Comment by ExoticPearTree
3 hours ago
Encrypt the BL key with the user's password? I mean there are a lot of technical solutions besides "we're gonna keep the BL keys in the clear and readily available for anyone".
3 hours ago
Encrypt the BL key with the user's password? I mean there are a lot of technical solutions besides "we're gonna keep the BL keys in the clear and readily available for anyone".
For something as widely adopted as Windows, the only sensible alternative is to not encrypt the disk by default.
The default behavior will never ever be to "encrypt the disk by a key and encrypt the key with the user's password." It just doesn't work in real life. You'll have thousands of users who lost access to their disks every week.
While this is true, why even bother turning on encryption and making it harder on disk data recovery services in that case?
Inform, and Empower with real choices. Make it easy for end users to select an alternate key backup method. Some potential alternatives: Allow their bank to offer such a service. Allow friends and family to self host such a service. Etc.
This is a bit tricky as it couples the user's password with the disk encryption key. If a user changes the password they would then need to change the encryption key, or remember the previous (possibly compromised) password. A better option is to force the user to record a complex hash, but that's never going to be user friendly when it comes to the average computer user.
Basically, we need better education about the issue, but as this is the case with almost every contentious issue in the world right now, I can't imagine this particular issue will bubble to the top of the awareness heap.
I thought this was what happened. Clearly not :( That’s the idea with services like 1Password (which I suppose is ultimately doing the same thing) - you need both the key held on the device and the password.
I suppose this all falls apart when the PC unlock password is your MS account password, the MS account can reset the local password. In Mac OS / Linux, you reset the login password, you loose the keychain.
In case of 1password, I would think it would be challenging to do what you are saying, at least for shared password vaults.
At this point, end-to-end encryption is a solved problems when password managers exist. Not doing it means either Microsoft doesn't care enough, or is actually interested on keeping it this way
I wouldn't call the problem "solved" just because of password managers.
Password managers shift the paradigm and the risk factors. In terms of MFA, a password in your manager is now "something you have" rather than "something you know". The only password I know nowadays is my sign-in password that unlocks the password manager's vault. So the passwords to my bank, my health care, my video games are no longer "in my fingers" or in my head anymore, they're unknown to me!
So vault management becomes the issue rather than password management. If passwords are now "something you have" then it becomes possible to lose them. For example, if my home burns down and I show up in a public library with nothing but the clothes on my back, how do I sign into my online accounts? If the passwords were in my fingers, I could do this. But if they require my smartphone to be operational and charged and having network access, and also require passwords I don't know anymore, I'm really screwed at that library. It'd be nearly impossible for me to sign back in.
So in the days of MFA and password managers, now we need to manage the vaults, whether they're in the cloud or in local storage, and we also need to print out recovery codes on paper and store them securely somewhere physical that we can access them after a catastrophe. This is an increase in complexity.
So I contend that password managers, and their cousins the nearly-ubiquitous passkeys, are the main driving factor in people's forgetting their passwords and forgetting how to sign-in now, without relying on an app to do it for them. And that is a decrease in opsec for consumers.