New
#1
Bitlocker without TPM - Security or Security Theater?
I'm trying to figure out if I understand this. To use BitLocker without a TPM, you put the encryption key on a flash drive. Since you can't protect the key, anyone who has both the flash drive and the physical hard drive has all your data and the key needed to decrypt it.
According to Microsoft's recommended best practices, the flash drive should never be left in or kept with the encrypted machine. This seems like an unrealistic expectation, especially with a laptop. It feels like if you don't have TPM, using BitLocker is just theater.