Where's your BitLocker recovery key? How and why to save a copy before the next Windows meltdown


JuSun/Getty Images

Windows 11, like its predecessor, includes easy options to encrypt your system drive. With device encryption turned on for your PC’s system drive, your personal data is safe if your laptop is lost or stolen. If Windows determines that boot integrity has been compromised, it will demand a recovery key (a 48-digit number, divided into eight groups of six numbers each) before it unlocks the information.

As millions of people discovered during the CrowdStrike meltdown, Windows can demand that recovery key when you least expect it. There are also a handful of scenarios that can throw you into the recovery-key zone without warning. This is why you want to ensure you always have ready access to the recovery key when you need it.

Also: How to install Windows 11 the way you want (and bypass Microsoft’s restrictions)

If you use the built-in Windows device encryption option, Windows automatically saves the encryption key to your Microsoft account. Go to https://microsoft.com/recoverykey and sign in with your Microsoft account (personal or business) to access that key from any device. If you prefer a command line, open PowerShell and use this command to view details about encryption on the system drive, including the recovery key:

(Get-BitLockerVolume -MountPoint C).KeyProtector

If you’re running Windows 11 Pro, Windows prompts you to save the recovery key when you first turn on BitLocker encryption. Windows gives you three options for saving a recovery key. You can save the key to your Microsoft account (personal or business), save the key to a text file you save on a storage device of your choosing, or send that key to a printer and save the hard copy in a safe location. If you’re the belt-and-suspenders type, you can do all three. 

Any time after that, you can save a fresh copy of the key by going to the Manage BitLocker Control Panel. Just type a few letters of the word BitLocker in the search box to find it. Click “Back up your recovery key” to open the dialog box shown here:

bitlocker-back-up-recovery-key.jpg

Back up the recovery key to OneDrive for easy access, or save it as a file.

Screenshot by Ed Bott/ZDNET

The top option is the easiest: save the key to OneDrive and retrieve it any time by signing in with your Microsoft account at https://microsoft.com/recoverykey. You can use the browser on your mobile phone if necessary. For a personal Microsoft account, that shortcut goes directly to the page containing recovery keys. On a business account, click “Manage devices” and expand the menu for the device you’re trying to unlock to see a “View BitLocker keys” button. 

Also: Wiping a Windows laptop? Here’s the safest free way to erase your personal data

If you prefer an alternative cloud storage service, save the recovery key as a file (to a drive other than the system drive) and then upload it to the cloud manually.

And if you anticipate that you’ll be traveling to a place where you can’t count on ready access to your Microsoft account, save the recovery key as a file on your mobile phone, or print it out on a slip of paper and tuck it into your wallet.





Source link