Before we dive into the step-by-step guide, let’s do a quick recap on the basics of Bitlocker and its recovery key
What is BitLocker?
BitLocker is a full disk encryption feature in certain Microsoft Windows versions. It encrypts the whole hard drive, including the system files, to prevent unwanted access or data theft and ensure the safety of sensitive data. BitLocker is generally used in business settings, but it is also available to people who want to bolster the security of their personal computers.
If you’ve lost your BitLocker Recovery Key, you may feel like it’s possible to never unlock your drive again without expensive IT help. Don’t worry. There are other options.
What is a BitLocker recovery key?
According to the official Microsoft definition, your BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock your system if BitLocker is otherwise unable to confirm for certain that the attempt to access the system drive is authorized.
In other words, it is a password. A long and somewhat complicated password that you will not want to try and commit to memory. This recovery key is issued at the time of BitLocker installation in the event that the user forgets or misplaces their password and loses access to their hard drive.
What does Bitlocker recovery mean?
Here’s an example of how a BitLocker Recovery Key works:
- You are traveling for business or pleasure, and you lose your laptop
- Your laptop is password protected -as it should-with BitLocker previously configured (by you or the original manufacturer). The person who found your computer tries to access it and fails to get your data because BitLocker flags their failed password attempts on your device
- As part of the Windows BitLocker protocols, a startup procedure can be prevented from starting until the user enters a PIN or inserts a removable device, such as a flash drive, with a startup key in addition to a TPM.
- If this doesn’t happen, BitLocker locks the data and will only unlock it with your BitLocker Recovery Key.
- Airport security recovers your laptop and returns it. You enter your BitLocker Recovery Key, which you have kept in a safe and secure location for just this type of situation, and your data is returned, safe and sound.
How to find your BitLocker recovery key?
Your BitLocker recovery key is vital, especially if you need to access your encrypted information urgently. You might not be able to retrieve your data or even start your device without the recovery key, which can result in permanent data loss. Fortunately, finding your BitLocker recovery key is rather simple if you can access the right resources and knowledge.
If your device starts with the BitLocker recovery screen, you will need to find your BitLocker recovery key, and we will tell you how.
Where to find your Bitlocker recovery key?
If you have not figured it out already, it’s important to keep your recovery key somewhere you can locate it in case you have to use it after an attempted data security breach.
If you do not have it in a safe place, or cannot find it, now is a good time to go through the recovery options below while your laptop, PC, or server are not locked, and there is no current emergency.
Here are a few places where you can find your BitLocker Recovery Key.
Active Directory domain services
If you are an end user at a company large enough to have an IT department, this is probably the easiest way to find your BitLocker Recovery Key.
- Your BitLocker recovery key may be saved to Active Directory (AD), so you can contact your administrator or IT department, who most likely has all end user encrypted data information on file
- If you would like to give them a push in the right direction, or you are a smaller shop, BitLocker Recovery Password Viewer can locate and view the BitLocker Recovery Key that is stored in Active Directory (AD)
Azure Active Directory
If your company uses Azure Active Directory, you can simply look up the device info for your Microsoft Azure account and get the recovery key.
Microsoft Account
If you registered all of your information with Microsoft when you purchased your device; or sign up for services like Office 365, there is a fairly simple process for you, too.
- You can retrieve your recovery key stored online with a Microsoft account by visiting: https://account.microsoft.com/devices/recoverykey.
How to verify a BitLocker recovery key?
BitLocker recovery keys must be verified to ensure they are valid and can be used to unlock your encrypted drive. As a result, you must verify your recovery key before you need to use it in an emergency since an invalid key may prevent you from being able to recover your data.
Here are the steps to verify your BitLocker recovery key in Windows 10:
- Open the BitLocker Recovery Key Verification Tool: Enter "recovery key" into the Windows search box to find this tool, then choose "Verify BitLocker Recovery Key."
- Enter your recovery key: Type in the 48-digit recovery key and click "Verify."
- Wait for the verification process to complete: This procedure can take a few minutes, depending on your system's speed.
- Check the verification results: Upon completing the verification process, the tool will indicate whether your recovery key is valid.
The process for verifying a BitLocker recovery key may vary slightly depending on the version of Windows you are using, but the general steps remain the same.
How to store a BitLocker Recovery Key?
Once you have your BitLocker Recovery Key in hand, here are some good storage ideas for all types of encryption keys you may need to access in the future.
PRINT IT OUT AND FILE IT
- Record the key in a document and print it out
- Store it in an old-fashioned filing cabinet
STORE IT ON A SEPARATE DEVICE
- Print your BitLocker Recovery Key as a PDF
- Store that PDF file on a separate computer
PUT IT ON A USB FLASH DRIVE
- Create a file with your BitLocker Recovery Key or print it as a PDF
- Store the USB drive in a safe or other secure location with other sensitive items and documents
By following any of these tactics to backup your recovery key, you will be setting yourself up for success. Printing or storing your key in a USB flash drive is the only way to find your Bitlocker recovery key without having access to your Microsoft Account.
Old-school effective fixes to find your BitLocker recovery key
One thing to remember — besides trying to store your encryption keys in a logical place that you’ll recall in an emergency — is that even when things look quite bleak, all may not be lost. In fact, there are a couple of simple, old-school remedies to give it one last shot if you are currently looking at the blue BitLocker recovery screen with no recovery key in sight.
