I certainly wouldn’t want end users calling me because they lost their recovery keys and consequently all their data. So I can understand offering or even recommending fallbacks.
The real solution would be clear and obvious documented choice for an informed decision. Online backup for fallback but meaning possibility of court order compromise and other external management risks, or self-managed with no recovery in case of loss.
Indeed. I think that you have to remember that the vast majority of BitLocker users would go from no encryption to encryption with your key in the Cloud. Given the he risk of complete data loss this is imo a decent risk/reward in most cases. You need both the physical computer and the MS account login, and the US government also has the latter.
If you want to make an active and informed decision there is of course much better option s, but know that you would be responsible to keep the unlock key safe or risk total data loss.
Wasn’t this by design? Otherwise why keeping the decryption keys on servers located in the united states’?
It’s a consequence of the design.
I certainly wouldn’t want end users calling me because they lost their recovery keys and consequently all their data. So I can understand offering or even recommending fallbacks.
The real solution would be clear and obvious documented choice for an informed decision. Online backup for fallback but meaning possibility of court order compromise and other external management risks, or self-managed with no recovery in case of loss.
Indeed. I think that you have to remember that the vast majority of BitLocker users would go from no encryption to encryption with your key in the Cloud. Given the he risk of complete data loss this is imo a decent risk/reward in most cases. You need both the physical computer and the MS account login, and the US government also has the latter.
If you want to make an active and informed decision there is of course much better option s, but know that you would be responsible to keep the unlock key safe or risk total data loss.