Hibernation DOES prompt for your BitLocker PIN

  • Article

I recently discovered that when you resume from hibernation, BitLocker will in fact ask you for your PIN.  That's really good!  NASA published an article with the same findings.  At the time the article was published the machine they tested didn't have TPM support in the BIOS so they used a USB device to store the startup key.  Their concern was that sleep mode does not enforce secure startup so hibernation would be preferred.  They were also concerned that a user might leave the USB key plugged in all the time.  I often do leave my key in my bag so I instead use a PIN to enforce secure startup.  I almost never reboot or shutdown Vista so knowing that Hibernation will conserve power and provide better security, I now have a very workable process.

For convenience, I just published another Sidebar gadget named "Hibernate".  It's just a button for the Sidebar that can be used to put your laptop in hibernation.  I know there is already a power button both on my laptop and on the start menu but I reserve those for Sleep mode when I'm making short trips and I know I don't need to worry about losing my laptop.  Home to Office, Home to Panera, etc.  Those are pretty frequent.  I also don't use the feature to enter sleep mode when I close my laptop lid because I often carry around my laptop but don't want to have to type in my password again when I'm just walking across the house.  So this is an easy, one-click button for the sidebar that initiates hibernation.  Also it glows blue on mouse-over and as we all know that is the sign of a cool gadget.

Download:

https://gallery.live.com/liveItemDetail.aspx?li=5793247b-5cae-4291-abbb-b3aaed78bf79&l=1

 

Updated 3/10 - after thinking about this post more. One should NOT EVER leave the key containing a recovery password in the same place as the drive, as someone could access the drive using a recovery tool and with the recovery password perform a drive recovery, just as you would in a disaster. IOW, carry the recovery password separately, in your pocket, store it in a trusted Exchange mailbox, etc...