If your system is asking you for your BitLocker recovery key, the following information may help you locate your recovery key and understand why you’re being asked to provide it. Finding your BitLocker recovery key in Windows
Where can I find my BitLocker recovery key?
BitLocker likely ensured that a recovery key was safely backed up prior to activating protection. There are several places that your recovery key may be, depending on the choice that was made when activating BitLocker:
- In your Microsoft account: Sign in to your Microsoft account on another device to find your recovery key. This is the most likely place to find your recovery key. It should look something like this:
Note: If the device was set up, or if BitLocker was turned on, by somebody else, the recovery key may be in that person’s Microsoft account.
- On a printout: You may have printed your recovery key when BitLocker was activated. Look where you keep important papers related to your computer.
- On a USB flash drive: Plug the USB flash drive into your locked PC and follow the instructions. If you saved the key as a text file on the flash drive, use a different computer to read the text file.
- In an Azure Active Directory account: If your device was ever signed into an organization using a work or school email account, your recovery key may be stored in that organization’s Azure AD account. You may be able to access it directly or you may need to contact a system administrator to access your recovery key.
- Held by your system administrator: If your device is connected to a domain (usually a work or school device), ask a system administrator for your recovery key.
- If you are unable to locate the BitLocker recovery key and can’t revert any configuration change that might have caused it to be required, you’ll need to reset your device using one of the Windows recovery options. Resetting your device will remove all of your files.
- Microsoft support is unable to provide, or recreate, a lost BitLocker recovery key.
What is my BitLocker recovery key?
Your BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock your system if BitLocker is otherwise unable to confirm for certain that the attempt to access the system drive is authorized.
Why is Windows asking for my BitLocker recovery key?
BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more factors of authentication before it will unlock it.
Windows will require a BitLocker recovery key when it detects a possible unauthorized attempt to access the data. This extra step is a security precaution intended to keep your data safe and secure. This can also happen if you make changes in hardware, firmware, or software which BitLocker cannot distinguish from a possible attack. In these cases, BitLocker may require the extra security of the recovery key even if the user is an authorized owner of the device. This is to be certain that the person trying to unlock the data really is authorized.
How was BitLocker activated on my device?
BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more factors of authentication before it will unlock it. In normal use BitLocker simply unlocks when you successfully sign into Windows.
There are three common ways for BitLocker to start protecting your device:
- Your device is a modern device that meets certain requirements to automatically enable device encryption: In this case your BitLocker recovery key is automatically saved to your Microsoft account before protection is activated.
- An owner or administrator of your personal device activated BitLocker (also called device encryption on some devices) through the Settings app or Control Panel: In this case the user activating BitLocker either selected where to save the key or (in the case of device encryption) it was automatically saved to their Microsoft account.
- A work or school organization that is managing your device (currently or in the past) activated BitLocker protection on your device: In this case the organization may have your BitLocker recovery key.
However, Windows will require a BitLocker recovery key when it detects a possible unauthorized attempt to access the drive. This can also happen if you make changes in hardware, firmware, or software which BitLocker can’t distinguish from a possible attack. In these cases, BitLocker may require the extra security of the recovery key.
It’s critical that you have a backup copy of this key. If you lose the key, Microsoft support isn’t able to provide it, or recreate it for you.
In most situations your key is backed up when BitLocker is first turned on, but it’s a good idea to do a backup of your own.
How to back up the key
- Tap the Windows Start button and type BitLocker
- Select the Manage BitLocker Control Panel app from the list of search results
- In the BitLocker app select Back up your recovery key
- Select where you want the key backed up
- Save to your Microsoft Account – This will save the key in the Recovery Keys library of your Microsoft Account where you can easily get to it from any computer in the future.
Note: If you’re signed into a computer managed by your work or school this may say Save to your Azure AD account instead.
- Save to a USB flash drive – If you have a flash drive handy you can save the key to it. If your computer asks for the key in the future just insert that USB drive and follow the onscreen instructions. The key takes only a couple of KB of space so the drive doesn’t have to be large.
Important: Don’t store this USB flash drive with the key on it with your computer. If a thief were to get the computer, they could steal the flash drive as well and bypass BitLocker encryption, leaving your data vulnerable.
- Save to a file – You can save your recovery key as a plain text file on any device. If you need that file in the future just open it with any text editor like Notepad or Microsoft Word and you’ll be able to read the key. We recommend saving that text file to your OneDrive Personal Vault for safe and secure storage that can be readily accessed from any device if you need it.
Important: Don’t save the only copy of the file on the computer that the key is for. If BitLocker requires your recovery key to unlock the drive, you won’t be able to access the file containing the key.
- Print the recovery key – You can simply print the recovery key if you prefer.
Important: Store that printout somewhere safe and don’t keep it with the computer. If a thief were to steal the computer and the printed recovery key they could bypass BitLocker encryption, leaving your data vulnerable.
- Select Finish
You can make as many backups as you want. It’s not a bad idea to have more than one, just to be safe.
How does encryption protect my data?
Normally when you access your data it’s through Windows and has the usual protections associated with signing into Windows. If somebody wants to bypass those Windows protections, however, they could open the computer case and remove the physical hard drive. Then by adding your hard drive as a second drive on a machine they control, they may be able to access your data without needing your credentials.
If your drive is encrypted, however, when they try to use that method to access the drive, they’ll have to provide the decryption key (which they shouldn’t have) in order to access anything on the drive. Without the decryption key the data on the drive will just look like gibberish to them.
Was this article helpful?