Password options

There are different options available:

 

  1. You specify a BitLocker password and select none of the other options in the in the top part of the dialog:

    • The encryption process starts when you activate it and/or assign the policy. The user of the client computer is allowed to change the password later or continues to use the password you specified.

      Please note that you are responsible for communicating the password to the users over a secure channel.

  2. You check the User cannot change password box:

    • Please specify a fixed password which the user can never change. The initial encryption process starts automatically even without the user being logged on to the client computer, after you activate it and/or assign the policy.

    • As soon as the user starts the computer, the BitLocker password must be entered to unlock the encrypted hard disks.

      Please provide users with the appropriate password information over a secure channel.

    • The password is entered independently of the encryption progress, i.e. as soon as encryption is started, the BitLocker password must be entered in the PBA.

  3. You check the option User must change password at first encryption (see figure):

    • The user can specify a password, you do not enter a password here.
    • If required, you can define the requirements the user password must meet.
    • The encryption process starts as soon as the user specifies the password.
    • The password may be changed later.
    • With the Maximum password age setting, you specify the number of days after which the end user must change the password again.

The options below Password must meet the following requirements: provide precise criteria that a password assigned by the user must meet. The option is selected by default.

  1. You can select the Allow numbers only option if all client computers are equipped with a TPM which means that 6 characters are allowed.

    If there is no TPM on client computers or non-system partitions need to be encrypted as well, the default is still at least 8 characters. (Microsoft default for passwords on data partitions).

  2. The Allow numbers and Latin based characters option restricts the usage of allowed characters. Special characters can no longer be used with this setting. Please note the information in the BitLocker pre-boot authentication chapter.

  3. With the A valid password must contain at least... options you define the number of letters, numbers and special characters:

    • The password must be between 8 and 20 characters long. A number below 8 or higher than 20 leads to an error message.
    • Define the minimum requirements (number of letters, number, special characters etc.).
    • If you select the Treat numbers as special characters option, numbers count as numbers and also as special characters. Please make sure that the numbers and special characters correspond.