Why I (No Longer) Avoid BitLocker

Don't just save your Bitlocker keys on a thumb drive. *PRINT* your keys and include comments about what each key is for. Store the paperwork securely.

Another situation of Bit Locker not allowing access to the encrypted drive on boot up is a BIOS upgrade of a new machine by the manufacture after the Bit Locker encryption took place. The TPM (Trusted Platform Module) stores the Bit Locker key configuration of the encrypted drive.
it's a separate chip on the motherboard. Though the TPM 2.0 standard allows manufacturers like Intel or AMD to build the TPM capability into their chipsets rather than requiring a separate chip. If the data on the TPM (e.g. a bios upgrade) does not match the key data on the encrypted drive, you better have your Bit Locker key handy or you're screwed.

What is frustrating is that the printed out key says to check the key number to the number on the computer, but I can't find that information on the computer.

Thank you for this video! I've also always avoided BitLocker like the plague, not trusting that Microsoft wouldn't mess something up, lose my key, and leave me whistling in the dark to get my data back. Not happy that now they're trying to force BitLocker encryption on all Windows systems, which just seems unnecessarily stupid for anything other than easily stolen laptops.

@0:20 "...in every edition of Windows, other than Home."
The "Home" addition does have BitLocker (in a way). It is not enabled. If you were to enter a "Pro" license key, BitLocker would become enabled, and nothing BitLocker related gets installed (it was already there).
Windows does this with other tools, such as Remote Desktop.
Only Pro and above can act as the server. But Home versions of Windows can start the Remote Desktop client and connect to a Windows machine running the Server end of Remote Desktop.
Back to BitLocker...
If someone hands you a USB drive that is BitLocker encrypted, your Home version will be able to decrypt it, the same as Pro.

I've used Bitlocker for several years now. Works great!

Thanks, well explained. couple of questions.
1. Does BitLocker encryption extends to OneDrive when enabled? Objective: making zero-knowledge encryption on OneDrive. I believe its not, want to confirm with you.
2. What happens when using CryptoMator on a BitLocker enabled device, to synch with OneDrive? any conflicts I should be concerned? thanks

When someones steals my computer tpm+pin is there an way to decrypt it? Or is it 100% safe? I mean no one can bruteforce an long pin

According to TomsHardware, BitLocker slows down SSD by up to 45%.

What are you talking about. I've been using bitlocker encrypted drive after new windows setup and on other computer

I would do all three. Save to Microsoft account if you have one in use. Save the file to an external drive, and make sure it's backed up to several other drives as USB or SD cards or whatever are cheap. And 3rd, print out a few copies to keep a copy and maybe give a copy to a relative or keep in your car or something.

One thing I recently encountered on a bit-locked drive, I couldn't clone it. Only after turning off bitlocker could I clone drive (Win10).

Hi Leo.. I almost decided to turn on Bitlocker… then learned of the issue with SSD drive slowdowns with Windows 11. I’d love to hear your take on this problem?

I store my recovery key in 1password.
Saving it in your MSFT account means you've enabled a 3rd party to decrypt your drive. It's not clear that recovery key is protected. I assume it's not and is recoverable by MSFT or the NSA if they request it. So it's only saved in places I trust.
Can you upgrade a Win10 + BL + TPM install to Win11 while BL+TPM are still active or do you have to disable BL first?

I believe you can buy SSD drives that are self incrypting, i.e. hardware encrypting. So may be a better way of doing it than via software. I have used Veracrypt a few times in the past when I went on vacation and brought my laptop with me. Though in that instance, I also loaded a new install of the OS on a spare drive and only loaded files that I may have needed access to while on vacation instead of using my main drive at the time that was loaded with all of my docs/pics, etc. Just in case it got stolen.

i saved the code for my combination lock on my computer before loading a corrupted world and i had bitlocker enabled and now I can’t open the combination lock

I must have a boring life I can't think of a reason I need this.

