Home > Questions

What's the point of BitLocker encryption on Windows 11 if you're not required to enter a password when booting up?

By default, you can just boot any computer with BitLocker encryption and get into Windows. To set a password before booting Windows, you need to do some registry editing. This used to be different on Windows 8 I think, as I recall having to enter a password before Windows started loading. What's the point of having Windows encrypted if a thief can just login to Windows anyway? I need a password at boot time.

Best Answered by

Ciki Liu

Answered on Tuesday, December 3, 2024

 

First, it's not likely you are required to enter a password before the whole system starts loading unless the machine is equipped with TPM. Then, in terms of the point of BitLocker, without the correct password or BitLocker recovery key, it prevents any unauthorized access to your encrypted disk even if the computer is turned on. 

When you encrypt your drive with BitLocker, you will have two keys at the end. One is the password you create yourself and the other is the random 48-digit recovery key generated by BitLocker. Without either of these keys, it's unable to unlock the encrypted drive even if the computer is powered up.

With that being said, if your drive is BitLocker encrypted, your data remains safe even if the system is booting up. Others who don't know the password or the recovery key can only get to the lock screen without the ability to change your password, boot into safe mode, run command prompts even remove the drive from your computer. 

If you are still concerned about the security, you can go into the BitLocker control panel and enable a PIN to enter at startup. Then everyone won't be able to boot into Windows at all without entering the correct PIN. The PIN will give you a few attempts before brute force protections start to work.