0

I have Windows 10 (1607) and use Bitlocker with Pin protection. It is a TPM 2.0 chip. I got completely locked out of my a machine. It kept saying "Too many PIN attempts" at the Pre-Boot stage.

I eventually followed the instructions here: https://johnpenford.wordpress.com/2015/05/05/bitlocker-too-many-pin-entry-attempts/

But what are my options in terms of preventing this? I can understand the need for anti-brute-forcing but I would have thought it would reset after a successful PIN entry. I'm guessing (and I have read that some chips do this), that the lockout count doesn't reset.

Is there anyway to manage this - I can see a Standard User Individual Lockout Threshold but there is no way to reset to zero.

It's a little disconcerting to be locked out of new machine after 2 weeks!

user1102550
  • 981
  • 1
  • 10
  • 15

1 Answers1

1

This is from MS10 Bitlocker/TPM documentation:

TPM 2.0

TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 2 hours. This means that every continuous two hours of powered on operation without an event which increases the counter will cause the counter to decrease by 1.

Fis
  • 1,200
  • 7
  • 10
  • I couldn't find that anywhere, which was probably me not reading carefully enough! I'll try that if it happens again. Cheers, Chris. – user1102550 Jun 06 '17 at 07:06