Bitlocker and Smartcard authentification
our technical account manager suggested to me to look into Bitlocker as
a possible reason to do on early migration for notebooks. We do
currently use Safeguard Easy and Safeboot for driveencryption.
These products allow the use of smartcards and Aladdin tokens to
authenticate both against the drive encryption prior to the O/S-boot and
against the operation system at logon.
For several reasons, I would prefer a smartcard-authentification over
the current TPM/Pin-system.
Among these reasons are:
- Our current standard laptops have no TPM, and we use them for appx. 4
years based on our accounting procedures. Thus, changing to a
TPM-bearing model would change our hardwarebase over a period of more
than 4 years.
- Our notebooks are often pooled among several users. The current
authentification procedure authentificates single users and allows us to
differentiate which notebook belongs to which pool, as each user has 2
factors which are unique to him, and we can allow one or more
credentials on each machine. The TPM-based approach sets a common
factor: Posession of the chassis with the TPM which is the "posession
factor" and a common secret which all pooling employees share among
them. The TPM-based approach is more designed with the idea of dedicated
machines in mind.
Is there a chance that a smartcard-operated authentification might be
implemented into the security system of Bitlocker?