Windows 10: What’s the difference between an enhanced PIN and a password for BitLocker? Can passwords...

Discus and support What’s the difference between an enhanced PIN and a password for BitLocker? Can passwords... in Windows 10 Ask Insider to solve the problem; I was originally planning on using an enhanced PIN + TPM when booting, but since enhanced PINs can't be more than 20 characters I'm thinking of using a... Discussion in 'Windows 10 Ask Insider' started by /u/win_linx, Mar 16, 2021.

  1. /U/WIN_LINX
    /u/win_linx Win User

    What’s the difference between an enhanced PIN and a password for BitLocker? Can passwords...


    I was originally planning on using an enhanced PIN + TPM when booting, but since enhanced PINs can't be more than 20 characters I'm thinking of using a password instead. What's confusing me though is whether or not a password can also be used in conjunction with TPM, or if only a PIN can be used in conjunction with TPM. Is this the main difference between the two?

    How should I go about setting this up? I only recently upgraded to Windows 10 Education and these are the group policy settings I've changed:

    Under Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

    Allow Secure Boot for integrity validation: enabled

    Allow enhanced PINs for startup: enabled

    Require additional authentication at startup: enabled

    • Allow Bitlocker without a compatible TPM: unchecked
    • Configure TPM startup: No not allow TPM
    • Configure TPM startup PIN: Require startup PIN with TPM
    • Configure TPM startup key: Do not allow startup key with TPM
    • Configure TPM startup key and PIN: Do not allow startup key and PIN with TPM

    With these settings, I can set up an enhanced PIN just fine. As soon as I enable "Configure use of passwords for operating system drives" though, I get the error message "the group policy settings for BitLocker startup options are in conflict and cannot be applied" when selecting "Change how drive is unlocked at startup" in the Control Panel. If I change 'Configure TPM startup PIN' to do not allow instead of require, I still get an error message.

    submitted by /u/win_linx
    [link] [comments]

    :)
     
    /u/win_linx, Mar 16, 2021
    #1
  2. BRINK
    Brink Win User

    Bitlocker Questions

    PIN and password are two different ways to unlock BitLocker at startup. You would want to use a PIN for BitLocker since that's what you want. Enabling enhanced PIN for BitLocker is not required. It basically just allows you to use a more complicated PIN. Without using enhanced PIN, you would just enter a simple 4-6 digit PIN at step 10.

    Your account password is unrelated. If you want to require a password to sign in to your account in Windows, then you would want to add a password to your account. It doesn't matter if you do it before or after turning on BitLocker for your Windows OS drive.
     
    Brink, Mar 16, 2021
    #2
  3. SUNN
    sunn Win User
    Bitlocker...TPM + PIN vs Password?


    I have seen this question asked elsewhere several times, but with different answers...so I just want to make sure my understanding of BitLocker is correct.

    In the past, I had used BitLocker on several computers that did Not have a TPM...therefore I had to use a strong 30/40/50+ character password, which was not a problem. I am now working with a new computer that came with a TPM installed...so now instead of a long password, I am restricted to a maximum of 20 characters (even with enhanced PIN's enabled, it still only lets you use 20 characters, which I'm not sure why 20 is the limit?)

    From my understanding, even though it is a much shorter PIN, it is more secure than a long password because the TPM only allows up to 32 attempts before locking out...and then lets 1 more attempt every 2 hours...thereby allowing only just over 4,000 attempts per year (according to both basic math as well as a Microsoft article). Thereby making brute forcing the PIN pretty much impossible even if you use just a 6 digit number.

    In addition, if you put the hard drive in another computer, the PIN won't work...you would now need to use the recovery key/recovery password...which is also impractical to brute force.

    Is my understating pretty much correct? Or am I missing anything? At first it would seem a 50 character password is more secure than a 6 digit PIN number, but after reviewing everything, it seems that the TPM makes the PIN 'stronger' than the password? Is there any benefit to turning off the TPM in BIOS and just using a long secure password? Or is it best to stick with the TPM + PIN even though the PIN is far shorter?
     
    sunn, Mar 16, 2021
    #3
  4. DAVIDPOSTILL
    DavidPostill Win User

    What’s the difference between an enhanced PIN and a password for BitLocker? Can passwords...

