- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
You must log in or # to comment.
This is partly Microsoft’s fault, for sure, but it’s also more of a function of how secureboot works. A Linux system using TPM backed FDE with secureboot enabled would have the same problem going the other way.
Secureboot prevents a lot of ways the TPM could be compromised, so as part of “securely” turning it off, it wipes the keys (otherwise those protections would be pointless, the first thing an attacker would do would be to turn off secureboot).
I work in IT and understand that the tradeoff for good security is a reduction in convenience. But this really reads like deliberate punishment. I get the same sense on Apple’s platforms. Wanna change your cloud password? Prove you know the unlock code to a device that you no longer own and haven’t had in a year. This is especially awesome when your employer makes you change passcodes on a regular basis and you have no idea what you used back then.
Ran into this issue literally yesterday. The wife went back to iOS after giving Android a try for four years (I don’t get why, but I try not to judge).
Anyway, she couldn’t remember her Apple ID and had to pull out the phone she hasn’t used in years to recover her account. Thankfully she was smart enough to charge the battery to 50% every few months. Otherwise it would have gone bad and she would have been fucked; literally would have had to pay a tech hundreds to replace a battery for a phone she no longer uses, just to reset a simple password.
I understand and appreciate the need for good security, but this is beyond ridiculous.
…and grounds for committing sudoku. 🤣
- The average user has no need to use Bitlocker
- The average user should be using a local account instead of a Microsoft Account.
- Using a Microsoft Account causes Bitlocker to auto-enable.
- Loss of access to your Microsoft Account when Bitlocker is enabled can cause loss of all your data.
- Microsoft can and will roundly ignore you if you lose access to your Microsoft Account.
Microsoft has painted users into a very dangerous corner. Security is vitally important, but not when it’s almost maliciously implemented.
Even as a security professional I understand that most people will be ill served by having their computer locked down like Fort Knox. There are ways of ensuring security without having all personal content go permanently poof with the slightest wrong move.
Literally happened to me two days ago. Everything was fine until i installed gpu drivers and then it said “plz give secure boot password” and i had to abort mid install. Also was infront of a fresh linux recruit.
Real and fuck Microsoft
