Home » Alerts » BitLocker compatibility issues with Release of Windows 10

BitLocker was designed to save the devices against all kinds of issues and make sure user never loses files or any documents. You all know that it was meant to totally remove the need for third-party safety software.

What happened then?

BitLocker is really up to the mark. It is nicely integrated into Windows, it does its task well, and it is really easy to work with. As it was designed to “shield the need of the operating system,” most who use it applied it in TPM mode, which requires no user connection to boot the device.

Here the actual problem begins.

How many users have a TPM chip on their devices? Everybody, we bet. It’s a basic piece of hardware these days. You remember moving through the personalization phase of the chip, allowing it in the BIOS, etc.? Remember, all TPMs are deactivated and shipped disabled.

You didn’t do that earlier you installed your laptops? In that case, BitLocker will be a bit of a headache for you.

Point 1) Using BitLocker without giving extra verification, you require an enabled, owned TPM with hardware chip.

Point 2) BitLocker with TPM only security is vulnerable to cold boot, Firmware, and BIOS keyboard buffer bouts.

There are a few simple attacks on TPM devices. Search for “BitLocker cold boot,” “BitLocker forensic tool” or “BitLocker Firmware and you’ll find researchers, and even a few tools that will fix your “protected” device and recover the information. There was even an unimportant way that allowed an attacker to gain access to a BitLocker secure system; this has only recently been fixed.bitlocker-600x412

To make a device safe, and by that we mean to give you security against having to reveal lots of user data to all your users if the device goes missing, you have to use some form of pre-Windows authentication. Even Microsoft recommends this kind of operation.

For BitLocker, turning on authentication gives you a pair of options. You can set a pin for the device, and, if you want, you can also use a USB storage device as a token. We wrote “pin”; we certainly did not write “your Windows user ID and password.” In fact, we didn’t comment users at all. BitLocker particularly supports one login, so if more than one person uses a device, you’re going to have to share that with everybody.

Point 3) BitLocker is secure only if you use a pin or USB stick for verification.

Point 4) There is no connection between your Windows identifications and BitLocker identifications.

Point 5) BitLocker does not hold the idea of more than one user.

Even Microsoft’s experts tell to use a six char pin, plus TPM for verification and no using it in TPM mode.

So now you’re lucky BitLocker users have PCs protected, maybe with a TPM, but mainly with some form of confirmation that is shared among the owner of the device and administrator. You perhaps have an Excel spreadsheet with everybody pin.

Point 6) BitLocker PINs are mainly Fn key based. BitLocker does not support non-US keyboards.

For all of you who have applied for public key infrastructure smart cards, bought laptops with fingerprint sensors, or who have tokens such as SafeNet cards, Datakey cards, Active Identity, personal identity verification, common access cards, e-token keys, etc. You’d like to be able to use them for confirmation to your PCs, wouldn’t you?

Point 7) BitLocker supports only USB storage gadgets and PINs no integration with any other token.

Point 8) Active Directory and other servers are needed to administrate BitLocker in a corporate atmosphere.

You want to use BitLocker to encrypt your gadgets as when they get lost or stolen, you won’t have to pay fines, or tell everybody you lost their data. You lost the device, sure, but because the data was changed, no one can get access to it.

To use this “get out of jail” card you essential to be able to prove a couple of things:

  • The safety method was suitable given the type of data.
  • That the data was certainly secured at the time of loss.

So, smearing those tests, a rule appears:

Point 9) you need additional software to prove BitLocker was permissible and saving the hard drive at the time of the theft to maintain safety from personally identifiable data laws.

Point 10) BitLocker encryption supports only Windows—with no support for other operating systems, like the Mac or Linux.

You may think that we are not big fans of BitLocker—yet that’s far from the truth. We would use it and would advise it to friends. We see it as really awesome for technical, reliable users. But that’s not the market it’s being certified for. Nothing fills us with terror more than a creativity stuff that requires yet another password, needs specific hardware that is not allowed by default, presents a black screen with white text to users, does not obey to our possible password/PIN lifetime policies, does not work on non-USA devices, and does not have audit-friendly output for the main purpose it serves, namely, to tell us whether this stolen machine is a trouble.

Every one of us really likes it for the following reasons:

  • Its local IT team can’t come and use his machine or see what’s stored on it without knowing.
  • It just likes things to be done the hard way.
  • It can write fancy scripts to turn it on and off.
  • BitLocker is mostly controlled through a command-line script.
  • It allows using the TPM chip, even though it took him a whole day to work out how to enable it.
  • It never forces to change the PIN.
  • It can turn it on and off when he likes without business IT people knowing.
  • It gets a nice DOS-like screen when it turns on his machine, just like 20 years ago.

All these Bitlocker issues are fixed by Microsoft. Still, some users will face issues in using it, for that simply contact Windows 10 Tech Support toll-free number. The technician will resolve the issues, by taking the remote access of your device if needed.