[briHass]

This is why Microsoft Windows is so adamant about having you create an online account as your means of sign-in on modern Windows versions. FDE requires it on some versions.

Telling users that forgot their password that not only do they need to reinstall Windows, but that every single document, photo, video of their grandkids, etc. is now lost forever is untenable. At the same time, FDE is important for security, so what is a reasonable compromise? Allow some form of online recovery options (secured by the full expertise of MS security folks) by linking an account to serve as your 'IT-guy managed AD in the cloud'

[dspillett]

Well, one if the official reasons/excuses. Tracking in various forms is the main reason MS is so adamant about that…

[TeMPOraL]

The most effective kind of abuse is when the abuser has something genuine to offer to convince the other party to stay in an otherwise detrimental relationship.

[jojobas]

FDE with someone "in the cloud" having the key is defeating the purpose of FDE. Windows used to offer printing a very long key on paper.

[ilammy]

Depends on your threat model.

Most people protect against access by whoever stole their laptop, with Microsoft and TLAs not being considered a threat. Those who do probably don't use Windows in the first place.

[jsmith99]

It's actually a really elegant solution as there is nil correlation of risk: the key is useless without physical access and physical access is useless without knowing the login.

Your government might be able to get the key - if that's part of your threat model - but they probably have easier ways to force you to give it up.

Anyway, FDE is often on by default. Do you really believe the average user is going to print out the backup key?! Do even tech savvy users have printouts of all their eg 2FA codes? Anyway, that would have worse correlation of risk as users would probably keep the printout next to their computer.

[ilyt]

> It's actually a really elegant solution as there is nil correlation of risk: the key is useless without physical access and physical access is useless without knowing the login.

That is assuming you somehow forget your encryption key but remember the login to your microsoft account... that you used once 2 years ago when you were installing the machine.

It also means anyone that does get the login for your MS stuff can decrypt your laptop

[pca006132]

The encryption key is much longer than the typical password, and people often use password managers to store website login, so I think it is reasonable to assume that they can forget the encryption key and remember their microsoft account login.

Anyone that does get the login for that MS account can decrypt the laptop, but often times they don't have physical access to the laptop (say some hacker who does not know you personally). If they let people around them get the credential, I think it is likely that they will let others get the encryption key even if it is not saved on the cloud.

And I think backup using the cloud is a nice option, although it would be better to have a master password that you remember and doesn't require writing it down physically. That way people having access to your cloud will not be able to read it, and you still have it when your house burn down (which does happen for some people...).