Reboot your computer
Yes. If you have heard this once, you have heard it a thousand times from IT professionals, but it really does work (sometimes) in this specific case.
- Simply turn your computer off and back on again
- In a lot of instances, your laptop or PC might have reacted to what you could call a false positive if it thought there was a security issue that was not there
- Rebooting will give the startup process and protocols another run-through, and you may be able just to enter your regular password or PIN and go on with your day
BIOS changes
If you are an IT pro or just someone who knows enough to be reckless, something you have done to your drive or device may have triggered a security protocol, i.e., BitLocker.
- If you changed something in your BIOS or moved some hardware about, just go ahead and change it back
- You may have to restart your computer to reactivate BitLocker and trigger the false positive
How to backup your BitLocker recovery key
It’s not a good idea to have too many places where you have stored your encryption keys. If you do not currently have your BitLocker Encryption Key backed up, follow these instructions to save it in one secure, memorable location. Pick one protocol that works for you regarding storage and safekeeping (i.e., on a flash drive or in a printed or saved document).
- Enter BitLocker by pressing Windows Key + Q
- Select the “Manage BitLocker” entry from the search results or tap the “Windows Start” button and type “BitLocker”
- Locate the drive for which you now need the recovery key in the BitLocker Drive Encryption window
- Select “Backup your Recovery Key” from the menu
wayAt this point, you have three choices for backing up your recovery key. You can save it to a text file or your Microsoft account or print a hard copy. The simplest option is to save it to a text file.
- Save the text file in a place that will be easy for you to remember, such as My Documents
- You can also save a copy onto another secure computer as a backup to the backup
- Open the text file after saving it, then scroll down to look for the recovery key
- You have now safely stored the computer's recovery key in this manner
Each computer that has BitLocker setup will require that this process be carried out, and a new, unique recovery key be created for each device and drive. Save them all in the same way and label them clearly so you know which recovery key works for each drive.
If you would also like to know how to perform this same action from a command prompt, check out this video for more information.
Takeaways
Data security on endpoint devices, which will almost always be the most vulnerable in any environment, is extremely important to any organization. Deploying easy-to-use security and encryption protocols and functions like BitLocker can adequately and effectively protect data and devices. Part of their efficacy involves quality business practices that train employees to store BitLocker Recovery Keys in safe places where they can access them when needed.
Some tools can help companies, large and small, optimize their BitLocker encryption for the most security possible. Suppose you want to remotely secure data on your Windows fleet by harnessing the power of Windows BitLocker and AES encryption. In that case, Prey’s Disk Encryption can easily activate (or deactivate) the service on any device from one dashboard.
Full device encryption is one of the easiest and most encompassing prevention actions you can take to avoid data theft, and enabling BitLocker has never been easier at Prey. With it, your IT team can reap the following benefits:
- Mitigate the risk of lost corporate data, user data, source code, and more by encrypting all disks and detachable drives
- Optimize your work and deter theft by creating automatic reactions upon movement in or out of Control Zones
- Schedule recurrent or timed, actions like daily curfew device locks
- Meet security certification or governmental regulations that require disk encryption, such as ISO/IEC, HIPAA or GDPR
Find out more about how you can easily maximize your data security and enhance your BitLocker encryption with Prey.
FAQs
1. How do I enter the Bitlocker recovery key?
Once you're prompted to provide the Bitlocker recovery key, you should type in the 48-digit key exactly as it appears. It's important to note that you must enter the key on the same device where the drive was encrypted. It won't work if you try to enter the recovery key on another device. If you have the key saved as a file or printout, simply type it in when prompted.
2. How do I get out of Bitlocker recovery?
To exit the Bitlocker recovery screen, you need to provide the correct Bitlocker recovery key. Once you've entered the recovery key, your device should resume normal operation. If you're stuck in a loop where you're continually asked for the recovery key every time you start up your device, there could be a hardware or software problem. In this case, it's best to consult with a professional or contact Microsoft support for assistance.
3. Is there a Bitlocker recovery key generator?
No, there isn't a Bitlocker recovery key generator. A Bitlocker recovery key is a unique 48-digit numerical password that's generated when you turn on Bitlocker Drive Encryption for the first time. It's not something that can be generated or retrieved through a third-party tool or software. It's important to keep a safe copy of your recovery key in case you need it to unlock your Bitlocker-encrypted drive.
4. How do I unlock my Bitlocker recovery key?
You don't unlock the recovery key itself, rather you use the Bitlocker recovery key to unlock your Bitlocker-encrypted drive. When you're prompted by Bitlocker for the recovery key, enter the 48-digit recovery key exactly as it is. After the key is validated, your drive will be unlocked and you'll be able to access your data.
5. What happens if you can’t find your Bitlocker recovery key?
If you can't find your Bitlocker recovery key and you're unable to access your drive, unfortunately, there's little you can do. The Bitlocker recovery key is designed to be a last resort for accessing your data, and if it's lost, the data on your drive may be irretrievable. Microsoft does not store personal recovery keys and cannot help you recover them if lost. Therefore, it's critical to keep a copy of your recovery key in a safe and accessible location.
Norman Gutiérrez is our Security Researcher at Prey, one of the leading companies in the security and mobility industry, with more than 8 million users worldwide. In addition to this, Norm is Prey's Content and Communication Specialist, and our Infosec ambassador. Norm has worked for several tech media outlets such as FayerWayer and Publimetro, among others. In his free time, Norman enjoys videogames, cool gadgets, music, and fun board games.