tpm-only vs tpm+pin

The tag tpm-only vs tpm+pin captures the ongoing debate about BitLocker authentication methods in Windows, particularly after the YellowKey bypass (CVE-2026-45585) exposed risks in TPM-only configurations. Discussions center on whether relying solely on the Trusted Platform Module for pre-boot authentication is sufficient, or if adding a PIN provides meaningful protection against physical attacks. The YellowKey vulnerability, which exploits recovery mechanisms, has forced administrators to reconsider the security posture of TPM-only deployments. Threads under this tag weigh the convenience of TPM-only against the added security of TPM+PIN, especially for laptops vulnerable to reboot attacks. The tag is relevant for IT professionals evaluating BitLocker policies and hardware security trade-offs.