Windows computers have a default disk encryption feature that to protect customers' data if their computer is lost or stolen, but Microsoft keeps a copy of these recovery keys on its servers, a move that information security professionals say defeats the purpose of encryption technologies.This approach “undermines every tenant of encrypted data and privacy,” said Scott Petry, CEO of Authentic8. “They're probably thinking of protecting data against the casual hacker, as opposed to sophisticated, motivated nation-state hackers,” he said.It is possible for users to delete the recovery key from their Microsoft accounts, although it is not the default setting.Whether the setting is an intentional default to cooperate with government requests for user information or a security oversight, the default setting makes user data more vulnerable to attackers looking to steal a user's recovery key from Microsoft servers.“It's a very casual approach to information security,” said Petry.The setting also raises a question brought up by the discovery that the NSA may have been involved in creating a backdoor in Juniper's VPN connection: what are the risks of government backdoors? Earlier this month, former National Security Agency (NSA) Gen. Michael Hayden, said it is “a weak security position” for governments to ask tech companies to build backdoors into their products.“It's true that we need strong crypto to safeguard everything from indiscrete photos to online shopping transactions,” wrote Electronic Frontier Foundation's activism director Rainey Reitman, in a blog post earlier this month. “But let's not forget that for many people, strong crypto is a matter of life or death.”
Cloud Security, Compliance Management, Incident Response, Privacy, TDR
Microsoft keeps its users’ encryption keys stored on servers
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



