No kidding. If you run windows deployments the bitlocker key backup to domain / azure / whatever is a must / lifesaver.
FAR FAR too many situations where users don't keep their keys. It can be as simple as upgrading the chip on your computer - which happens with AMD machines because they've had a long run of AM4 socket support. Boom, you fTPM is gone now, and user is complaining they've lost their irreplaceable stuff.
I've seen this on IT side with backups. They set up an encryption key on the backups (pub / private) 6 years ago. 6 years later, when it comes time to recover under some time pressure, no one has a CLUE where the key is and old staff are long gone. Absolute nightmare.
For all the folks saying managing encryption keys at scale is like tying your shoes - 100% false. To manage keys (especially ones where the private key is rarely if ever actually used) takes very very HIGH levels of care.
One solution - have encryption keys periodically "fail" so you are forced to prove you know how to recover your key - but no one does that.
Same issue used to occur with 2FA apps on phone upgrades before they made it easier to move stuff over to new devices.
FAR FAR too many situations where users don't keep their keys. It can be as simple as upgrading the chip on your computer - which happens with AMD machines because they've had a long run of AM4 socket support. Boom, you fTPM is gone now, and user is complaining they've lost their irreplaceable stuff.
I've seen this on IT side with backups. They set up an encryption key on the backups (pub / private) 6 years ago. 6 years later, when it comes time to recover under some time pressure, no one has a CLUE where the key is and old staff are long gone. Absolute nightmare.
For all the folks saying managing encryption keys at scale is like tying your shoes - 100% false. To manage keys (especially ones where the private key is rarely if ever actually used) takes very very HIGH levels of care.
One solution - have encryption keys periodically "fail" so you are forced to prove you know how to recover your key - but no one does that.
Same issue used to occur with 2FA apps on phone upgrades before they made it easier to move stuff over to new devices.