I just upgraded to Drive Encryption (Desktop) v 10.4 and I'm getting something I haven't seen before.
When I started encrypting an external drive, I got a message box that gives me a "whole disk recovery token" for the disk. The box says this can be used in case I forget my passphrase. So this is basically a second passphrase that can be used to access the disk.
I don't want this. I checked the options and there does not seem to be a way to disable generation of a WDRT. I think I remember seeing something before about this sort of thing being an option I could choose. It certainly has never been forced on me before.
I found a support document on WDRTs:
https://support.symantec.com/en_US/article.TECH149...
It says that the WDRT is available in the Symantec Encryption Management Server administrative interface. I'm using Desktop, so as far as I know, there is no Management Server for my system. I hope that the WDRT is therefore not available anywhere. It is a serious security problem if it is available somewhere I don't know about. The article doesn't say anything about how to disable WDRTs or prevent their generation in the first place.
Two important questions:
1. How do I disable this WDRT for this drive?
2. How do I stop WDRTs from being generated for future disks I encrypt?
Thank you.