Do you guys use Bitlocker on your home/Personal machines?

[jordan12]

So we were talking at work today about Bitlocker at home, and I seem to be in the minority that I do not use Bitlocker on my personal desktop at home.

So what say you gents? What is your stance on this for home machines? I always thought that BL slows the machine down and can wear out the SSD faster.

 

[criccio]

No, but I use the Home variants of Windows at home so its never been an option.

 

[kirbyrj]

No, I don't use it at home.

 

[Okatis]

Not sure about wear but perf of the drive is impacted and NVMe is typically recommended. Tom's Hardware did a comparison of Bitlocker software encryption enabled/disabled on a Samsung 990 Pro and some figures I noted (disabled and enabled, respectively):

- PCMark: 607MBps vs 490MBps
- CrystalDiskMark: 5110MBps vs 4547MBps
- DiskBench 'file folder' of 50GB: 1647MBps vs 1435MBps

As for the title question, I don't currently but planning to for a subset of drives (for data isolation rather than theft purposes).

 

[dogDAbone]

Well, if you consider the exploding AI-injecting takeover bot that I have planted on all my drives as a "bitlocker" then yes, I do use it at home

It encrypts everything, then encrypts the encryption keys, which then immediately deletes all of the data on the attacking machine, and then deletes the person/company/website/virus responsible

/s (or not)

 

[Shoganai]

I've never had a good experience with BitLocker. The only thing I use BitLocker for is securely wiping spinner drives.

 

[jarablue]

I heard in the upcoming windows update it is going to be turned on for everyone. I hope not home users. I checked mine via the command prompt and it is disabled currently. I'd like to keep it that way. I have the home ed. of Win11.

Check via the command line to see if yours is enabled. Run this manage-bde -status

 

[BlueLineSwinger]

No, but I use the Home variants of Windows at home so its never been an option.

There is a "BitLocker Lite" option to encrypt under Win10/11 Home. e.g.:
https://www.windowscentral.com/how-enable-device-encryption-windows-10-home
https://pureinfotech.com/enable-bitlocker-device-encryption-windows-11-home/

Personally, I don't encrypt my desktop system. My laptop (a Linux system), on the other hand, is encrypted.

 

[criccio]

I heard in the upcoming windows update it is going to be turned on for everyone. I hope not home users. I checked mine via the command prompt and it is disabled currently. I'd like to keep it that way. I have the home ed. of Win11.

Check via the command line to see if yours is enabled. Run this manage-bde -status

That's likely exactly why the OP created this thread.

Also there is no sense in simply wondering about things, these days you look things up.

https://www.tomshardware.com/softwa...happens-on-both-clean-installs-and-reinstalls

Microsoft already enables BitLocker by default in Windows 11 23H2, but starting with Windows 11 24H2, Microsoft is apparently implementing a new setup process that automatically activates BitLocker encryption during reinstallation

The caveat with Windows 11 Home is that BitLocker encryption is only applied through the device manufacturer, and only if the manufacturer enables the encryption flag in the UEFI. So, DIY PCs running Windows 11 Home probably won't be affected.

Regardless, any Windows 11 version that has BitLocker functionality will now automatically have that activated/reactivated during reinstallations starting with 24H2. This behavior applies to clean installs of Windows 11 24H2 and system upgrades to version 24H2. Systems that upgrade to Windows 11 24H2 automatically have the Device Encryption flag turned on, but it only takes effect (for some reason) once Windows 11 24H2 is reinstalled on the machine. Not only is the C: drive encrypted, but all other drives connected to the machine will be encrypted as well during reinstallation.

 

[jarablue]

Well I am going to decrypt my win11 home install as soon as it happens. I don't need or want it on a home gaming machine that does nothing but play games. I hope at least we will have the option to decrypt the drive. Not some forced on bullshit.

Edit: never mind you can decrypt it. That's good.

 

[jarablue]

"Also there is no sense in simply wondering about things, these days you look things up."

I am from a different time. I value conversation instead of burying my face in a phone. Old skool. I could of easily looked it up. That is not what I was trying to get at. I'm old.

 

[cpufrost]

Well I am going to decrypt my win11 home install as soon as it happens. I don't need or want it on a home gaming machine that does nothing but play games. I hope at least we will have the option to decrypt the drive. Not some forced on bullshit.

Edit: never mind you can decrypt it. That's good.

From elevated command prompt:

manage-bde -off x:

where x is the drive letter you want to decrypt.

While it's running check out disk transfer rate in task manager.

 

[toast0]

I don't encrypt my personal devices. If something goes wrong, I'd rather have a chance of data recovery.

I do encrypt my work computer because work policy. And I encrypt my budget hosting drive because those guys are clowns and I don't trust them to wipe my drives when I'm done (but they're cheap), I got someone else's proxmox drive once. It's a pain to console in when I reboot, but I don't need to worry about whatever junk they do.

 

[criccio]

Well I am going to decrypt my win11 home install as soon as it happens.

Did you build your PC and install Windows yourself?

 

[Captain Newmackwa]

Desktop at home, no.

Laptop, yes.

 

[jarablue]

Did you build your PC and install Windows yourself?

Yeah I read that it won't enable it by default on builds similar to that. If it does happen for any reason, I'll just remove the encryption. Easy enough to do.

