Comment by mcmcmc

> So what happens if your motherboard gets fried and you don't have backups of your recovery key or your data?

If you don't have backups of your data, you've already lost regardless of where your recovery key lives. That's not an encryption problem, that's a "you didn't do backups" problem, which, I'll agree is a common issue. I wonder if the largest software company on the planet (with an operating system in practically every home) can help with making that better. Seems like Apple can, weird.

> TPMs do fail on occasion.

So do Microsoft's servers. Except Microsoft's servers are a target worth attacking, whereas your TPM isn't. When was the last time you heard about a targeted nation-state attack on someone's motherboard TPM versus a data breach at a cloud provider?

> A bank PIN you can call and reset, they can already verify your identity through other means.

Banks can do that because they're regulated financial institutions with actual legal obligations and consequences for getting it wrong. They also verified your identity when you opened the account, using government ID and proof of address.

Microsoft is not your bank, not your government, and has no such obligations. When they hand your keys to law enforcement, which they're legally compelled to do, you don't get a phone call asking if that's alright.

The solution to TPM failure is a local backup of your recovery key, stored securely. Not uploading it to someone else's computer and hoping for the best.