Windows 10: Bitlock with yubikey pin entry

Hello,I have setup bitlocker to use a smartcard, in my case a yubikey, to unlock a drive. To unlock the drive, a pin entry dialog is shown. When I click on the desktop for example, the pin entry dialog loses focus, but when I click back on the pin entry dialog the focus is not returned. I cannot abandon the pin entry dialog by clicking the close button "X" top right, or go back to entering the pin. If I want to I can once again attempt to unlock the drive, giving me a second pin entry dialog. I can continue like this mutiple times, leading to numerous pin entry dialogs.Is there a known fix for

:)

 

Bitlocker, Yubikey and TPM?

Hi, I want to protect the data stored on the hard disk drives of my PC. The purpose is: * to prevent someone physically accessing my PC and pluging a bootable USB stick from reading/modifying the content of my HDDs * to prevent someone from reading/modifying the content of my HDDs if they physically pull my HDDs out of my PC and put them in another PC 1/ I think Bitlocker is the way to go: it's free and already built-in Windows. I already gave Bitlocker a try on another older PC and I like it but in order to guarantee a strong level of security, Bitlocker must use a strong password, which is a pain to remember and a pain to type each time the PC boots. Not to mention I will have to type this PW every time I want to open a bitlocked partition (all partitions will be bitlocked). 2/ This is why I plan to buy a Yubikey, but I'm not sure I can have it working the way I want. What I want is: everytime I boot the PC I have to plug the Yubikey in a USB port of my PC so that Bitlocker is automatically unlocked without the hassle of typing a Password. And when I open File Explorer, I can open every bitlocked partitions just like if they were not encrypted with Bitlocker as long as my Yubikey is still plugged in. Can you tell me if it's doable? I find most of Yubikey tutorials being hard to understand and before I choose to buy a pair of these, I want to make sure it will work as expected. 3/ I also have concerns about TPM. This subject is a bit unclear to me as well. I read this thread, but still didn't manage to perfectly understand it: Verify Trusted Platform Module (TPM) Chip on Windows PC I have an Asus Prime TRX40-Pro S mobo, with a AMD Threadripper 3990X cpu. Here is what the Powershell get-tpm command says:

My question is: say in the future I replace my motherboard, or I replace my cpu. Will I still be able to read the content of my Bitlocked HDDs? (as I guess by replacing these hardware components, the TPM keys will change as well) Or, which is a bit the same, if I pull out the HDDs of my PC and I plug them into another PC, will I be able to read them? Given I have the Yubikey of course. It's an interesting but hard topic to me so I hope all of this makes sense *Smile Thank you in advance for your answers, Windows 10 Pro version 21H1 (OS Build 19043.928). I am currently installing Windows and the PC is not connected to internet yet, this is why Windows is not up to date yet.

 

Yubikey 5 and certreq

Hi Tim. I'm Greg, 10 years awarded Windows MVP, here to help you.

See here how to manage Yubikey 5 with Bitlocker enabled:

https://www.reddit.com/r/yubikey/comments/ryvj9...

https://support.yubico.com/hc/en-us/articles/36...

https://cloudbrothers.info/en/til-unlock-bitloc...

https://www.reddit.com/r/yubikey/comments/qcemc...

https://www.reddit.com/r/yubikey/comments/haf04...

For further help with this contact Yubikey Support here:

Contact Us

https://support.yubico.com/hc/en-us/requests/new

Feel free to ask back any questions. Based on the results you post back I may have other suggestions if necessary.

______________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.

 

When I register my yubo yubikey on my windows laptop don't I have to use the yubikey on my computer.

Hi, Howard_35_78

Welcome to the MicroSoft Community.



Yes, you must first register your YubiKey with your Outlook.com account, irrespective of whether you are using a local or an administrator account on your computer. Here’s how you can set it up:

1. Enable Two-Step Verification:
   
   • Log into your Outlook.com account.
     
   • Go to ‘Security Settings’ and enable ‘Two-step Verification’.
     
2. Add YubiKey as a Security Key:
   
   • In the ‘Security Basics’ page, click on ‘More Security Options’.
     
   • Under the ‘Windows Hello and Security Keys’ section, click on ‘Set up a Security key’.
     
   • Follow the prompts to add your YubiKey as a security key.
     

After these steps, you can use your YubiKey to authenticate yourself when logging into your Outlook.com account from any computer. When you insert your YubiKey into a USB port and touch the button on the YubiKey, it generates a one-time password to authenticate your login. This means that you don’t have to remember a password, making your account more secure against phishing and other attacks.

The YubiKey 5C NFC works with both local and administrator accounts and can be used to secure a wide range of online services that support FIDO U2F or FIDO2 protocols, including Microsoft accounts. Remember, it’s always recommended to have a backup login method (like a secondary email, phone number, or another security key) in case you lose your YubiKey.



If there is anything not clear or I can't understand your problem, please do not hesitate to let me know.



Best Regards

Martin | Microsoft Community Support Specialist