Stop using sleep mode with Windows Bitlocker for better security. Learn how to use hibernate in Windows 8.

  Follow me: Follow Bruce Kirkpatrick by email subscription Bruce Kirkpatrick on Twitter Bruce Kirkpatrick on Facebook
Mon, Jul 01, 2013 at 9:00PM

I just found out that Windows 8 has a hidden "Hibernate" sleep mode which works the same as previous versions of Windows.  

There are 2 main benefits to "Hibernate" compared to the regular "Sleep" mode.

Benefit #1: Sleep mode continues to use some power, which can drain a battery, albeit much slower then normal.  However, Hibernate writes system memory to disk and completely powers off. Depending on the speed of your storage, hibernate may take longer then sleep.  With my second generation Intel SSD, hibernate seemed to be about the same speed as sleep.  Microsoft says that if the system's battery runs extremely low, the computer will actually be put into hibernate mode instead of sleep automatically even if it was sleeping for several hours.  That's pretty cool.

Benefit #2: If Bitlocker is already configured to required TPM and/or pre-boot PIN, resuming from hibernation will require this authentication to be required again before Windows loaded again.   This improves the security of Bitlocker a great deal compared to using sleep mode since sleep mode allows resuming without re-entering the pre-boot passwords.  If you have went through the effort of using smart cards, you might as well use them the most secure way.

How to enable Hibernation on Windows 8

So how do you enable Hibernate in Windows 8?  Go to the start screen (press windows key) and then type "Change what the power buttons do", click on "Settings" and then click on "Change what the power buttons do".

In the new window, click on "Change settings that are currently unavailable.

Login as administrator if prompted.

Click on "Hibernate", and click "Save Changes".  You may even want to consider un-checking "Sleep" on a system that uses smart cards for the best security.

Now when you go to the Windows Charm (Windows Key + C or roll mouse to top right corner) -> Settings -> Power button, you will see "Hibernate" as an option.

Bitlocker will automatically require PIN again after resuming from hibernation if it was already configured to require a PIN during pre-boot.

Change Automatic Sleep to Hibernate

If you usually like your computer to automatically Sleep after a period of time, you may want to change that setting to use Hibernate instead of Sleep as well for best security.  To do this, go to the start screen and type "Power Options", click on Settings, click on "Power Options".

Then click on "Change plan settings" for your selected plan.

Click on "Change advanced power settings".

Expand the tree for "Sleep" and change "Sleep after" to "Never".

Change "Hibernate after" to "45" (to set it to 45 Minutes) or some other value and click "OK".

Disable Automatic Wake Up From Sleep/Hibernation

If you have setup any Scheduled Tasks or Backup tasks, they may be configured to automatically resume from sleep or hibernation.  Since the computer now requires a manual pin entry, this would not function.  I recommend locating the options in your software to disable wake up.  For example, in the Acronis True Image 2013 advanced scheduling options, I had to uncheck "Wake up the sleeping/hibernating computer".

In advanced power options, under the "sleep" section, there are option(s) for Wake Timers, you should disable them there.  This might be enough to stop them across the entire system.  However, I found some other settings below which I changed anyway.

For scheduled tasks, you uncheck the option "Wake the computer to run this task" on the "Conditions" tab.

Some hardware devices are able to wake the computer as well.  Unfortunately, you can learn more about preventing this at this external link: http://www.howtogeek.com/122954/how-to-prevent-your-computer-from-waking-up-accidentally/

Essentially, you find the device that causes the computer to wake in the Windows Device Manager, and on its properties windows, you uncheck the "Allow this device to wake the computer" box.

I found that if you run command prompt as administrator, you can use this command to see any active wake timers, so you can turn them off.  I had to turn off Jungledisk Wake time in its desktop client.

powercfg /waketimers

Other ways to quickly lock your computer

I like to lock my screen more quickly if I step away from my computer.  There are a few ways to do this, but they still leave bitlocker unlocked, so it would be better to hibernate if you are concerned with that.

On your keyboard, press "Windows + L" to lock the computer.

From the Windows Start Screen, click on your portrait, then click Lock.

From the Windows Start Screen, type "Change screen saver", click on "Settings", and click on "Change screen saver".  Choose a screen save from the drop down menu, set the number of minutes, and check the box for "On resume, display logon screen". Click OK to save your settings.

If the screen is set to turn off according to your power options, it may also require a logon when you press any key on the keyboard again.  You can set this under the advanced power settings.

Hibernate mode is recommended by Microsoft

Microsoft does recommend the use of hibernate mode for better Bitlocker security at the following link under the section: "What are the implications of using the sleep or hibernate power management options?"

http://technet.microsoft.com/en-us/library/cc766200(v=ws.10).aspx#BKMK_Sleep


Bookmark & Share



Popular tags on this blog

Performance |