- I still recommend this TCL TV model from last year
- You can now speak to Microsoft's Copilot Voice in 40 languages, for free
- This powerful Anker Prime charger replaced all my adapters - and it's on sale for Presidents' Day
- The end of data silos? How SAP is redefining enterprise AI with Joule and Databricks
- How I feed my files to a local AI for better, more relevant responses
How to find your BitLocker recovery key – and save a secure backup copy before it's too late
Windows 11, like its predecessor, includes easy options to encrypt your system drive. With BitLocker device encryption turned on for your PC’s system drive, your personal data is safe if your laptop is lost or stolen.
Also: How to upgrade your ‘incompatible’ Windows 10 PC to Windows 11
If Windows determines that boot integrity has been compromised, it will demand a recovery key (a 48-digit number, divided into eight groups of six numbers each) before it unlocks the information.
When will you see the BitLocker recovery prompt?
As millions of people discovered during the CrowdStrike meltdown, Windows can demand that recovery key when you least expect it. Under normal circumstances, you unlock your drive automatically when you sign in to Windows using an account that’s authorized for that device. Using your password or your biometrics proves to Windows that you are who you say you are.
However, if you try to access the system in any other way, such as by booting from a Windows recovery drive or a Linux-based USB boot drive, you’ll be prompted for a recovery key to access the current drive. You might also see a prompt for a recovery key if a firmware update has changed the system in a way that the TPM doesn’t recognize. In cases like these, Windows has no way to confirm that you’re authorized to access this data. As a result, you will see this screen:
If you see this screen, something went wrong at startup and you need to prove your identity to recover your data.
Screenshot from Microsoft Support
If you have that key handy, this is a minor annoyance. If you can’t find that key, it’s a disaster. Without it, your files are completely inaccessible. The moral of the story? You want to ensure you always have ready access to the recovery key when you need it.
How to find your saved BitLocker recovery key online
When you sign in to Windows on a new PC using a Microsoft account, Windows uses the built-in device encryption option and automatically saves the recovery key to your Microsoft account.
Also: Can your old PC handle the Windows 11 upgrade? How to find out – before you try
To access that key from any device, go to https://microsoft.com/recoverykey and sign in with the same Microsoft account (personal or business) that you used when you set up the PC for the first time.
If you prefer a command line, open PowerShell and use this command to view details about encryption on the system drive, including the recovery key:
(Get-BitLockerVolume -MountPoint C).KeyProtector
If you signed in for the first time with a local account, your system drive is not encrypted. On a PC running Windows Home edition, the only way to enable device encryption is to sign in with a Microsoft account. With Windows 11 Pro, you can turn on BitLocker encryption manually, on the system drive and external drives. See my BitLocker Guide for details.
How to save a fresh copy of your BitLocker recovery key
If you’re running Windows 11 Pro, Windows prompts you to save the recovery key when you first turn on BitLocker encryption. Windows gives you three (or four) options for saving a recovery key.
Also: You can still upgrade old PCs to Windows 11, even if Microsoft says no: Readers prove it
You can save the key to your Microsoft account (personal or business), save the key to a text file you save on a storage device of your choosing, or send that key to a printer and save the hard copy in a safe location. If you’re the belt-and-suspenders type, you can do all three.
Any time after that, you can save a fresh copy of the key by going to the Manage BitLocker Control Panel. Just type a few letters of the word BitLocker in the search box to find it. Click “Back up your recovery key” to open the dialog box shown here:
Back up the recovery key to OneDrive for easy access, or save it as a file.
Screenshot by Ed Bott/ZDNET
The top option is the easiest: save the key to OneDrive and retrieve it any time by signing in with your Microsoft account at https://microsoft.com/recoverykey. You can use the browser on your mobile phone if necessary.
For a personal Microsoft account, that shortcut goes directly to the page containing recovery keys. On a business account, click “Manage devices” and expand the menu for the device you’re trying to unlock to see a “View BitLocker keys” button.
Also: Wiping a Windows laptop? Here’s the safest free way to erase your personal data
If you prefer an alternative cloud storage service, save the recovery key as a file (to a drive other than the system drive) and then upload it to the cloud manually.
And if you anticipate that you’ll be traveling to a place where you can’t count on ready access to your Microsoft account, save the recovery key as a file on your mobile phone, add it in a secure note in your password manager, or print it out on a slip of paper and tuck it into your wallet.
