Most problems caused by the introduction of new(ish) and modern protections (like 2FA in services, encryption for the layperson's computer, etc) is a matter of BAD UI and badly thought out processes.<p>"You have the choice of making a backup when the system is set up" is NOT a solution. Do you know how many steps, things to care about, and dialogs are there to click through, when one is setting up a system? yes, we all do know. Crucial stuff is mixed with irrelevant cruft and the whole experience naturally drives the person to activate a mindless clicking mode.<p>All these security things should be accompanies with proper UX. See WhatsApp as an example: you set an account unlocking code? Ok you'll have to re-enter it every other month, to ensure you still have access to it.<p>In case of Windows, I wouldn't <i>require</i> entering a recovery key. But I would think a nagging screen every few months would be a good choice unless either a OneDrive backup can be verified to exist, or the user goes out of their way to enter some kind of Advanced Settings to disabe the nagging.
Next comes the post of "All my data was stolen and my SSN is being used to order CC in my name because my laptop was stolen and unencrypted".<p>Damned if you do...<p>But it would be helpful for Microsoft to provide a notice on first login about how to get to your backed up key in your MSFT account as well as how to make a print out of the recovery key.
I think the main issue with the default BitLocker configuration is that you must have recovery key saved somewhere (either on OneDrive, printed out, or on some other storage).<p>If something changes with the hardware/software configuration, and TPM unlock doesn't work, your data is lost, unless you have access to the recovery key.<p>This is completely different compared to other platforms, where you use a separate password (Linux LUKS), account password (macOS), or PIN (iOS, Android) to unlock the drive.
I'm not a Windows user anymore, but these days it feels like either Microsoft is fucking shit up every week or the tech media is just out to get them. Possibly a combination of both, to be fair.
Original source: <a href="https://www.reddit.com/r/Windows11/comments/1k90piu/microsoft_forces_security_on_users_yet_bitlocker/" rel="nofollow">https://www.reddit.com/r/Windows11/comments/1k90piu/microsof...</a>
BitLocker keys should be automatically backed up to OneDrive. I don't remember this mentioned in the scary "Enter BitLocker key to continue" screen that appear when TPM auto-unlock didn't work, though.
tl;dr: if you ever lose access to the Microsoft account you use to sign in to Windows 11 24H2, you have no way to recover any of your locally-stored data.