Home > Questions

Without setting up any password for BitLocker, is it useless?

I just realized that a new Surface Pro out of the box is encrypted, which is great. However, if you never setup a password (or unlock it from a USB) of some sort to unlock the drive, is this encryption doing anything? I feel like the answer is somehow yes but I can't put my finger on how or why. Perhaps you gents could fill me in?

Best Answered by

Amanda Wong

Answered on Tuesday, August 27, 2024

The BitLocker drive encryption is not useless even if it is not combined with any user password or USB key. It still encrypts your drive and protects the data from unauthorized access. 

According to your description, you have enabled the BitLocker on your computer's internal hard drive without setting any password or USB key, then the BitLocker should be used with TPM(Trusted Platform Module), a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform.

In addition, it could also be the BitLocker Automatic Drive Encryption(also called Device Encryption). Windows automatically enables Device Encryption on devices that support Modern Standby when you log in using a corporate domain account or sign in to your device with a Microsoft account. This explains why some Windows users find the BitLocker is turned on automatically on their computer drives.

To deploy BitLocker encryption, three authentication schemes can be utilized as building blocks, including transparent operation mode, user authentication mode, and USB key mode. And your case is using the transparent operation mode which authenticates the access with TPM.

Indeed, it is not that secure because you can launch the original OS in its original configuration with extra authentication. If your computer is lost or stolen, the data can be accessed with ease. Only if a single component is altered such as a BIOS update, an OS change, etc., the recovery mode will be triggered and prompts for the BitLocker Drive Encryption Recovery Key.

In a word, even if there is no password and USB key, BitLocker also works to encrypt the data. But it is always recommended to combine with another authentication mechanism to enhance the security of your data.