Careful those are two different passwords, one beeing your user password (SDDM) the other your LUKS passwort (used for encryption). You can enable auto login for most display managers, I do it too (with lightdm).

Like my former employer who mandated that all Windows laptops have Bitlocker enabled...then proceeds to blame ME for not being able to recover any data from a bunch of SSDs after a number of laptops died and the staff forgot their Bitlocker password.

Encryption is a bloody curse.

Thanks. So yeah, pretty much like I thought - pretty useless for me as a desktop PC user and no one has access to my PC beyond me anyway.

What I also don't like about it is that it seems prone to complications for various reasons like the example in the comment above. So I hope Fedora will have a simple switch to disable encryption in the partition setup before installation (not having it buried somewhere in Anaconda's advanced partition setup which is horrendous).

The problem is dual-boot systems. I can only encrypt /home and swap.

As a long-time Arch user using CachyOS, an Arch variant with v3 and some optimizations, IMHO, those people you describe using Arch are using it due to the Pros of Pacman, Makepkg, the AUR, and the Arch Linux tools more than they're using Arch because it's Arch. I say that because practically anybody not straight up stupid and technologically illiterate can figure out how to install Arch and, from there, install and use the things that folks like Michael report on 4-14 months earlier than practically any other distribution.

When you use Not Arch and read the news, Linux tends to suck due to how restricted or limited you can feel/become when using either older or more locked down distributions. You read about all these neat things but you have to wait for the next release of Not Arch to use it. If you're using Arch it's a lot easier to try those things out, especially when combined with snapshots in case stuff happens.

To put that into some perspective: I'd really consider using a distribution like Cent if they switched to Pacman and included the Arch Linux tooling. Stable base with powerful and easy-to-use from-source tools. Yes Please. Rolling release isn't always a desired environment while "stable with the option to pull in some bleeding edge" can be a more preferred environment. Also, the 90s and Dependency Hell are on Line 2.

I've never run into issues mounting NTFS unless it was a dirty drive, in which case I'm pretty sure you can force mount. That certainly has nothing to do with liveboot / recovery.

If you don't make backups, losing your data is a when-- not an 'if'. Encryption's contribution to that problem is insignificant.

What does dual boot have to do with it? As long as you don't use TPM to store your keys and therefore have an encrypted EFI partition nothing needs to be considered for dualboot. Just encrypt your / partition and you're ready to go.

While your statement is true it also is totally disjointed from reality.
​

It's incredible to me the number of technically literate luddites that frequent these forums.

Encryption needs to be done right. "Done right" includes using a password you can remember, and if you can't remember it using a shorter password. If you're managing a fleet, then you should probably do the research to learn how to manage bitlocker deployments. Tip: you can escrow the keys in your directory for trivial recovery. Don't blame microsoft, bitlocker, or encryption in general for your own ignorance.

But when done right it actually allows the security guarantees made by your OS to work.

1. No more DBAN; disk decommissioning just involves blowing away the volume key on your drive
2. No concerns about offline OS tampering
3. No trivial bypasses to the user login screen
4. a right against self-incrimination that actually means something

Not using bitlocker on your laptops would be reckless, in 2023, given the huge number of border / evil maid attacks, as well as issues with lost / stolen laptops. PIN + TPM + bitlocker recovery is the way, and its good to see fedora starting to catch up.

@skeevy420​ -- The big benefit in your case would be disposal. You don't have to deal with DBAN, you can just nuke the volume header and know your data is safe.

Encryption does not have to be painful. You can enroll your TPM as an unlock source so that the disk auto-decrypts, if it has not been tampered with.

My statement comes from years of directly dealing with home user IT and a myriad of encrypted disk scenarios ranging from SMBs to "we're going to [repressive, dissident hostile country]". The complaints of forgetting passwords are completely overblown for multiple reasons:

• Anyone managing a fleet should have some method of storing recovery info. Microsoft Account recovery, or a keepass file, or AD-integrated bitlocker recovery....
• Anyone using their encrypted laptop with any regularity will be entering whatever their unlock key is almost daily and so will generally not forget it
• Anyone managing either of these scenarios will, as a consequence of managing things, have an easy location for backing data up (Onedrive, Google drive, dropbox....)
• Home users who have none of those advantages can simply use TPM which is very reliable.
• Any "on by default" encryption system can mitigate the risk of failure by using the user's login password as an alternate for unlock

Are there ways for it to fail? Sure. But there are a hundred other, far more likely ways to lose data. Given that bitlocker has been "on by default" for years now it's a little absurd to pretend that this isn't a solved problem.