For something as widely adopted as Windows, the only sensible alternative is to not encrypt the disk by default.

The default behavior will never ever be to "encrypt the disk by a key and encrypt the key with the user's password." It just doesn't work in real life. You'll have thousands of users who lost access to their disks every week.

This is a bit tricky as it couples the user's password with the disk encryption key. If a user changes the password they would then need to change the encryption key, or remember the previous (possibly compromised) password. A better option is to force the user to record a complex hash, but that's never going to be user friendly when it comes to the average computer user.

Basically, we need better education about the issue, but as this is the case with almost every contentious issue in the world right now, I can't imagine this particular issue will bubble to the top of the awareness heap.

I thought this was what happened. Clearly not :( That’s the idea with services like 1Password (which I suppose is ultimately doing the same thing) - you need both the key held on the device and the password.

I suppose this all falls apart when the PC unlock password is your MS account password, the MS account can reset the local password. In Mac OS / Linux, you reset the login password, you loose the keychain.

At this point, end-to-end encryption is a solved problems when password managers exist. Not doing it means either Microsoft doesn't care enough, or is actually interested on keeping it this way