The Intercept wrote about this issue – which is not new – and then Ars Technica wrote about it more accurately. This is not a devious plot to steal your junk (even though it could be used to do that) but rather an effort to have you not want to fly out to Redmond and wreak havoc when you didn’t back up your encryption key – not that users would ever fail to make backups.
So here is what the evil Microsoft does. Most of you have probably heard of Bitlocker, Microsoft’s disk encryption software. Well that is only available in higher end versions of Windows, so Microsoft created a stripped down version for home users called device encryption. While Bitlocker can do things like require you to have a flash drive with the decryption key on it in order to boot your PC, integrate with Active Directory and many other things, device encryption just does simple stuff. It encrypts the built in hard drive so that if your laptop is stolen the bad guys can’t easily steal all your information.
The problem Microsoft had was where to store the backup copy of the key. Since this is a consumer version, the user does not have their own Active Directory Forest (OK, for you geeks out there that do have an AD Forest at home, you likely are not using Windows Home). So they store the key in the Microsoft cloud. They have been doing this since Windows 8.1. They do this so that if you are locked out of your computer you can log on to your Microsoft account from another computer to get your recovery key and get back in.
That key is protected by your account password (by this I assume they mean your Microsoft account password, not your local Windows account password). SO, if your Microsoft password is PASSWORD1, then the fact that the recovery key is sitting on Microsoft’s servers could be a problem. If, instead, your account password is something more reasonable, then, probably, the risk is low.
Also, if you set up your PC to log in with a local userid and password instead of a Microsoft cloud ID, you are likely safe.
If you are a member of the tin foil hat crowd and have the tin foil badge to prove it, The Ars article below gives you instructions for removing that recovery key from Microsoft’s servers and how to change the key after you do that.
THEN, the onus is on you. You lose the key – get ready to format the disk and start over.
As always, this is a convenience vs. security question.
Unfortunately, more people are likely to curse at Microsoft for not protecting them from themselves than hug them. Hence they copy the key to their servers.
So this one is simple. You choose. No biggie.
Information for this post came from Ars Technica.