Table of contents

The BitLocker recovery prompt is almost as scary as a blue screen of death. But it may have worse consequences if you don’t know how to find your recovery key

If you’re currently facing this issue, I’ll show you how to use your recovery key ID to retrieve the key. I’ll also explain how to back up your BitLocker recovery key to be better prepared in the future.

What Is a BitLocker Recovery Key

The Microsoft BitLocker recovery key is a 48-digit number required to regain access to encrypted drives.

BitLocker is a Windows feature that allows users to encrypt their drives using AES-128 or AES-256 encryption. It prevents access to outsiders who may want to retrieve information from the drive when it’s offline.

When setting up BitLocker, you’ll be prompted to create a password that allows you to open the locked drive. A recovery key is also created to ensure you can access your drive if you ever forget your password. Further, you’ll see backup options to ensure the recovery key is retrievable, as losing it means you may be denied access to your drive forever.

However, people whose main boot drives are encrypted may see a BitLocker recovery prompt asking them to provide the key. In this case, the prompt may prevent you from opening your computer.

2nd BitLocker prompt - from Microsoft
Image credit: Microsoft
  • In other cases, you may be blocked from entering a specific external drive or internal partition or volume.
1st Bitlocker prompt -from Microsoft_s website
Image credit: Microsoft

Why Is Windows Asking for a Microsoft BitLocker Recovery Key?

The recovery prompt is a security measure to ensure outside parties don’t have unauthorized access to your computer. Typically, you shouldn’t have to provide the key because Windows has an auto-unlock feature that unlocks encrypted drives. However, the recovery prompt appears when auto-unlocking is not turned on or fails to work.

If you’re experiencing the issue on an internal drive, BitLocker may ask for the recovery key because:

External drives with BitLocker encryption generally ask for passwords to decrypt the drive once you insert them into your computer. The prompt for the recovery keys appears when you repeatedly enter the wrong passwords.

How to Find Your BitLocker Recovery Key in Windows

Microsoft provides different backup options to make key recovery possible. They include your Microsoft account, USB flash drives, and file backups. I’ll show you how to get your BitLocker recovery key using these different methods.

Use your Microsoft account to find the BitLocker recovery key

This is the most common method for recovering your BitLocker key. It is the default backup option, as Windows automatically uploads the recovery key to your account whenever you switch your computer’s login option to your Microsoft account.

Your account may not contain your computer’s recovery key if someone else set up BitLocker on your system while logged into their Microsoft account. You may have to get them to access their account to recover the key.

Here’s how to get your BitLocker recovery key through your Microsoft account:

  • Go to the following address in your web browser:

https://account.microsoft.com/devices/recoverykey

  • Your browser will bring up the sign-in prompt if you’re not logged in.
  • Once you’re signed in, you should see the BitLocker recovery keys page. If you have multiple keys for different devices, they will be listed next to each device.
Bitlocker recovery keys Microsoft Account
  • If you don’t see the page, follow these steps:
    • Click Devices on the left side of your dashboard.
    • Select See details under the computer whose recovery keys you want to see.
Click See Details Microsoft Account Devices
    • Once you see the device’s page, click Manage recovery keys under BitLocker data protection to open the BitLocker recovery keys page.
Click Manage recovery keys
PRO TIP
A device can have multiple keys, which are differentiated by IDs. The recovery key ID for BitLocker is the first 8 digits in the recovery prompt. These 8 digits should match the key ID in your Microsoft account.

If you use a business account, go to Manage devices, open the menu for the device you want to unlock, and select the View BitLocker keys option.

Use Windows PowerShell to find the recovery key

There are different ways to retrieve your recovery password using Windows PowerShell or Terminal, as it is called in Windows 11. We’ll explain both methods so you get to pick the one that works.

You likely won’t see the recovery key if your drive is locked and you’re getting the BitLocker recovery prompt.

