• MystikIncarnate
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    2
    ·
    3 months ago

    This has been happening for a lot longer than just Windows 11.

    Several people I’ve spoken to, who have purchased OEM computers from the likes of Dell, HP, Lenovo and others, did not know that bitlocker FDE was enabled, and they were not aware that they needed to back up their recovery key.

    On at least one occasion, this caused someone to lose the contents of their laptop when Windows failed to finish booting into the OS. The drive was fine as far as I could tell, but the content on the drive would not complete the boot up sequence and would bsod/boot loop the system, so data retrieval was not possible without the recovery key, which they did not have. That was a Windows 10 Dell system from 2020 or so.

    My opinion is that FDE is a good thing.

    My advice is if you have FDE enabled, backup your recovery keys. It’s easy, but it won’t directly save to a file on the filesystem that’s locked by the key to which the recovery key applies. The easiest workaround is to “print” it, then use the built in Microsoft print to PDF, then dump it wherever you want. Afterwards, put it somewhere safe. Doesn’t matter where, but anywhere that isn’t the encrypted drive. Maybe Google drive, maybe a USB flash drive, maybe email it to yourself. I dunno, just somewhere you can retrieve if that system isn’t working.

    When you’re done doing that, go check the same on your parents computers, friends, brothers and sisters… If they’re someone you care about, and they have a windows computer, check. Get those recovery keys backed up somewhere.