Depends on your tastes, or if it's being deployed to end users who may need to receive a recovery password to a laptop on the road over the phone.
Recovery Keys are significantly stronger. They are limited to 48 numeric characters, and thus the easiest to brute force.
if you use a TPM chip to encrypt using Bit locker, and say the TPM chip is destroyed, it would in essence be impossible to ever recover the encrypted data?īitLocker cannot be enabled on a bootable device unless a recovery method is generated and saved to a USB device or Active Directory.įor my personal devices I always disable Recovery Passwords.
Dumb question, since I never had a TPM chip to just mess with.
0 kommentar(er)
