Bitlocker no longer requires a password during startup?
Bitlocker no longer requires a password during startup?
Hello, I purchased and set up BitLocker some time ago. Back then it would lock the PC when it started. After the hardware specifications page, which appears shortly after booting, it would show a password prompt. Without the password, I couldn’t access Windows. It was useful because I store important professional data on my HDD/SSD. Recently, after reinstalling Windows, most things work fine. For example, several games that previously required a password now don’t ask for one at boot. Instead, it just asks for a 4-digit PIN from Windows. The drive still shows as locked and labeled as protected by BitLocker in Windows. The issue is that if someone steals my device, a 4-digit code can be easily guessed. It’s a concern, but I’m not sure what your opinion is.
BitLocker isn't something you purchase. It's just a built-in function in Windows 11 Pro. A thief doesn't focus on your data—they aim to steal or resell the device itself. Unless you possess the plans for a functioning cold fusion reactor, most people won't care.
For convenience, Bitlocker's key is typically kept in the TPM. There seems to be no way to activate a password on the system drive itself, though it is possible for other storage devices. You can still turn on "Bitlocker preboot PIN".
How to Activate a Pre-Boot BitLocker PIN on Windows
When you encrypt your Windows system drive with BitLocker, you have the option to add a PIN for extra protection.
www.howtogeek.com
Your Windows PIN includes an anti-hammering function. This makes brute-force attacks slower, but it’s still advisable to set a sufficiently complex code—such as a 4-digit number or a random passphrase of 2-3 words.
Check the settings by searching for "Manage bitlocker" or "Control Panel\System and Security\BitLocker Drive Encryption." If Bitlocker is listed as active, your system drive is secured.
Reminder: Always safeguard your Bitlocker key. It’s usually stored in your Microsoft account by default, but you should verify this. Without a backup key, encrypted data will become unreadable over time.
yes i bought it when i was on 10
and the data i'm talking about is video games industry related. publishing the stuff on the internet even for fun could have absolutely desastrous effects on a design level. giving a kind of open buffet to the competitors
i'm trying this immediatelty. the picture shown looks a lot to the pre-boot login page i had before reinstalling. and yes i was using a passphrase. according to Snowden it's the way to go
👍
edit: can't figure out how to set up a password instead of a pin at boot..
I finally understood what I was doing here.
First, I opened gpedit.msc.
Next, navigated through Administrator templates → Windows Components → BitLocker Drive Encryption → Operating System Drives and enabled the following settings:
- Require additional authentication at startup
- Enable BitLocker requiring preboot keyboard input on slates
- Allow enhanced PINs for startup
Then I returned to the first option (require additional authentication at startup) and followed the instructions from Cilantro7536.
Creating a passphrase (non-alphanumeric PIN) is necessary only after completing step 2.
Thanks a lot.