Suppose you’ve worked in tech for at least a couple of years. In that case, you’ve likely gone through some iterations of backup strategies and protocols, all created and implemented to prevent losses that could cost companies and individuals significant amounts of money and time. Since Windows Vista (IT pros, keep the laughter to a minimum, please), Microsoft was nice enough to provide users with their version: BitLocker.
What is BitLocker?
BitLocker is a full disk encryption feature in certain Microsoft Windows versions. It encrypts the whole hard drive, including the system files, to prevent unwanted access or data theft and ensure the safety of sensitive data. BitLocker is generally used in business settings, but it is also available to people who want to bolster the security of their personal computers.
BitLocker employs a personalized chip that utilizes a Trusted Platform Module (TPM) to encrypt all the contents on the Windows-installed drive, shielding it against any unauthorized access or theft. When BitLocker detects an unauthorized access attempt, the data is locked. It can only be unlocked with the appropriately named Bitlocker Recovery Key. It is very important to keep the key safe and secure. The problem is we, as humans, don’t keep the best track of these types of reference items, especially over time.
If you’ve lost your BitLocker Recovery Key, you may feel like it’s possible to never unlock your drive again without expensive IT help. Don’t worry. There are other options.
Yes, data security, data loss protection, and other IT device best practices are important. Still, your employees may not always see that value and protect their information, especially retrieval codes, as securely as they should. Read on to learn how to find a BitLocker Recovery Key in any situation without paying a hefty price, should you ever need to employ it.
What is a BitLocker recovery key?
According to the official Microsoft definition, your BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock your system if BitLocker is otherwise unable to confirm for certain that the attempt to access the system drive is authorized.
In other words, it is a password. A long and somewhat complicated password that you will not want to try and commit to memory. This recovery key is issued at the time of BitLocker installation in the event that the user forgets or misplaces their password and loses access to their hard drive.
Here’s an example of how a BitLocker Recovery Key works:
- You are traveling for business or pleasure, and you lose your laptop
- Your laptop is password protected -as it should-with BitLocker previously configured (by you or the original manufacturer). The person who found your computer tries to access it and fails to get your data because BitLocker flags their failed password attempts on your device
- As part of the Windows BitLocker protocols, a startup procedure can be prevented from starting until the user enters a PIN or inserts a removable device, such as a flash drive, with a startup key in addition to a TPM.
- If this doesn’t happen, BitLocker locks the data and will only unlock it with your BitLocker Recovery Key.
- Airport security recovers your laptop and returns it. You enter your BitLocker Recovery Key, which you have kept in a safe and secure location for just this type of situation, and your data is returned, safe and sound.
How to find your BitLocker recovery key?
Your BitLocker recovery key is vital, especially if you need to access your encrypted information urgently. You might not be able to retrieve your data or even start your device without the recovery key, which can result in permanent data loss. Fortunately, finding your BitLocker recovery key is rather simple if you can access the right resources and knowledge.
If your device starts with the BitLocker recovery screen, you will need to find your BitLocker recovery key, and we will tell you how.
Common places to find your BitLocker recovery key
If you have not figured it out already, it’s important to keep your recovery key somewhere you can locate it in case you have to use it after an attempted data security breach.
If you do not have it in a safe place, or cannot find it, now is a good time to go through the recovery options below while your laptop, PC, or server are not locked, and there is no current emergency.
Here are a few places where you can find your BitLocker Recovery Key.
Active Directory domain services
If you are an end user at a company large enough to have an IT department, this is probably the easiest way to find your BitLocker Recovery Key.
- Your BitLocker recovery key may be saved to Active Directory (AD), so you can contact your administrator or IT department, who most likely has all end user encrypted data information on file
- If you would like to give them a push in the right direction, or you are a smaller shop, BitLocker Recovery Password Viewer can locate and view the BitLocker Recovery Key that is stored in Active Directory (AD)
Azure Active Directory
If your company uses Azure Active Directory, you can simply look up the device info for your Microsoft Azure account and get the recovery key.
If you registered all of your information with Microsoft when you purchased your device; or sign up for services like Office 365, there is a fairly simple process for you, too.
- You can retrieve your recovery key stored online with a Microsoft account by visiting: https://account.microsoft.com/devices/recoverykey.
How to verify a BitLocker recovery key?
BitLocker recovery keys must be verified to ensure they are valid and can be used to unlock your encrypted drive. As a result, you must verify your recovery key before you need to use it in an emergency since an invalid key may prevent you from being able to recover your data.
Here are the steps to verify your BitLocker recovery key in Windows 10:
- Open the BitLocker Recovery Key Verification Tool: Enter "recovery key" into the Windows search box to find this tool, then choose "Verify BitLocker Recovery Key."
