If you have set up BitLocker on your Windows device yourself, then you would know that the setup wizard makes it mandatory to save the Recovery Key in a secure location and it simply would not allow drive encryption without it. The purpose of the Recovery Key is to ensure that only authorized personnel can unlock the data since only they would know where the Recovery Key is kept. Your system may ask for the key if there have been too many wrongful attempts to unlock it, or the hard drive may have moved to another computer. If such happens, you will be required to provide the associated Recovery Key, without which you will be unable to access the data in that storage drive. Since it is not every day that users are asked to provide a Recovery Key, it can be very easily misplaced. Before we begin discussing how you can locate the Recovery Key, let us see what it exactly is.
What is BitLocker Recovery Key
The BitLocker Recovery Key is a 48-digit combination of numbers that is generated automatically when BitLocker encryption is configured. It is used to unlock the drive’s content that has been encrypted using BitLocker. The key is associated with a 32-character alphanumeric identifier, also known as BitLocker ID, which is unique for each drive that is encrypted. Therefore, the Recovery Key will only work on that particular drive with a unique ID. If the drive is moved from one device to another, BitLocker immediately picks it up and asks the user for the Recovery Key instead of the regular PIN/password, as an added security measure. The computer may also need the Recovery Key if there have been too many incorrect attempts at unlocking the drive, or if it detects unauthorized access in any way. Let us now go through the process of setting up BitLocker on a Windows device. This will assist you in determining where you may have possibly saved the Recovery Key if it was lost.
How to Turn On BitLocker in Windows
Before we begin, there are a few things you need to ensure before configuring BitLocker on your device. First, you must ensure that you have either the Professional, Enterprise, or Education editions of Windows 10 or 11, as these editions come with BitLocker pre-installed. You can check which version you have by typing in winver in Run. Here is a list of alternatives for BitLocker if you have a different edition of Windows. Next, you must ensure that your device has at least a TPM 1.2 chip in its hardware. Here are 5 ways to check if your PC has a TPM module installed in it. Once checked and the prerequisites are met, you can now proceed to the steps below to enable BitLocker on your system. The data inside the drive will now be encrypted. However, you will not be asked to configure a PIN or a password just yet. Configuring a PIN or a password for BitLocker requires a few additional steps which are discussed further down this post. That said, through step 2 above, it becomes clear where you may have possibly stored the Recovery Key while setting up BitLocker. Let us now discuss where you may want to look for it.
How to Find BitLocker Recovery Key
If you are required to put in your BitLocker Recovery Key, BitLocker makes sure that you have it backed up at the time of configuration in a secure, safe place. Try the following methods to look for your missing Recovery Key, keeping in mind that the BitLocker Identifier in the Recovery Key file needs to match the one being displayed on the BitLocker recovery screen, like the one highlighted in the image below.
In Microsoft Account
One of the 3 options to save the Recovery Key while setting up BitLocker is in your Microsoft account. It may be possible that it was saved in OneDrive. There is a location assigned (by default) particularly for BitLocker Recovery Keys for devices in OneDrive, which you can access by clicking on the link below. From there, sign in to your Microsoft account and see if you find a Recovery Key. If so, match your BitLocker ID before entering the 48 digit Recovery Key. Access Microsoft OneDrive Recovery Key for devices
In a PDF or Text File
It may be possible that you saved the Recovery Key in a file. It may be a text file or a PDF. Moreover, the location of the file can be very uncertain as there are a lot of options to save it to. It may have been saved as a text file on a different volume on the same device, or on a USB flash drive. If you have any drives mapped across the network, we suggest that you also look for the Recovery Key there. By default, the name of the file includes your BitLocker Recovery ID. If it was not changed manually at the time of saving it, you can search for it through File Explorer and it may just show up. We must also warn you that the Recovery Key can be saved on the same volume being encrypted in PDF format (through Print as PDF). If that were the case, it is very unlikely that you may be able to access the Recovery Key PDF file without being able to get past your BitLocker Recovery screen.
On a Printout
Since one of the options to save your Recovery Key was by printing it, it may be possible that you have the Recovery Key on a printout in your drawer or your box files. Check your prints for the Recovery Key which should include both the key as well as the identifier.
In Active Directory (AD)
If your device is connected to an organization’s domain, it is very much likely that your system administrator has backed up your Recovery Key on the Active Directory (AD). You can ask them to look for it through the following steps:
In Azure Active Directory (AAD)
If you log into your computer account using a work or school email account, your Recovery Key may likely be stored in your organization’s Azure Active Directory (AAD). If so, ask your system administrator to look it up. If you are unable to find your Recovery Key, there is a high risk that it may no longer exist and has been accidentally deleted. If that is the case, there is no simple way to recover your data. By normal means, you must reset your hard drive, where all data will be lost. However, if your data is crucial for you, you can try to recover the encrypted data using tools that are readily available online. If you did find your Recovery Key, we suggest that you log into your system using that Recovery Key and then set up a PIN or a password login upon system boot, so that the system asking for a Recovery Key each time is unlikely.
How to Enable BitLocker Pre-Boot PIN Authentication
If you have enabled BitLocker on the boot drive (the one that contains the operating system) on your Windows device, you can then perform these additional steps to enable PIN authentication which needs to be entered each time your system boots up. This way, the operating system will not unlock your encrypted data until the correct PIN, password, or Recovery key is provided. Now each time your device boots up (or reboots), you will be asked to enter your PIN to unlock the data. If you want to make your credentials more complex, you can enable the Group Policy to set 8-20 character long passwords, which can include alphabets and special characters. To do so, navigate to the following within the Group Policy Editor: Double-click Configure use of passwords for operating system drives and Enable it. Leave the Options section to its default value and click Apply and Ok.Enabled complex BitLocker passwords
How to Disable BitLocker in Windows
If you find that you no longer need your data encrypted, you can turn off BitLocker in a few simple steps. Once the decryption is completed, you can reboot your computer to check that it no longer requires you to enter a PIN or a password.
Final Thoughts
Although BitLocker is a great security feature in Windows, it comes with its drawbacks. Users may keep their data secure from unauthorized access, but accessing that very same data becomes nearly impossible if the hard drive fails, or develops bad sectors. If such a scenario occurs, you can try to recover your encrypted data using the BitLocker Repair Tool. Also see:
What Is Intel Management Engine Components And How To Disable ItCtfmon.exe Process: What is it and How to Enable/Disable it in Windows?What Is NAT Type And How To Change ItWindows Product Key Types And DifferencesWhat Is DNS-Over-HTTPS And How To Enable It On Your Device (Or Browser)