[alwaysanon]

I don't love this move (I think people should still get the choice) bit do get it a bit more after doing IT support for the in-laws. My sister in law, who is not super tech savvy, has forgotten her password and also been prompted for the Bitlocker Recovery Key and called me on both occasions all upset.

Given she had signed in with a Microsoft account, we were able to get the password reset there as well as retrieve the key from there. If it was a local account then I imagine both would have been much harder. So for 'most people' it is probably a good thing.

[mrmuagi]

> If it was a local account then I imagine both would have been much harder.

Suprisingly I needed to hack into an old admin account password on a laptop (that I setup on a family member's laptop) and it was suprisingly easy. After installing some software on a USB stick and choosing it as a boot device I was able to bypass the login password completely. Forgot the name of the software I used -- but there are literally a bunch of competiting alternatives.

[selfhoster11]

Every single Linux live USB can access the underlying partitions freely. Or if you prefer, you can instead use it to remove the local password and reboot onto an unlocked OS.

[alwaysanon]

I should have mentioned she lives 2.5 hrs away. I am sure I could have done it if it was local and I'd have driven there (I've run Fedora for ages on a laptop focused on containers as one of my machines so know my way around things) - but in this case it was as easy as going through the Microsoft Account password reset process. And I was able to mostly just point her at that/MS rather than need to do anything myself - which was nice.

Also my subsequent experience with the Bitlocker recovery key is that the machine is encrypted so I may have stuggled with mounting it from a Linux LiveCD and using the tools you describe. I doubt she turned this on herself so maybe the vendor (Lenovo) did?

I also think they are now turning Bitlocker on by default on all Windows 11 installs as well (it is why they want the TPMs as a requirement). Which is likely part of the reason they are now forcing this issue a bit so as not to have people all over with bricked machines and data loss if they can't recover the key. If you are AD joined it puts the recovery key on the computer account in AD - but for these home users they don't have that benefit and the cloud is a good place for it.

[selfhoster11]

Maybe the right thing to do here was to not apply Bitlocker if she wasn't trained on how to use encryption. Or, you know, if she wanted to set up encryption anyway and you're already helping her with tech, the backup key could live in your password manager in case she ever needed it.

[BenjiWiebe]

Actually local accounts are far easier to reset the password on. Well, easier if you are the neighborhood computer repair guy.