• 0 Posts
  • 10 Comments
Joined 2 years ago
Cake day: June 21st, 2023
  • Raxiel@lemmy.worldtoAssholeDesign@lemmy.worldPaid for MS Excel out of the goodness of my heart so now I get this popup every 2 hours...English
    2·
    2 years ago

    It seems to be a behaviour particular to portable devices. I’d argue encryption by default is a good thing on a device that’s more likely to be stolen (and the identity theft implications that brings) but clearly it needs to be better communicated to the end user.
    I reinstalled windows 11 recently and had to manually re-encrypt the boot drive, which also prompted me to save a copy of the key. I had the option of backing up to my MS account, saving a txt file (which it refuses to let you place on any encrypted drive, even if it’s a different one to the one you’re encrypting at the time), or print it (which can be to a PDF you can save anywhere). It’s possible to access the backup options at any time after that as well. I usually take the last option, save the pdf to the same drive then copy paste the key into my password manager then delete the file.

  • Raxiel@lemmy.worldtoAssholeDesign@lemmy.worldPaid for MS Excel out of the goodness of my heart so now I get this popup every 2 hours...English
    3·
    2 years ago

    You don’t have to give Microsoft the key (unless you want the “backup” option) but the OS has to have the key locally while it’s running in order to be able to read the data on the drive (and also write new data).
    In typical usage The TPM holds the key, but it’s the OS that generated the key and encrypted the drive in the first place. I don’t know the technical details but the TPM recognises the OS install that programmed it and will only automatically unlock and provide the key for that. If you change it by swapping the drive or booting to a different device it remains locked and any alternative OS requires the key to be entered manually.