my laptop.

@Brink


This is what i do with axcrypt. Its a program that you download and have one password to turn it on. Then you could encrypt documents/files/pictures. Example i do this with one file and encrypt it. When i log off axcrypt and try to open that document that is encrypted, i cannot do it. Because i need to know the axcrypt password for it. Does that make sense?


Example before i upload a file or document to dropbox or google drive and if document is important, i right click it and encrypt it with axcrypt. So now let say i sign out of axcrypt. Now i go to my dropbox or google drive and log into it. Now i want to download that document. I can do that... but when i open it, it will ask me for the password. Thus only way to do this would be log in with my axcrypt password. Does that make sense? Example all my documents if i encrypt them, they all use the same password. Thus imagine having 50 documents encrypted in my computer. I put all of them in my dropbox or google drive in case something happens to my laptop. I would then go to my dropbox or axcrypt and its there. But in order for me to log in, i need the password that is my axcrypt username account. To use axcrypt, you need an email. So example my example is paulyjustin123@yahoo.com to make it simple. I set up a password and that is the password i need to type in to log into my axcrypt. So when im logged into axcrypt, let say i want to open 10 documents that are encrypted. Well i could open all 10 of them because as long as im signed in my axcrypt account, i can open them. If i log out, i cannot.


So based on this, storing your bitlocker key pass in say dropbox or google drive and making sure you encrypt it using axcrypt on your computer before you upload it to dropbox/google drive... that is safe and makes sense right because you should want a digital backup?