Sigh ... your Windows 10 device is probably only as secure as Microsoft's database

Subject: General Tech | December 29, 2015 - 02:13 PM |
Tagged: microsoft, windows 10, security

If your Windows 10 machine uses your Microsoft account as the login then your system's recovery key now resides on a Microsoft database in the cloud.  That recovery key is used in the file system encryption present on Windows 10 systems.  The backup is good news for people who find themselves with computer problems and need access to the key from a different machine, however this is also a huge security concern as your key could be stolen or demanded from Microsoft.  Follow the link from the Slashdot article to find out how to delete that back up recovery key and consider using a domain or workgroup style account as opposed to a Microsoft account to log into your machine.

View Full Size

"The fact that new Windows devices require users to backup their recovery key on Microsoft's servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they've already uploaded it to the cloud.....As soon as your recovery key leaves your computer, you have no way of knowing its fate."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Video News


December 29, 2015 | 03:31 PM - Posted by ryokurin

Yeah, people were outraged about it in August when a blog figured it out, despite the fact that it's happened since windows 8. It's when you encrypt your drive with bitlocker, not if you just have a Microsoft account.

December 29, 2015 | 04:00 PM - Posted by Polycrastinator (not verified)

Sure, but since 8.1 devices with SSDs that met other security and IO requirements (TPM, Secure Boot) automatically encrypted silently with Bitlocker as a security measure after you logged in with an MS account. The whole point of that Microsoft Account requirement is so the device could be recovered if the user forgot their password or some other event caused the TPM to think some interference had happened (and this can be caused by a lot in Windows, I saw it a half dozen times across Dell tablets deployed in a school district I supported). If you're 100% certain you can move the key elsewhere and keep it available in case of disaster, fine, delete it. But I worry this freak out means well meaning geeks will delete the keys for friends and relatives and then render their data unrecoverable when something bad happens. A PC isn't like an iPad or phone, you have to have a method of recovery, or be sure you have a really reliable backup(s).

December 29, 2015 | 06:03 PM - Posted by Anonymous (not verified)

Misleading title is misleading.

December 30, 2015 | 01:22 AM - Posted by Coupe

Garbage sensationalist article.

Whenever you start a news article with sigh, it is a waste of real estate.

December 30, 2015 | 01:41 PM - Posted by Jeremy Hellstrom

sigh, click here to see 10 things you didn't know about garbage article real estate.

December 30, 2015 | 12:32 PM - Posted by Anonymous (not verified)

The alternative is for you device to be totally unencrypted, so this is a net gain. For everyone. You are EXACTLY as vulnerable to Microsoft being coerced by a state actor (or a hack) as with an unencrypted drive, but you are less vulnerable to a regular everyday thief stealing your device.

Remember, this is for encrypted-out-of-the-box devices. If you have one of the Professional Windows variants and are using Bitlocker rather than Device Encryption, storing the recovery key becomes YOUR job unless you select the box to allow Microsoft to store it.

December 30, 2015 | 01:40 PM - Posted by Jeremy Hellstrom

This is indeed true and the spread of encryption for home users is a good thing, however it is valuable to know that there is another copy of your key floating out there.  I'm not saying this is good or bad, only that it is another example of the poor communication from Microsoft about the features included in Win10, some will want to delete the key, others will be glad to know they aren't borked if they lose access.

December 30, 2015 | 03:59 PM - Posted by Tanx (not verified)

Another week, another rag on Microsoft article. Sure you guys don't all go home to Apple devices?

This is much ado bout nothing, much like the 'privacy' issue in Windows 10. Real Storm in a Teacup stuff.

December 30, 2015 | 04:59 PM - Posted by Anonymous (not verified)

Abusive Monopolies will always be ragged on, and M$ is one Abusive Monopoly! It's too bad our elected officials are too corrupt to enforce the Abusive Monopoly laws already enacted! Apple is not trying to push its closed OS ecosystem onto any third party OEM produced PC/Laptop hardware like M$ is!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.