Clear Key
This isn??™t really an authentication method, but in this form, the volume master key is
stored in a symmetric format on the boot volume, essentially making it readable. This
method is not secure at all and is in effect only if you disable (but not uninstall) BitLocker.
You might use the clear key method, for example, if you need to restart a server that is
configured to use the TPM plus startup key method and you are in a remote location and
are unable to connect the physical USB key device to the server to allow it to boot.
IMPORTANT You should avoid using the clear key method whenever possible, but if it is your only
choice, you can minimize your risk by re-enabling BitLocker as soon as physically possible.
Startup Key or Recovery Key
This option is your only choice if your system doesn??™t support TPM or if your TPM module
is unavailable (it??™s been shut off or it??™s malfunctioning). You can configure your server
to retrieve the volume master key or a recovery key directly from a USB flash drive.
The recovery key might be needed if for some reason the original authentication method
cannot be performed, for example, because the TPM isn??™t working or was replaced, the
user forgot the PIN, or the USB key holding the startup key is unavailable. Recovery keys
allow new keys to be generated safely and efficiently.
Recovery Password
The recovery password method is exactly the same as the recovery key method, except
the former requires that you enter a password.
Pages:
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381