I recently faced an issue with my work laptop, which got locked under Bitlocker. I contacted the IT help desk for assistance, and they sent me my Bitlocker recovery key through a text message. Additionally, they also added the key in the ticketing system as a note. I'm concerned about whether this is a secure way to handle such sensitive information, considering these keys are crucial for accessing encrypted data. I do have a company cell phone that can receive encrypted emails, so I wonder if that could have been a safer method for transferring the key.
3 Answers
You don’t need to lose sleep over this. As long as your devices are secure, the chances of someone exploiting that information while having physical access to your laptop are minimal. Plus, IT usually rotates your keys, so what was sent becomes invalid after you use it.
Honestly, it’s not a huge deal. Text messages are commonly used for two-factor codes and similar information, so it's within a reasonable boundary. If a bad actor could access your texts, you'd likely be facing bigger issues already. Besides, are you really working on top-secret projects here?
Right? The risk is pretty low as long as you keep your devices secure.
It’s all good! For someone to be able to exploit the key, they’d need to be right in front of your laptop. If that happens, you’ve likely got more significant issues to worry about.
Exactly! It’s about limiting risks. As long as you’re careful with your devices, you should be okay.