Bitlocker without a TPM - SD card?
Were going down the route of encryption and looking to use Bitlocker.
Most of our laptops don't have a TPM chip so I will need to use a USB startup key.
Rather than a USB key I thinking about using a SD card as all the laptops have SD card readers built-in. This would mean that the staff could leave the SD card in the laptop without needed to remove and eventually loose the USB drive.
So from what I understand, doing it this way is the same as using the TPM on board. If the laptop is stolen the SD key is taken with it as it is in the laptop already. But this would be the same with a laptop that had an onboard TPM.
Can anyone see any problems with this?
From what I have read the data is still encrypted and a thief would need to know the windows credentials to get access to the machine. If their tried to boot from a Linux CD or reset the windows password then they wouldn't be able too as the data would still be encrypted..