    Allow enhanced PINs for startup with Bitlocker

    However, still only 0-9 characters are allowed. Why is it so?

    The setting you changed only applies to new BitLocker startup pins.

    ...

    Source BitLocker Group Policy Settings

    What else can be done?

    You can decrypt the drive and then encrypt it again, which will require you to set up another password.

    Source What is the difference between disabling BitLocker Drive Encryption and decrypting the volume?

    BitLocker Group Policy Settings

    ...

    Source BitLocker Group Policy Settings
     
    DavidPostill, Mar 16, 2021
    #4
Thema:

What’s the difference between an enhanced PIN and a password for BitLocker? Can passwords...

Loading...

  1. What’s the difference between an enhanced PIN and a password for BitLocker? Can passwords... - Similar Threads - What’s difference between

  2. What is the difference between ransomware and Microsoft's Bitlocker?

    in Windows 10 Gaming
    What is the difference between ransomware and Microsoft's Bitlocker?: Not a lot. I have never consented to have Bitlocker on my device and yet I have this mystery code that I am unable to access in order for me to access my own data. And yes I have tried all the useless suggestions from Microsoft. I have just had to pay £150 to have my computer...

  3. What is the difference between ransomware and Microsoft's Bitlocker?

    in Windows 10 Software and Apps
    What is the difference between ransomware and Microsoft's Bitlocker?: Not a lot. I have never consented to have Bitlocker on my device and yet I have this mystery code that I am unable to access in order for me to access my own data. And yes I have tried all the useless suggestions from Microsoft. I have just had to pay £150 to have my computer...

  4. What is the difference between ransomware and Microsoft's Bitlocker?

    in Windows 10 Installation and Upgrade
    What is the difference between ransomware and Microsoft's Bitlocker?: Not a lot. I have never consented to have Bitlocker on my device and yet I have this mystery code that I am unable to access in order for me to access my own data. And yes I have tried all the useless suggestions from Microsoft. I have just had to pay £150 to have my computer...

  5. The differences between Windows account PINs and passwords

    in Windows 10 News
    The differences between Windows account PINs and passwords: Microsoft's Windows 10 and 11 operating systems support several different account authentication options. There is the classic local user account and password option, the Microsoft account and password option, and options provided by Windows Hello. Use of a PIN is the most...

  6. what is different between that password 1234554321 and that password 1234554321×÷

    in Windows 10 Network and Sharing
    what is different between that password 1234554321 and that password 1234554321×÷: I can't connect to my wifi if i enter this 1234554321×÷ , If i change it to that password 1234554321 without ×÷ i can connect please help me what is that problem for...

  7. Bitlocker will not except Alphanumeric pin/password

    in AntiVirus, Firewalls and System Security
    Bitlocker will not except Alphanumeric pin/password: After a little help please I've got one laptop Acer Travelmate i5 10gen that will not take a Bitlocker pin with both letters and numbers I've just built the other 19 of a batch i'm doing fine, no dramas at all. This one though, i've ran out of ideas. DOne nothing...

  8. what is the difference between pin no. and password?

    in AntiVirus, Firewalls and System Security
    what is the difference between pin no. and password?: difference between pin number and password? https://answers.microsoft.com/en-us/windows/forum/all/what-is-the-difference-between-pin-no-and-password/1e0895fc-8429-408c-88b6-bb210ad8fd29"

  9. Different Pin Or Password For Lock Screen

    in User Accounts and Family Safety
    Different Pin Or Password For Lock Screen: I am wondering if it is possible to have a separate Pin or Password for the lock screen and sign in screen? For example: My Microsoft Account Pin and Password is known to more than myself in my home. I do not want to change the Microsoft Account Password. If I change the Pin...

  10. Bitlocker...TPM + PIN vs Password?

    in AntiVirus, Firewalls and System Security
    Bitlocker...TPM + PIN vs Password?: I have seen this question asked elsewhere several times, but with different answers...so I just want to make sure my understanding of BitLocker is correct. In the past, I had used BitLocker on several computers that did Not have a TPM...therefore I had to use a strong...