Is Microsoft Storing Your Windows 10 Encryption Key in the Cloud?
Like many tech enthusiasts, it’s possible that you have already made the leap onto the Windows 10 platform. So far, most of the feedback for Windows 10 is positive.
One of the best features of Windows 10 is the fact that the operating system natively encrypts the hard disk, securing the data on your disk in case your machine is ever lost or stolen.
This out of the box service may seem like a good idea, however, security researchers have found that Microsoft may be keeping a copy your hard drive’s encryption key in the cloud by default.
“As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it,” says researcher Micah Lee.
“Microsoft itself could get hacked, or could have hired a rogue employee with access to user data,” adds Lee.
Even more scenarios arise when a law enforcement agency or an intelligence agency begins asking for the encryption keys to specifically identified Windows 10 hard drives. Wouldn’t Microsoft be legally obligated to turn these over?
What’s interesting is that Lee says that even if you delete the recovery key, it may be possible for Microsoft to still have access to it.
Microsoft’s response to Lee’s findings indicates that Microsoft decided to implement this feature based on customer feedback. If a person’s hard drive is inaccessible and they have lost the encryption key, users could find themselves locked out of their machine.
In this case, the Microsoft cloud backup of their encryption key could be used to save the day.
What are your thoughts about Microsoft storing user’s Windows 10 encryption keys in the cloud? Tell us in the comments section below.
