A BitLocker recovery key, also known as "Microsoft recovery key" or "Windows recovery key," is like a spare key for opening BitLocker encrypted drive when you lose your actual.
BitLocker is an inbuilt encryption technology designed to protect data inside the entire disk by providing encryption. BitLocker protects all files and data from unauthorized access by encrypting the entire hard drive. All versions of Windows since Vista, Windows 7, Windows 8, Windows 10 and 11 have this aspect.
In this article, we further explain BitLocker's recovery and different ways to find the key to the recovery process.
Part 1. What Is The BitLocker Recovery Key
Access to an encrypted drive is through a password or a smart card you set when turning on BitLocker drive encryption. Without proper authentication, no one can access your files; however, if you forgot your password/PIN or lost your smart card, finding the BitLocker recovery key is the solution.
With this key, you can once again access your locked data. Automatically generated following BitLocker drive encryption set up on a computer drive, the BitLocker recovery key is a unique 48-digit code.
There are a few places to look for this particular key; on your Microsoft account, on a USB drive, in a file, printed on paper, and more. For example, the BitLocker recovery key may be stored in a .bek file or a .txt file format, which usually looks something like this:
BitLocker Recovery Key E41062B6-9330-459D-BCF0-16A975AE27E2.TXT
Part 2. How to Find The BitLocker Recovery Key?
Lost your BitLocker recovery key? Consider some options to retrieve your BitLocker recovery key. In that regard, this key can be reserved in several locations while generating the time BitLocker encryption is turned on.
Where Is BitLocker Recovery Key Stored?
Here is the list of the places you can check for the saved BitLocker Recovery keys depending on where and how you’ve backed up the recovery key in the first place:
Besides, you can also use the Active directory and command prompt to retrieve recovery keys.
Method 1: Find BitLocker Recovery Key in Your Microsoft Account
If you’ve stored your recovery key in your Microsoft account during the BitLocker setup, you can easily retrieve it from there. To achieve this, follow the steps below.
- Visit the Microsoft website and sign in with your Microsoft account. Use your username and password and click "Sign in."
- This leads to the "Devices" page on your Microsoft account. Here you can manage the devices connected to your Microsoft account. Then, click on the "info & support" option under your Device name.
- On the next page, click on the “Manage recovery keys” setting, which is the second option under the “BitLocker data protection” section.
- Microsoft may ask you to verify your identity with an OTP code sent to your phone or a security code. You will see the ‘Text’ option with the last two digits of your phone number. Click on that to verify.
- Then, enter the last four digits of your phone number and click 'Send code.'
- Then Microsoft will send a message with a security code (OTP) for you to "Verify."
- Once your identity is confirmed, the Microsoft site opens the BitLocker recovery keys page. You can see a list of your recovery keys info, including Device Name, Key ID, Recovery key itself, drive, and Key upload date.
If you have only one recovery key, so be it, but if you have multiple recovery keys, Key ID, device name, and upload date will help you find the exact key you're looking for. Use the recovery key to unlock your encrypted drive. The Key ID is also part of the name of the recovery key files.
Method 2: Find the BitLocker Recovery Key from a txt file/document
The following method is to find the BitLocker Recovery key on a file saved on the same computer. As you make a recovery key backup, there is a ‘Save to a file’ option you can pick. So, you probably saved the recovery key as .txt or .bek file format on the same computer. This key can be either on a different drive or a network drive.
You can look for all recovery keys in the file explorer by searching for “BitLocker Recovery Key” in the search bar. Look at the picture below to have an idea a BitLocker recovery key should look like (although you can rename it):
Besides, you can use the Key ID prompted by the BitLocker password dialog box to find the BitLocker Recovery key. With every key, the first eight characters after the three words “BitLocker recovery key” represent the Key ID.
Once you find the exact recovery key file you were looking for, inside it, information including “the Key ID” called “Identifier” line and the actual “recovery key” can be found.
Tip: if you have accidentally deleted these files on your computer, you can always bring them back using professional recovery software like Wondershare Recoverit. This is an efficient program for retrieving your lost data and any precious files that are deleted from your computer.
Method 3: Find the BitLocker Recovery Key from A USB Flash Drive
To find a BitLocker recovery key on a USB flash drive, first, you should insert that USB flash drive into your computer and open it. It is your backup which can be saved as a .txt file format, as we mentioned in the past section.
Saving BitLocker recovery keys in a USB drive is a convenient method of keeping this data always available. You can even use another PC to read this text file and use it anytime.
Tip: Once again, if you accidentally deleted any, your USB formatted, or its data got lost, with the help of Wondershare Recoverit, restore the missing data. Wondershare Recoverit is a beneficial software to restore data from almost all devices or storage media such as hard drives, USB flash drives, SSD, and more. (This saving option of recovery key is not available, when you encrypt external drives with BitLocker.)
Method 4: Find the BitLocker Recovery Key from a Printed Document
Rather than saving your BitLocker recovery key, on the Microsoft account, on your pc, or on a USB, you may have printed it on paper.
This is an easy one. You must go through your paper documents and find the ones with recovery keys. Saving these keys on a PDF file is also possible. Instead of using the actual printer, you can use the 'Microsoft Print to PDF” option.
Method 5: Retrieve BitLocker Recovery Key from Active Directory
In cases that your computer is connected to a domain network (school or office), you probably saved the BitLocker recovery key in Active Directory (AD).
As a domain user, you’re only required to install BitLocker Recovery Password Viewer; then, you can view the key in Active Directory (AD). To do that, open “Active Directory Users and Computers” (aka (ADUC) in your domain computer and click the ‘Computers’ folder. Afterward, right-click the computer object and select 'Properties .'When it opens, switch to the “BitLocker Recovery” tab to view the BitLocker recovery keys.
Method 6: Retrieve BitLocker Recovery Key from Azure Active Directory Account
You may have signed in to an Azure Active Directory (AD) account with an email account of any organization you are using (school or workplace). Then as you turned on the BitLocker encryption, the recovery key might be stored in the Azure AD account associated with your email.
To find the key, you should first log in, as you did with your Microsoft account, to get access to the recovery key from the account profile. However, you may need to contact your system administrator to get it.
Method 7: Retrieve BitLocker Recovery Key from the Command Prompt
Here’s how you use the Command prompt to find the BitLocker Recovery key:
- Step 1: open the Command prompt as an administrator. To do that, search for “Command prompt” or “CMD” in the Windows search and select “Run as Administrator” for the top result.
- Step 2: In the Command Prompt, type the following Command and press Enter to see your recovery key:
manage-bde -protectors H: -get
In the above Command, make sure to replace the letter “H” with the drive you want to find its recovery key. Once you enter the above Command, you'll see the recovery key under the password section. It is a string of 48-digit long numbers, as shown below.
Then write or note down the recovery and keep it safe, so you can use it later when necessary.
How to Verify If the BitLocker Recovery Key Is Correct?
The BitLocker recovery key is a 48-digit code, a unique with a random combination of numbers and letters. The “Key ID” contains the eight first characters after the three words in the actual "BitLocker recovery key."
To determine if your key is legit, you can compare the start of the complete BitLocker recovery key identifier with the recovery key ID value.
Why Is Windows Asking for My BitLocker Recovery Key?
Considering BitLocker is a defense mechanism in windows that protect data using encryption, anyone without authorization can’t access to drive that is BitLocker encrypted.
However, if Windows detects any unauthorized attempt, to be on the safe side, it will ask for the BitLocker recovery key. This also happens if you make changes in hardware, firmware, or software, BitLocker might consider them as an offensive act.
All these are for Windows to create extra security and ensure encrypted drives are safe from possible attacks.