1
On a computer running Windows with a hardware TPM, one can turn on bitlocker while let the computer unlock the drive on startup without asking for password. So if a drive is stolen or being accessed by hacker together with the matching TPM module or motherboard, the thief/hacker then can decrypt all data by design? So the bitlocker+TPM only protect if only the drive itself is stolen/accessed?
Only if you configure it that way... – Ramhound – 2017-07-01T18:56:16.157
How to configure to avoid this? – Sam – 2017-07-01T18:59:57.903
Don't configure Bitlocker to retain your password – Ramhound – 2017-07-01T19:16:19.610