>so they had to make a seemingly ridiculous statement (because who in their right mind would trust bitlocker) to call attention that "something is very wrong"

Alternately, they don't want people to rely on abandonware for security.

Also, despite the conspiracy theories of backdoors I'm not aware of any bitlocker exploits that work on TPM + pin, which is the intended "secure" configuration[1]. All exploits rely on TPM-only (ie. ez-mode), which is basically the security equivalent of running https/ssh without certificates and blindly accepting whatever keys shows up.

[1] https://learn.microsoft.com/en-us/windows/security/operating...

▲

cubefox 2 hours ago | parent [-]

Why do you need a separate PIN anyway? Shouldn't your Windows password be enough? Having to enter two different codes makes it unlikely a majority would use the system. I would be surprised if iOS or Android required a separate PIN for encryption.

▲

bootsmann 2 hours ago | parent [-]

You need a separate pin because windows lives on the encrypted disk so you need to decrypt it before you can boot completely.

	▲	rafram 2 hours ago \| parent [-]
		macOS solved this (and a lot of other problems) by putting the OS on a separate read-only partition - technically an APFS volume - that doesn’t get encrypted. Microsoft’s backwards-compatibility obsession might not let them make that the default, but they could at least make it an option.