bitlocker with TPM but without pincode – how am I protected?

I want to protect myself from data theft in the event that a malicious person steals my PC. I have a PC running Windows 11 with a TPM chip. Bitlocker is activated and for the moment there is no password to access windows.

Correct me if I’m wrong, but a standard password with local administrator account is not enough to protect me in case of theft?
Because if a thief takes the whole PC, he will be able to run “live OS” to remove the password of the windows session? I know that there are very simple tools for that. In this scenario, will bitlocker wake up at the next boot?

For the moment, I think the only solution is to add a PIN(*) in addition to the bitlocker encryption ? Correct ?

(*)Bitlocker – no password option available