Microsoft Defaults BitLocker to Software Encryption on Windows 10 Preview

Last updated September 21, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Windows' BitLocker has been set to use software encryption rather than the problematic hardware encryption that caused much stir last year after the discovery of multiple security vulnerabilities. The problems focused on SSDs that gave non-encrypted access to their data if a firmware flashing was carried out. BitLocker previously defaulted to the hardware encryption method because its more comfortable and quicker, but the potential SSD exploit concerns numerous users nowadays and had to be addressed.

For now, the change has only taken place in the testing version (18317) of Windows 10, but users have already been advised to use software encryption in SSDs. The person to notice the policy change first was Twitter user Tero Alhonen, confirming the change in BitLocker’s default settings.

Software encryption resolves the problem of relying on the device’s own hardware, but it doesn’t come without its own set of drawbacks. Besides the longer encryption times and significantly higher resource requirements, a corresponding delay is introduced every time the encrypted file is accessed. Moreover, the encryption key is more vulnerable to hackers, since it’s stored in the operating system and not in a harder-to-access firmware point.

Build 18317 has actually rolled out a couple of more changes as well, including the striping of Cortana from the search box, rendering the assistant a separate utility now. Moreover, the Start Menu has been tweaked to run smoother and more reliably, as Microsoft engineers have removed its suspending action so it stays readier to launch each time. Finally, the font management has been enriched and improved, with drag and drop functionality for easier installation.

BitLocker has experienced media spotlight multiple times in the past, with Microsoft refusing to add a built-in backdoor that FBI and the UK Home Office have repeatedly asked for. As much as other incidents such as “cold boot attacks” and key distribution issues hurt the reputation of the tool, Microsoft continued to update their disk encryption tool meticulously, making it one of the most trusted and widely used tools of its kind. It may not incorporate the strongest cryptographic algorithms, but it is considered reliable when coupled with TPM (Trusted Platform Modules) devices.

If you want to use something from a 3rd party software developer on Windows, you have plenty of choices to select from. Check out our detailed post on the best encryption software tools to give you power over your own data.

What encryption tool do you trust? State your experience in the comments, and also share your thoughts in our socials on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: