In 2007, Microsoft unveiled BitLocker storage encryption as part of Windows Vista, initially restricting its availability to the Enterprise and Ultimate editions. Over the years, BitLocker has evolved into a fundamental feature of the Windows operating system. With the introduction of Windows 11, BitLocker is now activated by default for users signing in with a Microsoft account during the Out-Of-Box Experience (OOBE). While this automatic encryption aims to enhance security, it can also lead to unintended complications.
Unexpected Encryption Woes
A recent incident shared on Reddit highlights the potential pitfalls of this new approach. A user, referred to as Soup, encountered a frustrating situation after deciding to reset their PC and install a fresh copy of Windows. Soup’s system comprised six drives, including a boot drive and two substantial data backups, each boasting a capacity of three terabytes on the D: and E: disks. However, upon rebooting into Windows post-reinstallation, these two drives appeared to have vanished, rendered inaccessible by BitLocker encryption, which had activated without any prior consent.
Testing has shown that BitLocker can significantly impact the performance of affected SSDs, slowing down random read/write speeds by as much as 45%. This performance degradation occurs because the CPU is tasked with encrypting and decrypting data continuously, potentially leading to a sluggish user experience—an issue Soup likely faced.
It is crucial to understand that the software version of BitLocker, which operates on your CPU, differs from the hardware version known as “OPAL.” The OPAL version offers superior performance compared to having no encryption at all, but it does not automatically enable itself. Some users have reported that even minor adjustments, such as changing the boot order, can trigger BitLocker activation, especially if the feature was not already enabled during the initial setup of Windows 11.
Interestingly, BitLocker does not exhibit the same behavior on Windows 10, nor does it activate automatically for users upgrading directly from Windows 10 to 11. Unfortunately for Soup, the only recourse now appears to be wiping the affected drives and starting anew. This incident serves as a reminder for users to remain vigilant regarding their data security settings, particularly when dealing with large corporations that may impose restrictions on user autonomy.
To mitigate such risks, it is advisable to regularly check and disable BitLocker if it is not needed, following established guidelines. Additionally, users should document any important encryption keys and maintain backups of sensitive data that cannot be easily replaced.
