Windows 10 BitLocker will now use software encryption by default

With last week's rollout of the KB4516071 update for Windows 10, Microsoft changed the default behavior of its BitLocker full drive encryption tool. Previously, the feature would automatically use hardware-based encryption when a disk claimed to support it, but now Microsoft will no longer trust SSD maker and will instead use software encryption for newly encrypted drives.

The software-based encryption will be a bit slower but should be more secure. As Tom's Hardware points out, the reason for this change is because many SSDs with hardware-based encryption do not offer proper security:

"SwiftOnSecurity" called attention to this change on September 26. The pseudonymous Twitter user then reminded everyone of a November 2018 report that revealed security flaws, such as the use of master passwords set by manufacturers, of self-encrypting drives. That meant people who purchased SSDs that were supposed to help keep their data secure might as well have purchased a drive that didn't handle its own encryption instead.

For existing drives, nothing will change.

Microsoft gives up on SSD manufacturers: Windows will no longer trust drives that say they can encrypt themselves, BitLocker will default to CPU-accelerated AES encryption instead. This is after an exposé on broad issues with firmware-powered encryption.https://t.co/6B357jzv46 pic.twitter.com/fP7F9BGzdD

— SwiftOnSecurity (@SwiftOnSecurity) 27 september 2019