Is it safe to enable auto-login in Windows with whole-drive Bitlocker turned on?

Question

I am the sole user of a computer in an office. I set-up Bitlocker to encrypt the entire drive that Windows 10 lives on, so that I'm required to enter a Bitlocker password as soon as the computer boots and before Windows is loaded. I would like this to be the only password that I type, and for Windows to load and then automatically login to my user account (which is an administrator account).

There is an option in Windows User Accounts: Users must enter a user name and password to use this computer. I would like to de-select this option, since I need to be physically present to type my Bitlocker password in before Windows loads.

Are there any security implications of doing this? Every time I leave the computer unattended I lock it using Windows Key+L.

When locked using `windows key` + `L`, do you need your password to unlocked it or even then it unlocks automatically? — Limit, Jan 09 '17 at 04:38
Good question: I tested that, and it *does* require a password. — Kit Johnson, Jan 09 '17 at 10:50

score 3 · Accepted Answer · answered Jan 09 '17 at 06:23

Is it the safest setup? No.

Is it safe enough for you? Might be, and by the sound of it, probably.

Infosec is not a set of rules to be followed stringently, it's a matter of deciding what the risks are in your specific case, and taking the measures you feel are appropriate to reduce that risk to acceptable levels. This is assuming you don't have legal or contractual obligations, in that case you will have a list of things you MUST do of course, that's the nature of obligations.

Questions to ask: why did you encrypt in the first place? Will those reasons still apply if you don't require a password to login to windows? Do you always shut down the machine or leave it on stand by?

Thanks for helping me analyse my own needs and understand why I was asking the question in the first place. (I encrypted the hard drives so that if someone steals them, they cannot access my data. The chance of someone stealing it while I'm at work, in and out of the office, is small.) The fact that after locking the computer with `Windows Key`+`L` a password is required is enough safety for me. An expert could probably retrieve sensitive data from memory, but the chances of that are very slim. But this applies equally whether or not I am using auto-login to Windows. — Kit Johnson, Jan 10 '17 at 03:42

Is it safe to enable auto-login in Windows with whole-drive Bitlocker turned on?

1 Answers1