[XorNot]

No one wants a preboot password though.

TPM means the system can boot and then do face login or whatever using the user's password in exactly one place.

This is as much as most users will tolerate. And it also means Microsoft account recovery can work to unlock a forgotten password.

The whole point is Microsoft don't want user devices to ever be trivially bypassed, regardless of how unlikely that is (probably more likely then you think though).

These things are everywhere: they're used by small businesses, unsophisticated users etc. but the story which will be written if anything happens because the disk was imaged sometime will be "how this small business lost everything because of a stolen Windows laptop" and include a quote about how it wouldn't have happened on a MacBook.

[mjw_byrne]

"No one wants a preboot password though" - really? Doesn't strike me as particularly inconvenient, especially given the relative rarity of actual bootups these days.

I've been using bog-standard FDE for as long as I can remember. One extra password entry per bootup for almost-perfect security seems like great value to me.

[zinekeller]

It seems that you're looking at the wrong bubble here. Most people actually detests passwords and would rather use a different method if possible (this is why ordinary users turn on biometric authentication despite some here questioning its security). Adding another password will certainly make users - especially enterprises - complain.

Also for technical reasons, Windows can't do the fancy one login/password screen (which assumes a file-level encryption, which is how it is implemented nowadays to support multiple users [1] [2]). This is due to Windows software that are expecting that everything is an ordinary file (unlike Apple which don't care on that aspect and Android which has compartmentalized storage). Even if we have an EFS-style encryption here, it will be incompatible with enterprise authentication solutions.

1: https://support.apple.com/guide/security/encryption-and-data...

2: https://source.android.com/docs/security/features/encryption

[hansvm]

> this is why ordinary users turn on biometric authentication despite some here questioning its security

That's part of the reason. Another part is BigCo spamming the users asking for biometrics or whatever the current promotion-driver is, making opting out hard to find, and using their position of authority to assert that it's "more secure" (for your personal threat model no less, nice to be able to offload thought to a corporation).

[devops99]

The more inexpensive option of the newer Trezor wallets and "login PIN" as an optional alternative to a password that also works, seems to be the best option (that I have seen so far).

The more recently released Trezor wallets are still new, and Yubikey 5C will probably be used in many places anyway just because of the keyring and no need for the usb-c cable.

[whatevaa]

Absolutely. You are an exception. Get your head outside and look around you instead of assuming.

[wkat4242]

Every phone has it these days. Doesn't seem to be a big deterrent? Laptops also need a password to log in.

In fact in many cases a preboot password is safer. Because the comms between the TPM and the OS can often be sniffed. And if the TPM doesn't need validation because it hands off its keys, it can be bypassed that way.

Again not really something that consumers have to worry about, but it's not quite difficult anymore to pull this off.

[andrewaylett]

The phones are using their TPM equivalent to do it securely, though -- there's not nearly enough entropy in a lock screen to provide robust security, but the boot-time unlock depends on both the screen lock and the hardware, and the hardware will rate limit attempts to use it to turn lock screen inputs into usable encryption keys.

[HeatrayEnjoyer]

TPM 2.0 uses encrypted bus. TPMs are also often built into the CPU