What's new

Bitlocker Password (or lack of)

RhoXS

New Member
I only use my Surface Pro 3 when away from work/home. It obviously can be lost or stolen so I want to use Bitlocker to to prevent access to the data stored on it. When I started to install and activate Bitlocker, to my surprise, I found Bitlocker was already activated and there was even an already available Identifier and Recovery Key. Also, after some research, I discovered a startup password is intentionally not asked for since the Surface can be used without a keyboard and, supposedly, there would be no way of entering a password so it could never be started.

So, why bother at all with Bitlocker if it can be started without a password? This is a WTF thought to me but I have to assume people a lot smarter than me designed this so I am definitely missing something here. Maybe it requires a USB token but that seriously degrades security as both the Surface and token could be lost together since they would both be with me when traveling.

Also, I did find evidence that a password can be forced to be used but there is absolutely nothing obvious to me from the Bitlocker Manager dialog indicating how to do this. How do I make Bitlocker prevent starting it and/or accessing any data stored on it unless I enter a high quality password?

In other words, I have a very portable computer that can be lost/stolen. I want to use Bitlocker to protect the data on it, Bitlocker is indeed installed and activated, yet there is no obvious way of establishing a password leaving access to my machine fully available to anyone that has it in their hands. WTF?
 
OP
R

RhoXS

New Member
@RhoXS,

Are you actually encrypting that drive, (active Bitlocker) or do you merely have a registered key?

Thanks. Very good question. I do not know.

When I attempted to begin using Bitlocker on the Surface I was expecting the same dialog as had occurred on the three previous occasions when I set up Bitlocker on desktops. In each case, previously, during the setup, I created a strong password and was provided with both an "Identifier" and a "Recovery Key". The machine then went through the relatively lengthy process of encrypting the c: drive and, after the encryption was complete, my password was required prior to Windows starting.

The same thing did not happen with the Surface. It did present me with an "Identifier" and a "Recovery Key" and the Bitlocker dialog states Bitlocker is "Active". However, it never asked me to create a password, there is no obvious method of creating one, and one is not required to start Windows. Therefore, anyone that has possession of my Surface (if it is lost or stolen) has full access to everything stored on it. This is exactly the essence of my question as there does not appear to me to be any way of securing this machine from unwanted access.

In another forum I was advised to establish a MS account password. First, I do not want a Microsoft account and deal with still another logon name and password. More important, I do not perceive a MS account password will provide the same high level of security as would a strong password directly used by Bitlocker, only recorded in my head, and known by not another soul in this world. Additionally, a MS account password is recorded on the MS servers somewhere and vulnerable like every other server open to the internet. Years ago I used Truecrypt and I perceive Bitlocker is similar in function etc.

So, what good does Bitlocker do if the Surface can be started without a password and there is no obvious method of making it use a password?
 
Top