Microsoft Probably Holds your Encryption Keys
Why Should You Worry?
- If a hacker hacks your Microsoft account, he can make a copy of your recovery key before you delete it (method described below).
- Any Rogue employee at Microsoft with access to user data can access your recovery key.
- If Microsoft itself get hacked, the hacker can have their hands on your recovery key.
- Even Law Enforcement or Spy agencies could also request Microsoft to hand over your recovery key.
“Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees,” said Matthew Green, a cryptography professor at Johns Hopkins University.