Implement BitLocker with Less Headaches

How many passwords or PINs do your employees have to remember? Between email, HR and other third-party applications, it’s overwhelming trying to remember them all.

And adding another one for BitLocker seems unnecessary.

That’s why we’ve simplified things for our clients without sacrificing security.

BitLocker is essential for safeguarding your organization’s data, so we strongly encourage our clients to opt in.

However, our default setup is to enable BitLocker without requiring a PIN to log on to your computer, and TPM 2.0 on Windows 11 allows us to do this.

Let’s talk about why we made these changes and what you can expect when you boot up your computer to start your workday.

Another PIN = Another Headache

After consulting with our security team, we concluded that requiring a PIN to log on to your computer — in addition to your Microsoft username and password — was too much of a headache for our users without offering a significant increase in security.

Instead of a prompt to first enter your PIN, you’ll be taken directly to the Microsoft login page, just like you would if you have a personal computer.

The “key” to accessing the data is no longer about you remembering a PIN. Rather, BitLocker runs a safety check to ensure there aren’t major changes to the computer (TPM updates, new hardware installation, etc.). If changes are detected, you will need a recovery key before you can log in.

It’s worth noting that a recovery key trigger is incredibly rare and most likely won’t happen during the computer’s lifespan, but it is a possibility.

BitLocker’s purpose isn’t to make it harder for attackers to log on to your computer (that’s Windows Hello’s job). It’s designed to protect your data if an attacker removes the hard drive and attempts to read its contents.

Unencrypted data can be accessed without a username and password, so we felt it was redundant to require both a PIN and a username and password combination.

Still Want a PIN? We’ll Make it Work.

If you decide you still want to implement a PIN, then we can set that up for you.

There’s nothing inherently wrong with requiring a PIN, but our recommendation is that it’s simply unnecessary.

If you’re truly looking for a more secure way to log on to your computer that doesn’t involve memorizing a password, then consider setting up facial or fingerprint recognition with Windows Hello. The biometric data stays on the device and can’t be stolen by attackers.

Windows Hello also allows you to log in using a PIN, but it’s tied to the device, so it can’t be stolen and used to sign in remotely like usernames and passwords.

Secure Your Data with BitLocker

BitLocker is a simple and effective way to protect your organization in the event of a stolen or lost device.

Fortunately, you can increase your organization’s security posture without having to remember another PIN. Let us help you set up BitLocker for stronger defenses and peace of mind.

Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.