Still necessary to fully disable all sleep modes for bitlocker to be a 100% secure?

PW 0 Reputation points
2023-04-12T08:06:53.7833333+00:00

I've been reading through this article: https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-security-faq and I have a question regarding this specific passage:

What are the implications of using the sleep or hibernate power management options? BitLocker on operating system drives in its basic configuration (with a TPM but without other startup authentication) provides extra security for the hibernate mode. However, BitLocker provides greater security when it's configured to use another startup authentication factor (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. In sleep mode, the computer is vulnerable to direct memory access attacks, since unprotected data remains in RAM. Therefore, for improved security, it's recommended to disable sleep mode and to use TPM+PIN for the authentication method. Startup authentication can be configured by using Group Policy or Mobile Device Management with the BitLocker CSP.

It says sleep mode here. Does sleep mode mean all types of sleep modes (S0 = modern standby, S1, S2, S3, S4...) and the only "safe" alternative is disabling all sleep modes including hybrid sleep and modern standby and only keep hibernate and shutdown (in combination with bitlocker PIN/password at boot)?

Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2023-04-13T07:07:13.24+00:00

    Hi. According to the official document you provided, you need to disable sleep mode and enable hibernation to better protect your computer. S1, S2, S3 are sleep modes, you need to disable them completely. S4 is Hibernate, you don't need to disable it. Please refer to: https://www.tenforums.com/tutorials/63346-sleep-states-available-your-windows-10-pc.html User's image

    Hope the information is helpful. If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.