A requirement for BitLocker, TPM version 1.2 or higher will protect against any hardware or firmware tampering and is fairly universal nowadays. BitLocker now offers five primary authentication methods.
BitLocker TPM + PIN
The Microsoft recommended option requires users to log in twice – once at BitLocker pre-boot and again at Windows. Windows credentials and BitLocker credentials aren’t linked, so this option is secure, but not exactly user friendly, because there is no option for Single Sign-On (SSO).
BitLocker TPM + Network key
This option BitLocker TPM option allows Network Unlock, but requirements for a WDS server, UEFI and a wired network connection make it complex and not viable in many IT environments.
The most widely used option in our interactions with customers, this requires no user interaction whatsoever, but even Microsoft warns that it "offers the lowest level of data protection” and “can be affected by potential weaknesses in hardware".
BitLocker TPM + Startup Key
This option requires users to carry a USB device containing the same encryption key – creating potential security and usability concerns.
Startup Key only
Like the option above, Startup Key only requires a USB device containing the same encryption key.
So how can IT administrators ensure high-grade security with flexible, agile use? The answer is WinMagic’s SecureDoc On Top (SDOT) for BitLocker, combining productivity and security for the ultimate enterprise solution.
To find out how it could benefit your enterprise, just read on...