Technology

This is good but they need better guidance to nontechnical users how to backup their keys. Cloud backup now that they are trying to make local accounts illegal I suppose.

This one is especially fun on windows 11 home. At least it was some time ago on some machine i worked on. Since home doesn't have the bitlocker settings fully you cannot disable bitlocker encryption. It would also auto enable sometimes even if you don't have a microsoft account, which means it doesn't back the key up anywhere. Not sure it does that anymore, i hope not, but i expect a lot of people to lose their data to this crap in the future.

In either case at least i find that full disk encryption on most machines is just overkill as it only really protects in the scenario the device is stolen and someone tries to pull data off of it that way. But in the vast majority of cases when people get their data stolen its done with malware, which disk encryption does /nothing/ to prevent.

It still uses the TPM by default, instead of requireing a passphrase to be typed in on boot to unlock the keys. This still makes it an insecure mess.

https://yewtu.be/watch?v=wTl4vEednkQ

https://github.com/stacksmashing/pico-tpmsniffer

https://github.com/stacksmashing/LPCClocklessAnalyzer

Microsoft NEVER cares about your security. They just do the absolute bare minimum for compliance with stupid standards, and then advertise it as some crazy security improvement. Corporations lie to you all the time. If you want some actual security, you need to start using FOSS software. Most importantly a FOSS, Linux-based OS, and set it up with LUKS passphrase-based encryption.