Can someone explain the practical use of bitlocker?

[Necro compute]

From my understanding bitlocker encrypts your data with a secure key stored in your system's TPM.

However your PC with said can access that data just fine; malware would equally be able to read the data along with the rest of the OS.
Someone with access to your computer would be able to copy files on and off as well. If someone stole the computer, they'd have the key because it's stored in said computer.

 

So really bitlocker is only able to protect your data if someone steals your internal hard drive but not the rest of the system... Or am I missing something ?

[Kilrah]

13 minutes ago, Necro compute said:

If someone stole the computer, they'd have the key because it's stored in said computer.

 

So really bitlocker is only able to protect your data if someone steals your internal hard drive but not the rest of the system... Or am I missing something ?

Your user account is supposed to be secured enough that if they get the computer, power it on and that unlocks the drive they can't actually log in and access data. So to get at the data they'd have to either boot another OS or take the drive out and put it in another machine, both of which would require the bitlocker recovery key.

[Lurking]

50 minutes ago, Kilrah said:

Your user account is supposed to be secured enough that if they get the computer, power it on and that unlocks the drive they can't actually log in and access data. So to get at the data they'd have to either boot another OS or take the drive out and put it in another machine, both of which would require the bitlocker recovery key.

So where is the key stored? in the MB, or the OS-drive? if so, and those fail, then my data will be forever locked? 

[johnno23]

not 100% sure as it was a while back but our it guy used an encyption for our company PC laptops etc. but if something happened as PC failure he had access to keys that could unlock the drives. I would imagine that your agreement with bitlocker would also have this as you the user need to register etc. So moving you hard drive to a working computer only you would have access to your data and the key would be applied to your new shiny PC .

[mononymous]

12 minutes ago, Lurking said:

So where is the key stored? in the MB, or the OS-drive? if so, and those fail, then my data will be forever locked? 

Bitlocker keys are backed up in the cloud. You can access it online on your Microsoft Account

https://support.microsoft.com/en-us/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6

[Kilrah]

36 minutes ago, Lurking said:

So where is the key stored? in the MB, or the OS-drive? if so, and those fail, then my data will be forever locked? 

TPM and no, you can always use the recovery key you'll have been given when enabling bitlocker. Or the MS account as mentioned if tied.