To give an example harm caused by the TPM / disk encryption feature in the consumer space: A recently-deceased friend's wife contacted me about getting personal data off from her late husband's computers. I ended up being able to get nothing for her.
My friend, no doubt influenced by dementia and paranoia he was feeling, changed the passwords, made no note of them, and subsequently died. The computers in question run Windows 10 using Bitlocker and key storage in the TPM.
The data is effectively gone. I believe he was using encrypted backups to a "cloud" storage provider, too, but I'm also fairly certain the key is only on these computers. (The Windows accounts on these machines are local accounts so the Bitlocker recovery keys weren't saved on Microsoft's servers either.)
Matters were arguably handled poorly on my friend's part prior to his becoming of unsound mind. He wasn't terribly technically savvy and I'm not sure he considered the "losing my own mind" threat model. Nonetheless, it adds insult to injury that Bitlocker, which added no security for his day-to-day use, effectively caused the loss of his data.
I'm sorry for your loss, but did your friend not have a right to privacy just because he had dementia? Should we be building dementia backdoors into all our platforms' encryption systems? What about cases where people are estranged from their spouses?
As I said, it wasn't handled well. I don't think we should be building backdoors into secruity systems. I also don't think my friend explicitly requested the functionality or would have understood the ramifications even if he did.
Bitlocker is, apparently, enabled-by-default on consumer machines that, I'd argue, don't suffer from a threat model that necessitate its use.
There is a huge problem with technical and legal constructs associated with the rights to accounts and data after death. I don't have the answers for everybody. I've done what I can for myself and my immediate family.
The "I've lost my mind and undermine efforts I made, while still in my right mind, for successors-in-right to access my data" is one that I'm not sure how to defend against, and one that scares the willies out of me. I can document my last wishes but if I, in a fit or paranoia, change keys / passwords / remove recovery mechanisms, then those last wishes might be irrelevant.
This is similar to why enabling 2FA actually scared the heck out of me! I use a password manager to generate strong unique passwords, so I think the chances of someone getting in that way are incredibly low. But I can absolutely see myself loosing all of my 2FA keys some day in a freak accident.
Nowadays 2FA are always about something you know and somebody that vouches for you (SMS, email, whatever). Nobody seems to do any version of it that relies on you alone. So a password manager won't improve its reliability.
What secure location? My sock drawer? Or am I expected to go buy a safety deposit box? I'm really not that organized and I loose slips of paper all the time, it's a major reason I was drawn to computers growing up.
I keep mine in a file in a drawer. My threat model doesn't cover people breaking in and finding them as well as knowing my password managers master password.
I’m not concerned about the keys being compromised, I’m concerned about loosing them, since the idea is they’re unneeded for many years and then suddenly become essential.
If you can log into his microsoft account on the internet, you can recover the bitlocker key from there if his account on his machine was a microsoft one
The drives are encrypted without a boot PIN. If I could exploit a vulnerability in the OS I could get the data. There will probably be a vulnerability discovered, at some point, that will allow access. I'd advised my friend's widow to hold onto the computers for the time being.
Please also advise her to power it on every 2 or 3 months or so (and leave it running for a bit), so that SSDs continue keeping the data, and HDDs don't get "stuck".
My friend, no doubt influenced by dementia and paranoia he was feeling, changed the passwords, made no note of them, and subsequently died. The computers in question run Windows 10 using Bitlocker and key storage in the TPM.
The data is effectively gone. I believe he was using encrypted backups to a "cloud" storage provider, too, but I'm also fairly certain the key is only on these computers. (The Windows accounts on these machines are local accounts so the Bitlocker recovery keys weren't saved on Microsoft's servers either.)
Matters were arguably handled poorly on my friend's part prior to his becoming of unsound mind. He wasn't terribly technically savvy and I'm not sure he considered the "losing my own mind" threat model. Nonetheless, it adds insult to injury that Bitlocker, which added no security for his day-to-day use, effectively caused the loss of his data.