Leo the warning came too late to save me from Bitlocker being on by default. Encrypted into a corner describes it well. I ended up in frustration wiping everything and re-installing. I have Bitlocker turned off since then. This seems to me best described as a malicious booby trap in Windows waiting to ensnare the unwitting like me. Why is it on by default?

Is it possible to change the BL key or password to something you can remember?

im on windows 10 home so i dont have or use that

Hi, Does Macrium back up the data unencrypted? I am 99% sure that it does but want to ask you to be 100%. Thank You! 🤔

Thanks, I've been thinking about trying Bitlocker for some time, this helps alleviate some of my trepidation!

What happens if the owner of the computer is not tech-savvy, has never saved the recovery key, and now she is unable to log into the computer?

If you make an image backup of a Bitlocker encripted drive; if you have to boot from it, can you? or do you need the recovery key?

Question: does veracrypt need to be installed on a computer in order to make a veracrypt encrypted file accesable? Thanks for the video

And here I struggle with eh idea that I even need to have a Microsoft account...
I admit I did not finish the video as the first half had nothing new or helpful. Its simply reading the bitlocker instructions...

BitLocker Encryption is not listed in Control Panel on Windows 11 Home Edition, Leo. What should i do now?

I avoid BitLocker totally. And also Windows.
After decades of Microsoft, starting before MS Windows, I got fed up with it, and moved from Windows to Linux Mint 26 months ago. Don't miss Windows at all, and am not going back.
Windows Shows Us How NOT To Encrypt Our Drives
ua-cam.com/video/JIia8Hj_3tE/v-deo.html

Is bitlocker about physical theft of drives only? If there is no threat of that can it be disabled?

For the only time, find myself out of my depth with one of your admirable videos. It doesn't help that you begin with using BL before you've checked whether or not it has already been set by Microsoft and there is some sort of Key or password - confusing - to be found somewhere. (For information, I'd already tried another video and had to give up.) I'll have to persist somehow to protect myself against BL already running in situ, or suddenly find myself like the very unfortunate "spambedam" below.

Never had to use it , i do not store photos etc , i use it as a gaming machine nothing more nothing less , if i want to use it for bank etc i use another pc that no one can use , but i have just noticed a bios flash update for the motherboard needs bitlocker turned on , that is not what i am happy about , It should be of choice to use it or not and not forced to use it .
So it looks like i will buy a fresh drive specifically for it .

Is your file data available if you share to another person or device?

I'd rather die than use or trust a proprietary file disc encryption method or tool especially a Microsoft one 🤢

I will never buy Windows computer again, moving to Mac, less hassle

Bit locker encryption sounds like a great option yet it's another poor Microsoft implementation. It's basically an inconvenience for someone that wants to get your data off of your Windows computer.
If you forget your PIN, a lot of times there is a link that will have Microsoft send a recovery code to your phone. (That's pretty damn insecure).
There are also multiple attacks known against the TPM directly which can obtain your encrypted data.
There are multiple other ways that an attacker can obtain your "encrypted" data in bitlocker.
Obviously, if you are using Windows, security is not your top concern, but be aware.

I wish Micro$oft Would Push end Users harder on installing Making it Clear you Need to save This Code SOME were..
The Number of machine I have seen with windows 11 and end user has NO idear ..
(and WHY Should They)
Under Stand How Important this code is...
Last one Here was a Wife Who's Husband Past..
She Dose not Know the PIN to Log into this Laptop (She has Her Own)
But knowing He Always download Photos from his devices over YEARS to this Machine..
Backing up Equals Two or More Copys..
Make a copy of your Family Photos today and Give them to Family..
After All Off Site Back up is the GOLD standard!
(Seen Two Many People Lose Photos Over 40 Years of working in IT)

The following error is preventing bitlocker: failed to open the bitlocker control panel tool: error code 0x80004005
How do I fix this?