Microsoft will now encrypt new SSDs with BitLocker

(Image credit: Future)

Although Windows ships with its own full volume encryption tool called BitLocker, SSDs that claimed to offer their own hardware-based encryption were trusted by the tool and left alone.

Now though, after a recent update to Windows 10, Microsoft will assume that connected SSDs don't actually encrypt anything.

In a Twitter post (opens in new tab), SwiftOnSecurity described why the software giant has decided to no longer trust SSD manufacturers, saying:

“Microsoft gives up on SSD manufacturers: Windows will no longer trust drives that say they can encrypt themselves, BitLocker will default to CPU-accelerated AES encryption instead. This is after an exposé on broad issues with firmware-powered encryption. “

A report (opens in new tab) released in November of 2018 revealed that self-encrypting drives have a number of security flaws including the use of master passwords set by manufacturers. This means that those who purchased SSDs which were supposed to help keep their data secure might as well have purchased a drive that did not handle its own encryption instead.

SSD encryption

Users who purchased self-encrypting drives were actually worse off than they thought as Microsoft set up BitLocker to leave these drives alone completely. This was done to help performance without compromising the security of these drives as they could use their own hardware to encrypt their contents instead of using a system's CPU. However, now it seems as though Microsoft will no longer trust SSD manufacturers to keep customers data safe on their own.

In its release notes for the KB4516071 update (opens in new tab) to Windows 10, the company explained the changes it had made to how BitLocker handles self-encrypting drives, saying:

"Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change." 

While it would be nice if self-encrypting SSDs were as secure as they claim to be, at least now users can rest easy knowing that BitLocker will secure their drives.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.