If you use encryption to protect the data on your SSD running Windows 10, then you’ll want to know about a change Microsoft has recently implemented in the preview version of the OS, switching its BitLocker tool to default to software encryption rather than hardware, after major security issues were discovered with the latter last year.
Let’s briefly rewind to June of last year, then, when vulnerabilities were discovered when it came to the hardware encryption of self-encrypting SSDs. It emerged that this encryption could be bypassed relatively easily by re-flashing the firmware of the drive (note that the problem only affects solid-state drives, not traditional hard disks).
And BitLocker used hardware encryption rather than software by default, because it’s a faster method that consumes less system resources.
Last summer, Microsoft suggested that users switch to software encryption because of the aforementioned potential exploit that could be leveraged against hardware encryption.
And now the company has actually switched the default encryption to software – at least in testing for now – for this exact reason, even though it’s not optimal in terms of resource usage.
Configure it out
As Tero Alhonen spotted on Twitter (via MS Power User), under group policy settings, BitLocker now tells you: “If you do not configure this policy setting, BitLocker will use software-based encryption.”
Windows 10 build 18317 BitLocker GPO opts out hardware-based encryption.”If you do not configure this policy setting, BitLocker will use software-based encryption” Used to be”If you do not configure this policy setting, BitLocker will use hardware-based encryption” pic.twitter.com/5oMybPHP3UJanuary 16, 2019
As we mentioned, this is only the case for those testing Windows 10 at the moment, having been introduced in the latest preview build of the operating system. Build 18317 also made a major change in terms of divorcing Cortana from the search box on the taskbar.
Microsoft is trying to push on the security front with Windows 10 of late, having introduced a number of fresh features such as password-free logins, and a new Windows Sandbox which provides a temporary isolated environment in which to open potentially suspicious files.