Monday, July 22, 2024

Mandatory Microsoft accounts for Windows 11 Home might be a good thing

Mandatory Microsoft accounts for Windows 11 Home might be a good thing

Are you still typing in all-caps BECAUSE WINDOWS 11 HOME WILL FORCE USERS TO HAVE A MICROSOFT ACCOUNT? Lighten up.

I, like you, detest being forced to have an account just to use every new Microsoft product. It feels like a craven attempt to spam my inbox with marketing offers. It’s equally hard to read about how many Windows PCs won’t qualify for Windows 11, even if we understand better now why Microsoft requires a TPM for the new operating system. But taking all these big changes as signs about the direction Windows 11 is going, the account requirement starts to make more sense. Clearly Microsoft wants to increase the baseline security of every Windows 11 PC, far beyond what’s ever been required before. 

One of the features where the MSA will matter is with BitLocker, which encrypts the contents of the storage drive. BitLocker has been available since Windows 8. On Windows 10, it’s been on by default on newer machines that support a feature called Modern Standby (basically making PCs wake up as fast as your phone). If you haven’t noticed BitLocker on your new computer it may be because, well, you skipped creating a Microsoft account and used a local account. If you did that, BitLocker is not turned on. 

BitLocker will be enabled by default on all Windows 11 PCs. Once the drive is encrypted with BitLocker, Windows asks where you’d like to back up the encryption key. The key reduces the odds of the data being tampered with, should your laptop get stolen or lost. It’s stored inside of the firmware TPM in the CPU, or in a discrete TPM 2.0 module, where it will be called upon to unseal the drive during the login process.

If there’s a catastrophic failure of the PC’s motherboard and you’re forced to pull the drive out of the laptop to access elsewhere, you cannot unseal it without the BitLocker encryption key. No problem, you think—I’ll just find that USB key or piece of paper where I wrote it down three years ago, because I opted not to store it in my Microsoft account.

If you opted not to store your BitLocker key in an Microsoft account, and you lost the key—you’re out of luck.

You see the problem here? If Microsoft’s vision is to put a shield around every single new consumer PC, it wants to remove variables like humanity’s tendency to misplace scraps of paper with keys written on them. It could happen to anyone. Microsoft doesn’t want you to lose access to your drive just because you’re disorganized or unlucky. 

Note, however, that only Windows 11 Home requires the login, while Windows 11 Pro won’t. A Windows 10 Pro user is likely to be more advanced and able to manage the key on their own—or accept Microsoft’s help and store the key in their Microsoft account.

If you think your PC will never get of your control, think again. I recently found an abandoned gaming PC someone had tossed on the road. Besides pulling the graphics card out of the box, I also saved the 128GB SSD and 1TB hard drive. And yes, there was no BitLocker, so it was easy to access the resume, personal files, games saves and business files the person had left there, assuming unplugging the SATA cable was enough to prevent access. I erased the data before redeploying the drives and graphics card to a needy person. If this person had had BitLocker forced on by default, the data would have been out of my grasp.

Do I know for certain if saving consumers from themselves is the motivation for requiring a Microsoft Account for Windows 11 Home? No. However, the rationale all points back to Microsoft’s decision to lock down security for all Windows 11 users for their own good. Whether that’s where Microsoft ends up, I don’t know, but at least this makes more sense than what we’ve been told so far.

Similar Posts