Your Windows 10 disk is encrypted and Microsoft has the key

Microsoft has a nifty little feature embedded within Windows 10 – an automatic encryption of your disk, protecting your data in case the computer gets stolen or lost. All you need to do to turn the feature off is to log into your computer using your Microsoft account.

However, there is a catch, and some people believe the catch is simply not worth the safety.

According to a report by The Intercept, as soon as you log into Windows, a copy of your recovery key is sent to Microsoft’s servers, probably without your knowledge and without an option to opt-out.

You can, however, delete the recovery key. But, should you do it? The Intercept says:

“As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel it to hand over your recovery key, which it could do even if the first thing you do after setting up your computer is delete it.”

Here's how to delete it:

Go to this website and log in to your Microsoft account — this will be the same username and password that you use to log in to your Windows device. Once you’re in, it will show you a list of recovery keys backed up to your account.

If any of your Windows devices are listed, this means that Microsoft, or anyone who manages to access data in your Microsoft account, is technically able to unlock your encrypted disk, without your consent, as long as they physically have your computer. You can go ahead and delete your recovery key on this page — but you may want to back it up locally first, for example by writing it down on a piece of paper that you keep somewhere safe.