• fuzzzerd@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Is there a way to sign in with Microsoft account and not upload your key to the cloud?

    This also makes me wonder if Android does the same thing with its device encryption, since you must login with a Google account.

    • XTornado@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Yeah I think so, like it ask you where you can to store the key and if you want to upload a copy or something like that it has been a while since I did setup the encryption.

      That said OMG there should be a nicer way to introduce the damn key on boot… with a USB or something I had to type it so many times when I was fixing a booting issue.

      • Moonrise2473@feddit.it
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        On Windows 11 when you sign in with a Microsoft account and the device fully supports bitlocker, it starts encrypting the drive without any user consent or acknowledgement. It did so on my laptop

        Only with a local account you’re prompted to save a backup somewhere else, and it’s picky, doesn’t let you save it on the drive that’s going to be encrypted

        • XTornado@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Idk man… maybe is a recent change or something but on my three devices I installed Win 11, I activated Bitlocker after a while, it was not activated on my install/login. So my experience is completely different it didn’t start encrypting without consent. And to be clear I have used Microsoft accounts on all of them.

          • Moonrise2473@feddit.it
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            On my Lenovo laptop my drive was encrypted without my consent, I was very pissed (due to a bug that wiped the tpm during a firmware update, I had 20 minutes of panic because I had no idea what was the bitlocker decryption key)

            • Raxiel@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              It seems to be a behaviour particular to portable devices. I’d argue encryption by default is a good thing on a device that’s more likely to be stolen (and the identity theft implications that brings) but clearly it needs to be better communicated to the end user.
              I reinstalled windows 11 recently and had to manually re-encrypt the boot drive, which also prompted me to save a copy of the key. I had the option of backing up to my MS account, saving a txt file (which it refuses to let you place on any encrypted drive, even if it’s a different one to the one you’re encrypting at the time), or print it (which can be to a PDF you can save anywhere). It’s possible to access the backup options at any time after that as well. I usually take the last option, save the pdf to the same drive then copy paste the key into my password manager then delete the file.

    • Raxiel@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yes, you have to opt in.
      I use a Microsoft account for my user profile, and recently reinstalled windows. I didn’t choose the account backup and so despite signing back into the same account, the encrypted partitions on my non-boot drives could only be unlocked by pasting the key in directly, there wasn’t an option to restore it.