Question [Solved] Bitlocker is not asking for password at boot anymore ?

[jpaul1]

Hello, i bought and installed bitlocker months ago. and back then it locked the PC at boot. just after the hardware specs page that comes seconds after a boot it prompted a page with a password. no password no access to windows. it was great as i have sensitive professional data on the HDD/SSD
but recently i reinstalled windows. and if lot of stuff works now greatly. like among others a couple of demamding games, bitlocker doesn't ask me for the pasword at boot anymore. it only ask me, probably windows not bitlocker, for a 4 digits pins. still showing the drive as locked, and described as locked by bitlocker in windows. the problem is, if a thief comes around and steal my stuff, a 4 digit code is very easy to crack. just a matter of time.so the question is, is my main drive correctly locked/encrypted by bitlocker. i think it's not, but what are your thoughts

 

[USAFRet]

BitLocker is not something you "buy". It is simply a feature in Win 11 Pro.

A thief is not interested in your data. They just want to move/sell the hardware.
Unless you have the blueprints for a working cold fusion reactor, no one cares.

 

[Cilantro7536]

For ease of use, Bitlocker's key is now usually stored in the TPM. There doesn't appear to be an option to even enable a password on the system drive (but you can, for other drives). You can enable "Bitlocker preboot PIN", however.

How to Enable a Pre-Boot BitLocker PIN on Windows

If you encrypt your Windows system drive with BitLocker, you can add a PIN for additional security.

www.howtogeek.com

You windows PIN has an anti-hammering feature. Brute-forcing will be slowed down, but you should make it complex enough to make this unlikely to succeed. 4 digit PIN may not be good enough. Try at least 8-bit PIN, or better yet, randomly generated passphrase with 2-3 words.

If you look in "Manage bitlocker" in setting, or "Control Panel\System and Security\BitLocker Drive Encryption", and it says Bitlocker is on on your system drive, your Bitlocker is on.

ps: You should make sure to back up your Bitlocker's key. It's usually backed up by default to your Microsoft account, but you should look. Encrypted data without a backup key is guaranteed to turn into undecipherable trash in the future.

 

[jpaul1]

BitLocker is not something you "buy". It is simply a feature in Win 11 Pro.

A thief is not interested in your data. They just want to move/sell the hardware.
Unless you have the blueprints for a working cold fusion reactor, no one cares.

yes i bought it when i was on 10
and the data i'm talking about is video games industry related. publishing the stuff on the internet even for fun could have absolutely desastrous effects on a design level. giving a kind of open buffet to the competitors

For ease of use, Bitlocker's key is now usually stored in the TPM. There doesn't appear to be an option to even enable a password on the system drive (but you can, for other drives). You can enable "Bitlocker preboot PIN", however.

How to Enable a Pre-Boot BitLocker PIN on Windows

If you encrypt your Windows system drive with BitLocker, you can add a PIN for additional security.

www.howtogeek.com

You windows PIN has an anti-hammering feature. Brute-forcing will be slowed down, but you should make it complex enough to make this unlikely to succeed. 4 digit PIN may not be good enough. Try at least 8-bit PIN, or better yet, randomly generated passphrase with 2-3 words.

If you look in "Manage bitlocker" in setting, or "Control Panel\System and Security\BitLocker Drive Encryption", and it says Bitlocker is on on your system drive, your Bitlocker is on.

ps: You should make sure to back up your Bitlocker's key. It's usually backed up by default to your Microsoft account, but you should look. Encrypted data without a backup key is guaranteed to turn into undecipherable trash in the future.

i'm trying this immediatelty. the picture shown looks a lot to the pre-boot login page i had before reinstalling. and yes i was using a passphrase. according to Snowden it's the way to go 👍

edit: can't figure out how to set up a password instead of a pin at boot..

 

[jpaul1]

ok so i finally figured the thing out here's what i did:

1/ run the command gpedit.msc

2/ in administrator templates > windows components > bitlocker drive encryption > operating system drives, activate the three followings:

- require additional authentication at startup
- enable use of bitlocker authentication requiring preboot keyboard input on slates
- allow enhanced PINs for startup

3/ then go back to the first option (require additional authentication at startup), and there follow the steps indicated in the link given by Cilantro7536

only, and only if you did the step 2, you'll be able to create a passphrase (non-alphanumerical PIN) in step 3

Thanks a lot.