- Enter your recovery key: Type in the 48-digit recovery key and click "Verify."
- Wait for the verification process to complete: This procedure can take a few minutes, depending on your system's speed.
- Check the verification results: Upon completing the verification process, the tool will indicate whether your recovery key is valid.
The process for verifying a BitLocker recovery key may vary slightly depending on the version of Windows you are using, but the general steps remain the same.
How to store a BitLocker Recovery Key?
Once you have your BitLocker Recovery Key in hand, here are some good storage ideas for all types of encryption keys you may need to access in the future.
PRINT IT OUT AND FILE IT
- Record the key in a document and print it out
- Store it in an old-fashioned filing cabinet
STORE IT ON A SEPARATE DEVICE
- Print your BitLocker Recovery Key as a PDF
- Store that PDF file on a separate computer
PUT IT ON A USB FLASH DRIVE
- Create a file with your BitLocker Recovery Key or print it as a PDF
- Store the USB drive in a safe or other secure location with other sensitive items and documents
Old-school effective fixes to find your BitLocker recovery key
One thing to remember — besides trying to store your encryption keys in a logical place that you’ll recall in an emergency — is that even when things look quite bleak, all may not be lost. In fact, there are a couple of simple, old-school remedies to give it one last shot if you are currently looking at the blue BitLocker recovery screen with no recovery key in sight.
Reboot your computer
Yes. If you have heard this once, you have heard it a thousand times from IT professionals, but it really does work (sometimes) in this specific case.
- Simply turn your computer off and back on again
- In a lot of instances, your laptop or PC might have reacted to what you could call a false positive if it thought there was a security issue that was not there
- Rebooting will give the startup process and protocols another run-through, and you may be able just to enter your regular password or PIN and go on with your day
If you are an IT pro or just someone who knows enough to be reckless, something you have done to your drive or device may have triggered a security protocol, i.e., BitLocker.
- If you changed something in your BIOS or moved some hardware about, just go ahead and change it back
- You may have to restart your computer to reactivate BitLocker and trigger the false positive
How to backup your BitLocker recovery key
It’s not a good idea to have too many places where you have stored your encryption keys. If you do not currently have your BitLocker Encryption Key backed up, follow these instructions to save it in one secure, memorable location. Pick one protocol that works for you regarding storage and safekeeping (i.e., on a flash drive or in a printed or saved document).
- Enter BitLocker by pressing Windows Key + Q
- Select the “Manage BitLocker” entry from the search results or tap the “Windows Start” button and type “BitLocker”
- Locate the drive for which you now need the recovery key in the BitLocker Drive Encryption window
- Select “Backup your Recovery Key” from the menu
wayAt this point, you have three choices for backing up your recovery key. You can save it to a text file or your Microsoft account or print a hard copy. The simplest option is to save it to a text file.
- Save the text file in a place that will be easy for you to remember, such as My Documents
- You can also save a copy onto another secure computer as a backup to the backup
- Open the text file after saving it, then scroll down to look for the recovery key
- You have now safely stored the computer's recovery key in this manner
Each computer that has BitLocker setup will require that this process be carried out, and a new, unique recovery key be created for each device and drive. Save them all in the same way and label them clearly so you know which recovery key works for each drive.
If you would also like to know how to perform this same action from a command prompt, check out this video for more information.
Data security on endpoint devices, which will almost always be the most vulnerable in any environment, is extremely important to any organization. Deploying easy-to-use security and encryption protocols and functions like BitLocker can adequately and effectively protect data and devices. Part of their efficacy involves quality business practices that train employees to store BitLocker Recovery Keys in safe places where they can access them when needed.
Some tools can help companies, large and small, optimize their BitLocker encryption for the most security possible. Suppose you want to remotely secure data on your Windows fleet by harnessing the power of Windows BitLocker and AES encryption. In that case, Prey’s Disk Encryption can easily activate (or deactivate) the service on any device from one dashboard.
Full device encryption is one of the easiest and most encompassing prevention actions you can take to avoid data theft, and enabling BitLocker has never been easier at Prey. With it, your IT team can reap the following benefits:
- Mitigate the risk of lost corporate data, user data, source code, and more by encrypting all disks and detachable drives
- Optimize your work and deter theft by creating automatic reactions upon movement in or out of Control Zones
- Schedule recurrent or timed, actions like daily curfew device locks
- Meet security certification or governmental regulations that require disk encryption, such as ISO/IEC, HIPAA or GDPR
Find out more about how you can easily maximize your data security and enhance your BitLocker encryption with Prey.