Discussion about BitLocker and encryption topics.
Discussion about BitLocker and encryption topics.
You're wondering why TPM is important for full disk encryption with BitLocker. It's because TPM stores cryptographic keys securely, protecting them even if the system is damaged. Unlike Veracrypt, BitLocker can't rely on a password alone if the hardware is compromised. The TPM ensures that recovery isn't dependent on a potentially lost or stolen password.
Regarding the password length, using a 32-character password with special symbols is generally secure and makes brute-force attacks very difficult. A 20-character password might be sufficient, but longer passwords offer better protection against attacks. The key is balancing security and usability.
TPM enhances your safety with minimal complexity, allowing passwords that are short or simple to resist. A 20-character lock is virtually unbreakable. Most attackers won’t try to guess your password, so as long as it’s unique or not similar to another, you’re safe.
No password exists? A burglar breaks in and accesses your device without any security... the value of TPM is lost?
Without a BitLocker key, a Windows login remains intact. It’s not flawless, but it makes data extraction significantly more difficult and doesn’t impact your experience. The TPM secures the drive, meaning you can’t access it on another machine without the proper credentials. If you need to retrieve files using TPM, you’ll require the Windows password.
The TPM will decrypt the disk during startup. It may handle this independently or using a password.
Using BitLocker without a TPM, you must connect a USB flash drive at startup. No password is needed, and the system won’t start unless the drive is present (you can store a recovery key online or elsewhere). The data stays protected because it’s encrypted, so even if someone steals your PC, they can’t access your files without the USB drive. There are many durable USB drives available—just attach one to a safe spot with your recovery key, or print the key for backup. It doesn’t have to be super fast or costly. This device works well, and you can keep the second one hidden securely with the key on it if needed.
and then the USB drive stops working... gg (I have around 10 or so that might be dead, just in case you find out it doesn't happen). Oh, you can? Well, it doesn’t make it safe, but at least you have a backup in case your USB fails like all USBs do. (By the way, I blame Playstation—I think most of my USB drives die after using them with a console... though there could be other reasons too)
You can make copies of copies of copies... Your USB stick on the key chain has been working well for a decade. It’s been flushed down the toilet, washed in the washing machine... all kinds of rough treatment. As I mentioned, you can save a recovery key and keep it in a secure place only you should access. If someone tries to steal your PC, they probably won’t bother searching for the key... You could even move it to another location. Or simply send it to your email or cloud storage, so you can retrieve it anytime without needing the device. It doesn’t need any BitLocker details—just a long string of random characters that no one should be able to decipher. And honestly, even if you used a regular password for BitLocker, the odds of someone actually trying to break it are extremely low. They’d likely waste time and effort on a 20-character password, especially since it’s just a simple phrase with one uppercase letter and two numbers. Just give in and move it ASAP; no one would invest years or hours cracking such a weak code.