Let me explain the importance of pre-boot-authentication – PBA in client security:
I lock the door of my house, whenever I leave to work. I lock all doors of my car, when I reach my office. I unlock the office door when I am entering. I even lock my drawer, just to secure the ten coffee capsule I bought last week.
But when I start my notebook with highly sensitive data and tons of customer references my BitLocker encryption magically unlocks itself on power-on. That’s what most Microsoft consultants recommend enterprises.
Decryption must be an active user decision!
In my past security life, when I locked sensitive data I demand an user authorization process to reaccess the sensitive data. This should be similar to unlock a safe.
Refering to a current Microsoft article “Protect BitLocker from pre-boot attacks” for Windows 10, Microsoft confesses lack of adequate authentication options for native BitLocker implementations:
Pre-boot authentication provides excellent startup security, but it inconveniences users and increases IT management costs.
As Microsoft BitLocker offers few sophisticated and user convenient authentication methods – the BitLocker protectors – we added additional protectors in Secure Disk for BitLocker. These protectors include a Active Directory credential protector, a smart card protector, a X.509 protector, a modern smartphone app for authentication and multiple biometric options for user authentication.
PBA – Pre-Boot-Authentication for Microsoft Windows
Pre-Boot-Authentication – PBA – will give attackers less vectors in their attacks, as a cryptographic protection will secure the full operating system, before vulnerable services will start.
Secure Disk for BitLocker is available as standard edition, offering password and Active Directory authentication. In its multi-factor edition, we support all modern authentication methods including PKI-token, smart card, biometric / fingerprint authentication, smartphone app authentication via USB cable or Bluetooth. Request your evaluation today!