 

[GotNoRice]

I can't see any reason to encrypt your drive using bitlocker unless you keep sensitive information on your hard drive and are worried about someone physically stealing your computer. In something like an office or a medical facility it would make sense, since presumably there would be sensitive information on it, and it could fairly easily be stolen. But if you are actually worried about someone breaking into your house and stealing your computer, then you have bigger problems to fix first.

 

[izx]

On a desktop at home, not really, but I might experiment with hardware Bitlocker on a compatible SSD (990 Pro)—zero performance hit. From what I understand of Samsung SSD's HW Bitlocker support, if you need to upgrade/replace/clone the drive in the future, you'll lose hardware Bitlocker support (it only works with fresh installs).

On a home laptop that does move around - yes. The performance hit is minor on modern laptops/NVME SSDs.

 

[jarablue]

How does hardware bitlocker work on 990 pros? I have a 1tb 990 pro as my od drive and a 2tb 990 pro with heatsink as my data/movies/games drive.

How does that work? How do you set it up? Yes I could look it up but I am old skool and like talking to each other.

 

[daglesj]

It doesnt work on Home machines (well it does but it ends in tears).

Most people do not know its encrypted. Most do not have their unlock key as a result. Sometimes its hidden in the MS Account but people cant find it. That or they do not have a MS account and therefore no key.

Then MS decided to rollout BIOS updates in Windows Update...that reset the Secureboot/TPM settings and bingo you need the unlock key...oops.

If I get a machine from a customer and it doesnt boot I have to now ask if its encrypted just in case I need the key...you can imagine the dumb sounds over the phone when most don't even know their MS365 account or email password.

Just three more years and I can retire from this shit...I'm so fed up with poorly thought out ideas from the 24 year olds working in tech nowadays. Those guys never ever want to think through the pitfalls of their "great ideas" like we did 20+ yeas ago. No one wants to be upset in a tech meeting I guess. But sometimes you have to say "Jack...your idea is a load of crap because...." And no I'm not a boomer!"

 

[daglesj]

I can't see any reason to encrypt your drive using bitlocker unless you keep sensitive information on your hard drive and are worried about someone physically stealing your computer. In something like an office or a medical facility it would make sense, since presumably there would be sensitive information on it, and it could fairly easily be stolen. But if you are actually worried about someone breaking into your house and stealing your computer, then you have bigger problems to fix first.

I always say "Do you have data on your laptop that Tom Cruise will want to come down the skylight on a wire for?"

"Erm no, not really!"

I only encrypt anyone with a machine for business use that holds an amount of customer data for GDPR purposes. For GDPR the long and the short is if you can show you made a 'reasonable effort' to protect your data then you are okay in most cases.

It only has to hold the guy who knicked it out for 3 minutes before he sells it down the pub and it gets wiped and rebuilt or scrapped for parts.

 

[MrGuvernment]

Run linux, LUKS2 encrypted...I have had my house broken into once before and computers stolen, so now, go ahead, steal it, you are not getting a dam thing off it!

Why not do it? most theft are ones of opportunity, no one thinks there house will be broken into and robbed, until it happens. You may think you have nothing important on your computer, but you might be suprised, pictures of ID taken ever? any documents with info, SS"s saved in a text file.. list goes on and on.

 

[aliaskary77]

I have never messed with BitLocker. Can you select which drives are encrypted? If so, I might not encrypt OS or drives with no critical info (games/media), but would a drive specifically with my personal info (photos/financial/health, etc)

 

[Shoganai]

I have never messed with BitLocker. Can you select which drives are encrypted? If so, I might not encrypt OS or drives with no critical info (games/media), but would a drive specifically with my personal info (photos/financial/health, etc)

Yes, you an encrypt any drive you want.

 

[mjoeTW]

I would normally create a small partition and use Bitlocker on that, but never the main OS partition.

 

[chameleoneel]

I have never messed with BitLocker. Can you select which drives are encrypted? If so, I might not encrypt OS or drives with no critical info (games/media), but would a drive specifically with my personal info (photos/financial/health, etc)

FYI

For a "Home" version of Windows, you do not get access to Bitlocker. You get Windows Device Encryption. It will Encrypt all internal drives. No picking and choosing. I'm unclear if it will also encrypt external drives connected at the time you activate device encryption----but it seems like it might.
Windows Device Encryption is said to have less system resource overhead. But, its also probably technically less good encryption, than Bitlocker.



For actual Bitlocker, with granular functionality, including picking and choosing drives, as well as other options: you need a "Pro" version of Windows.

 

[aliaskary77]

FYI

For a "Home" version of Windows, you do not get access to Bitlocker. You get Windows Device Encryption. It will Encrypt all internal drives. No picking and choosing. I'm unclear if it will also encrypt external drives connected at the time you activate device encryption----but it seems like it might.
Windows Device Encryption is said to have less system resource overhead. But, its also probably technically less good encryption, than Bitlocker.



For actual Bitlocker, with granular functionality, including picking and choosing drives, as well as other options: you need a "Pro" version of Windows.

Thanks. For all my personal machines, I only use Pro. Will look into this for my critical data.

On my external USB backup drive, I have been using a VeraCrypt volume.