PIN and passwords

Requirements for BitLocker PINs and passwords are defined by Windows Group Policies, not by SafeGuard Enterprise settings.

Passwords are only supported with Windows 8 or higher.

The relevant settings for passwords can be found in the Local Group Policy Editor (gpedit.msc):

Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Configure use of passwords for operating system drives and

Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives > Configure use of passwords for fixed data drives.

The settings can also be applied via Active Directory based Group Policy Objects (GPOs).

By default, SafeGuard Enterprise allows enhanced PINs. This means that users can use all keyboard characters such as numbers, letters, and special characters/symbols.

BitLocker supports the EN-US keyboard layout only. Therefore, users might have problems when entering enhanced PINs or complex passwords. Unless they changed their keyboard layout to EN-US before they specified their new BitLocker PIN or password, users may need to press a different key to what is displayed on their keyboard in order to enter the character they want. Therefore, before encrypting the boot volume, a reboot is performed to ensure that the user can enter the PIN or password correctly at boot time.

As of Windows 10 RS2, the minimum length of the PIN is 6 characters.