Microsoft secured my files!

yesman@lemmy.world · 21 days ago

Microsoft secured my files!

Phoenixz@lemmy.ca · 11 hours ago

I suggest we move all our machines over to Linux, which is the actual plan. Fuck everything about windows

Also, permanently locking a device after x failed attempts is just plain silly, security wise. You know I can take that drive out and just try to brute force it a million times per second without that silly rule being in my way, right? It’s an anti security pattern similar to requiring password changes every week, it’s a bad idea.

lud@lemm.ee · 9 hours ago

It’s not permanently locked though.

Apparently it’s not configured like that by default and even if it is, just configure it differently if you want a different behaviour ¯\_(ツ)_/¯

Moving over to Linux is a great idea, if you have found a good way to manage them and your users are accepting.

Either way, I have never noticed this issue and we manage hundreds of Windows computers

You know I can take that drive out and just try to brute force it a million times per second without that silly rule being in my way, right? It’s an anti security pattern similar to requiring password changes every week, it’s a bad idea.

Nah, not really. I get what you mean, but the feature is obviously intended to lock the drive after a few failed logins because the user’s password is generally way less secure than the bitlocker recovery key/encryption key. Brute forcing a 48 digit key is practically impossible while brute forcing a user’s password is child’s play in comparison.

So in my opinion it sounds like a pretty good idea to include that feature in the security baseline. It’s not really Microsoft’s fault that you pushed out security baseline settings without checking what they do first. But since you actually did some testing with bitlocker, the impact wasn’t that bad. So just adjust or disable the feature and move on.