Bitlocker encryption, Windows 11 Home

comment - encryption with bitlocker - strong password.
really not needed . A SIMPLE password can suffice. i've used encryption for many years.
with bitlocker, a simple 6-digit password (or text, if you change to text) can work.
to log on with bitlocker, you get about 5 attempts to enter the correct SIMPLE password. If you mess up in that time, then it reverts to requiring the 40-character full recovery key. and believe me, the time it takes to enter that recovery key is a pain (justifiably so).
SO, you don't need a 15-character Bitlocier password, beause the timeouts are protective

cereberus said:

I have full bitlocker on my travel laptop, use a strong login password, set a strong bios password and a strong bitlocker pin (different to login pin).

Of course, no laptop is totally secure but the more barriers you put in place, the harder it is for thieves to get access to your data.

Click to expand...

Regarding 'strong login password' - can you elaborate? I have switched over from 'strong password' to 6-digit PIN, as strongly encouraged by Microsoft. I personally question the benefit of using the PIN vs the old-style password; I understand that using the PIN prevents the password from being transmitted, but I feel that is a minor risk compared to a thief stealing the laptop and logging into it. Further - a good number of people I know have forgotten their account login password because they only ever use the much-simpler PIN. So when they finally DO need to log into their MS Account, they can't get in!

As an aside on this, my smartphone was stolen while on vacation in Rome a couple of months ago. My smartphone was my '2 factor' device for all my logins (Banks, microsoft accounts, etc). So without my smartphone, I was not able to complete logins with several accounts. Now, most banks have live agents to call - but I was on a cruise and unable to easily make calls (plus there was an 8 hour time difference, and not all banks have 24Hr agents). Microsoft was the worst - they would not let me log into my MS 365 account for 10 days. I had to 'prove' who I was and it was a nightmare (I didn't have my primary laptop with me, only a tablet, and that made things more difficult). Anyway - lesson learned - do not tie all your 2FA's to one single device. Google Authenticator can be loaded on multiple devices and each instance will generate a valid code.

ree: phone, and 2FA - yes, i don't have an easy answerr for that. I try to make sure that i select alternaate meetthods if available, for 2FA,, especially fiinancial sites

re: microsoft login - it is not as critical to have strong login/PIN. reason is thhat microsoft has time delays for passwoord/pin entries; thheree is a mandated 2-second delay between entries, i believe. that helps prevent brute force attempts with thousands of passwords peerr second. ALSO, just llliike biitlocker, afterr about 5 attempts, microsoft requres a CHALLENGE PHRASE wiith exact entry. this again prevents brute force or rapid entry of codes. SO, the timing issues are what help negate reqquiremmeent for superr-long desktop entries of logins.