2

I enabled Bitlocker in Windows-8 and now it just automatically boots the entire OS without a password...

My goal: if my laptop is stolen, I don't want my data to be accessible.

When I enabled Bitlocker in Windows, it didn't even ask me if I wanted to use a Bitlocker PIN. I use a Dell Lattitude with TPM. I haven't set a system password, admin password or hdd password.

Improve this question
4
  • Perhaps you should set a password for your Windows login? You could verify the disk encryption by booting to other media and attempting to mount, browse the disk.
    – adric
    Commented Oct 10, 2013 at 18:52
  • 1
    When I set a password for my Windows login it still automatically starts all services, e.g. Teamviewer, before I have even logged in. This hardly makes me feel that the data is inaccessible without authenticating to Windows with my username/password. Booting other media (e.g. Live CD) is a good idea, although Linux not being able to read it, doesn't mean that Windows can't. I don't know of bootable Windows Live CD's though, I'll have to figure that out.
    – ujjain
    Commented Oct 10, 2013 at 18:59
  • Yeah, that doesn't sound so great. Typically a Full Disk Encryption system uses a boot loader password prompt and/or hooks into the OS for authentication. If you can get into the operating system without any authentication then you don't have any protection against someone else accessing your data locally. Remotely is also a concern..
    – adric
    Commented Oct 10, 2013 at 19:30
  • To your other point, Linux can read Windows files just fine (these days) so a Linux live image is a good way to test disk encryption. If your FDE is working then the Linux environment should be able to see the drive and it's partitions but not interpret the data.
    – adric
    Commented Oct 10, 2013 at 19:32

1 Answer 1

Reset to default
0

Bitlocker doesn't protect your computer from being used.
What it does do is protect your hard drive from being mounted on another computer and read that way.
As Adric mentioned is his comment, you can test this by removing the HDD and trying to use/read it on another computer.

You can also check by booting with a LiveCD and attempting to mount and read from your HDD.
Bitlocker should prevent this access.

Improve this answer
4
  • Removing the HDD from a laptop is a big hassle. I also don't have another computer at hand. So Bitlocker would still allow thieves to obtain my data simply by booting my laptop with a Live CD?
    – ujjain
    Commented Oct 10, 2013 at 19:01
  • 1
    No, not with a LiveCD. The only way is if they can boot it up just like you do into your Windows installation.
    – Kemo Sabe
    Commented Oct 10, 2013 at 19:09
  • Ok, but how does the BIOS / EFI boot up the system if the system files themselves are encrypted? Even if boot loader wasn't encrypted it needs to hold the decryption key in order to access the system files or not? In linux you usually have the decryption keyfile that is encrypted as well and ask you for a password on boot (in initramfs). Then it uses the key do decrypt the system partition and resume booting process. On windows it doesn't, which implies that the decryption key is not protected and hackers could somehow extract it from bootloader in order to decrypt the drive.
    – Petr
    Commented Jan 30, 2016 at 14:09
  • The key comes from TPM and will only be revealed if the environment is secure/has not been changed; it is not on the hard drive.
    – divB
    Commented Nov 22, 2016 at 18:17

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .