Windows 10 users might unwittingly be storing their disk encryption keys with Microsoft

Windows 10 users might unwittingly be storing their disk encryption keys with Microsoft
Credit: Microsoft

If you’re rocking a new Windows 10 PC or have upgraded to the latest version of the OS, chances are your disk encryption key has been uploaded to Microsoft’s servers — which means you’re not 100 percent in control of the privacy of your data.

The Intercept reports that this is probably the case if you’ve logged in to Windows 10 with your Microsoft account. That’s useful for accessing your hard drive after something’s gone wrong, but it also means that if a hacker gains access to your Microsoft account, they could make a copy of it for misuse.

So where should you hide your encryption key? Microsoft’s standalone encryption tool BitLocker, lets you back it up to a USB stick, print it out or alternatively save it to your cloud account.

However, while BitLocker offers these options, Windows’ built-in encryption tool automatically uploads your key — and there’s no way to stop it.

It’s also worth noting that If you login to Windows using your company’s or school’s Windows domain, then your recovery key will be uploaded to a server controlled by your company or university instead of Microsoft.

To find out if your key is in the cloud, visit this site and log in with the Microsoft account associated with your PC. You’ll then be able to see recovery keys for your account.

You can delete these keys, but you’ll want to back them up first, perhaps by writing them down on paper and storing the note someplace safe. Microsoft says it wipes your keys from its server immediately upon deletion, and any copies of them on its backup drives are deleted within hours.

If you don’t see any recovery keys, then you either don’t have an encrypted disk, or Microsoft doesn’t have a copy of your recovery key. If you don’t find encryption options in the Settings menu, it’s probably because your computer doesn’t have the Trusted Platform Module (TPM) chip necessary for scrambling your drive’s contents.

To be completely safe, you’ll want to not only delete your key from the cloud, but also generate a new one and avoid uploading it. You can either use BitLocker (available with Windows Pro and Enterprise versions) or a third-party app like BestCrypt.

Recently bought a windows computer? Microsoft probably has your encryption key [The Intercept]

Read next: Do yourself a favor – clean up your phone's annoying app notifications