Using bitlocker without pin , should I add one?

June 13, 2018 at 06:01:02
Specs: Windows 10, Ryzen 1600, 32GB Dominator RAM
Using bitlocker without pin , should I add one?

So a few remote colleagues have Thinkpads with TPN 2.0 . I have been asked to encrypt the laptops , this has been done via Bitlocker

However I am confused why a PIN or password prompt is not configured by default . After encrypting these laptops , the user can still log in with their standard Windows password . I am struggling to understand what is the point in encrypting a laptop , if any person can log in , if he/she knows the Windows password .
I am also quite concerned why this is not made a simple click and play option , this has to be done though local computer poilicy and commands


See More: Using bitlocker without pin , should I add one?

Report •

#1
June 13, 2018 at 07:56:00

Report •

#2
June 13, 2018 at 16:05:03
Not any person can log in. If it's a stand-alone computer, someone who already has access to the computer would need to create an account for the new user. If this is on a company domain, access would be controlled through accounts created in Active Directory.

A pin is used if the drive fails or the OS crashes and data needs to be read from the drive in a different computer. When you try to read the drive, you would need to run Bitlocker and input the PIN for that drive.


Report •

#3
June 14, 2018 at 01:41:27
Hi , I am trying to see the difference between an encryption pin and a user password. For example a social engineer could watch someone learn both an encryption pin and a user account password . So how is the encryption pin providing better security ?

I have currently deployed Encryption pins on the stand alone ( not on domain ) laptops but , I am struggling to understand how this is more secure .

If a hacker ( social engineer ) figures out the encryption pin , what will stop him/her gaining access to the computer .

Apologies if this seems like a elementary question but , I have not had to encrypt a laptop before .


Report •

Related Solutions

#4
June 14, 2018 at 02:21:03
It's more secure because people need two separate bits of private information before they can access the computer. You are correct in saying that if someone figures out both the password and the pin then they can access the computer, But it is more difficult to obtain two unrelated secrets than it is to obtain either individually.

For greater security you probably need some sort of biometrics, such as a fingerprint reader. Then the only danger that users are in is that a determined criminal might cut off their fingers.

Encryption is great in theory, but can create more problems in practice than it solves. Proper security practices are more effective than technical solutions.


Report •

Ask Question