Bitlocker, MS Surface Pro 3, and a Password

[Barryng]

I only use my Surface Pro 3 when away from work/home. It obviously can be lost or stolen so I want to use Bitlocker to to prevent access to the data stored on it. When I started to install and activate Bitlocker today, to my surprise, I found Bitlocker was already activated and there was even an already available Identifier and Recovery Key. Also, after some research, I discovered a startup pasword is intentionally not asked for since it can be used without a keyboard (not my case) and there would be no way of entering a password so it could never be started.

So, why bother at all with Bitlocker if it can be started without a password? This is a WTF thought to me but I have to assume people a lot smarter than me designed this so I am definitely missing something here. Maybe it requires a USB token but that seriously degrades security as both the Surface and token could be lost together since they would both be with me when traveling.

Also, I did find evidence that a password can be forced to be used but there is absolutely nothing obvious to me from the Bitlocker Manager dialog indicating how to do this. How do I make Bitlocker prevent starting it and/or access any data stored on it unless I enter a high quality password? I always have the cover/keyboard attached so I am not worried about being SOL and not being able to enter a password.

 

[habbajabba]

This article explains how Bitlocker works in conjunction with new devices and if you have a MS account (onedrive, etc) that MS will have automatically uploaded the key to their servers. Well worth reading.
https://bit.ly/2Hycu0h

This other one referenced in the comments explains how to easily change that key.
https://bit.ly/2KoPazV

First things first is to verify it IS encrypted. I would decrypt then re-encrypt with new key saving locally if I used bitlocker. Depends on your OS version too. I've always wanted to try DiskCryptor as it states it is somewhat faster than the normal encryption softwares. Hasn't been updated in a few years though.
https://diskcryptor.net/wiki/Main_Page
My own XploreTech tablet comes with WinMagic's SecureDoc solution for encryption, which is simply a 'better' way of managing a bitlocker depoloyment. I have not used it so far. They provide a free ebook in regards to bitlocker but require an actual work email (non-free type).
https://www.winmagic.com/encryption-software/ebook-bitlocker-2

There's also a slew of choices on this page like FinalCrypt or VeraCrypt ???
https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

 

[Barryng]

Thank you for the references above. All the referenced articles talk about and are focused on a recovery key. I already know exactly what the specific recovery key is for my Surface because it was presented to me when I tried to set up Bitlocker on my Surface. I am also familiar with a recovery key because I have Bitlocker set up on my desktop and I even had to once use it when I made an error entering my preferred password. However, the problem remains that without a PASSWORD all the data on my Surface can be accessed simply by turning it on! No password or other security is needed to get Windows started. This makes no sense. Reasonably, I am expecting a requirement to enter a password to get any access at all just like is required on my desk top.

In other words, I have a very portable computer that has the potential of being lost or stolen. I want to use Bitlocker to protect the data on it, Bitlocker is indeed installed and activated, yet there is no obvious way of establishing a password leaving access to my machine fully available to anyone that has it in their hands. WTF?

 

[habbajabba]

Just use a bootable persistent image and when your'e done unplug it. Problem solved.