Here’s how to find your recovery key using the first PowerShell method:

  • Right-click the Start button or press the Windows and X keys simultaneously.
  • Click Terminal (admin) or Windows PowerShell (admin).
  • After the PowerShell window appears, type the following command and hit Enter:
Get-BitLockerVolume
  • You should see details about your drives listed in the PowerShell window now. The listed information tells which drive has BitLocker encryption.
Powershell Volume type MountPoint
  • Locate the drive you want to open and note down its Mount Point, another name for the drive letter.
  • Now, type the following into the PowerShell window and replace D with the drive’s mount point (drive letter) value you copied earlier:
(Get-BitLockerVolume -MountPoint D).keyProtector
Important!
Take note of the space before -MountPoint and ensure you don’t add a colon after the drive letter.
1st Powershell method recovery key
  • You should now see the drive’s recovery key next to RecoveryPassword.

Here’s the second method:

  • Type the following command and hit Enter once you open Terminal or Windows PowerShell as an administrator:
manage-bde -protectors -get D:
  • Remember to replace D: with your hard drive or partition letter. You’ll have to add the colon this time.
2nd method powershell BitLocker recovery password
  • In this case, you should see your recovery key for that drive under Password.

Contact your system administrator

If you’re using a school or organization computer, the recovery keys will be saved to the organization’s Microsoft account by default when automatic encryption is enabled. In this case, you can contact your administrator for the keys whenever you get a prompt. Most enterprises back up recovery keys using Azure Active Directory or Microsoft’s new Entra ID. So, you can contact the organization’s help desk to get the issue sorted.

Check other backup options

When setting up BitLocker for the first time, you may have backed up your recovery keys to a USB drive. If you can get your hands on that drive, insert it into the computer and follow the instructions that show up on your screen.

There’s also a printout option for backing up recovery keys. Go through your physical files to check whether you printed out a copy of your recovery keys.

How to Get Your BitLocker Recovery Key if It’s Lost

Recovering your lost keys when you can’t remember your password can be quite tricky. Microsoft cannot help you recover keys you deleted from your Microsoft account, and you may be unable to retrieve the key via PowerShell since the drive is locked.

Check other Microsoft accounts

I mentioned earlier that the recovery keys you need might be in the Microsoft account of the person who set up BitLocker on your system.

This might be the case if you inherited the PC from someone else.

If you’re still in touch, you can contact them to check their Microsoft account for a recovery key that matches your computer’s key ID.

It is also possible that you may have backed up the recovery keys to another Microsoft account that you can still access. Such cases happen when your computer’s OEM ships with BitLocker pre-activated, and the keys are automatically backed up the first time you log in with a Microsoft account.

Use recovery solutions

If the USB flash drive where you backed up the keys or saved the text file has been formatted, you can recover the lost data using data recovery software. You can also get help from professional recovery specialists.

Another method is employing professional data recovery services that know how to recover BitLocker keys from encrypted drives. While it’s a viable avenue to explore, you shouldn’t get your hopes up, as there’s no guarantee of success. As mentioned, BitLocker uses AES-128, which is quite formidable and challenging to crack.

What if you can’t recover the lost keys?

If nothing works, you may have to wipe the drive and reinstall Windows to get your computer working again. Unfortunately, this method deletes all your files, which may not be recoverable. The process involves using a bootable drive to install Windows 11 or Windows 10.

If you’re in this situation, check out this guide: How to Factory Reset a Windows 10 & 11 Computer

Download Auslogics BoostSpeed
Your one-stop PC maintenance and optimization tool, this program will clean, speed up, repair and tweak your system to ensure maximum speed and efficiency.
Download for Free Learn More
Privacy Policy   EULA

Back Up Your BitLocker Recovery Keys

If you want to keep BitLocker turned on, especially on your boot drive, it’s best to back up your keys in multiple places. You can use your Microsoft account, save the key as a text file, back up to a USB drive, and make a printout if possible. I’ll show you ways to do that.

Using Windows PowerShell

PowerShell can also help you save your recovery key as a text file. Here’s how:

  • Tap the Windows + X keyboard combo or right-click your Start button.
  • Select Windows PowerShell (admin) or Terminal (admin).
  • Now, type the following command and hit the Enter key:
cd\ 

This command takes you to your root directory. Type the following command to get to your desktop:

cd \users\YourUsername\Desktop

Take note of the space after cd  and replace YourUsername with your computer’s username. You can also check through the File Explorer window to confirm the folder path.

Powershell change directory
  • Type the following command and hit Enter: 
manage-bde -protectors -get D: > recovery.txt

Ensure you change the drive letter and take note of the spaces.

  • A new text file named recovery.txt will now be saved to your desktop directly.
Powershell create BitLocker recovery key text file
PRO TIP
You can enter the manage-bde command from your root directory without switching to the desktop folder. In this case, the file will be saved to This PC\Windows (C:).
  • Head to your desktop (press Win + D) and open the text file to confirm.

Here’s how to back up your recovery keys through the Control Panel:

  • Launch the Control Panel window by opening the Start menu, typing “control panel” and clicking the first result.
  • Select System and Security when the Control Panel opens.
System and Security control panel
  • Locate and click BitLocker Drive Encryption.
Click BitLocker Drive Encryption
  • Expand the drive with BitLocker turned on and click Backup your recovery key.
Backup your recovery key
  • To back up to your Microsoft account: Select Save to your Microsoft account. You must be logged into the account you want to back up to for this to work. You also need an internet connection.
Save bitlocker recovery keys
  • To back up to a USB drive: Insert your USB flash drive and select Save to a USB flash drive. Select the drive once you see the dialog window and click the Save button.
Save bitlocker recovery key to USB drive
  • To create a text file: Click the Save to a file option, navigate to any folder of your choice, enter a name if you want to, and click the Save button.
PRO TIP
You can also copy or move this file to an external drive or a cloud service for good measure.
  • To print a hard copy: Click the Print the recovery key option, choose your printer, and print the key. Ensure you keep the paperwork safe.
You should also save your password to a secure location, such as your password manager. That way, you have another layer of protection and will not have to always rely on your recovery key.

Copy the key from your Microsoft account

You can visit your Microsoft account, as explained earlier, write out the recovery key, and keep it in a safe location. You can also create a new Notepad file or Word document, copy and paste the key to the file, and save it to the cloud or any other secure drive.

Ensure you always keep your Microsoft account secure to avoid losing your keys in the future. That means setting up adequate account recovery options like adding email addresses and phone numbers.

Another option is to save the key to a password manager, just like securing regular passwords. Most managers allow you to create new text files to paste recovery keys.

How to Get BitLocker Recovery Key: Reestablishing Drive Access

The BitLocker recovery key issue demonstrates the importance of backups. You can open up your hard drive again as long as you have the recovery key saved somewhere, whether it’s your Microsoft account or a paper printout. The problem shouldn’t deter you from encrypting your data, as it serves a critical purpose.

Ensure you create backups for new drives and try your best to avoid deleting your passwords or old keys, as you may need them later.

FAQ

How do I remove BitLocker recovery?
You can turn off BitLocker to prevent your computer from ever asking for the recovery key. Head to the Control Panel window, click System and Security, and then select BitLocker Drive Encryption. Open the drive whose encryption you want to turn off, and select the Turn BitLocker off option.
Why does BitLocker keep asking for my recovery key?
The prompt is caused by numerous factors, such as TPM and BIOS upgrades, entering incorrect BitLocker passwords, and changes in BIOS settings. You may also see the prompt after a recent update or if you restore Windows.
Can I recover a lost BitLocker recovery key?
Recovering a lost key is almost impossible if your backup options fail to help you retrieve the key. These backup options include USB drive backups, printed hard copies, Microsoft account backups, and saved files.