The BitLocker recovery prompt is almost as scary as a blue screen of death. But it may have worse consequences if you don’t know how to find your recovery key.
If you’re currently facing this issue, I’ll show you how to use your recovery key ID to retrieve the key. I’ll also explain how to back up your BitLocker recovery key to be better prepared in the future.
What Is a BitLocker Recovery Key
The Microsoft BitLocker recovery key is a 48-digit number required to regain access to encrypted drives.
BitLocker is a Windows feature that allows users to encrypt their drives using AES-128 or AES-256 encryption. It prevents access to outsiders who may want to retrieve information from the drive when it’s offline.
When setting up BitLocker, you’ll be prompted to create a password that allows you to open the locked drive. A recovery key is also created to ensure you can access your drive if you ever forget your password. Further, you’ll see backup options to ensure the recovery key is retrievable, as losing it means you may be denied access to your drive forever.
However, people whose main boot drives are encrypted may see a BitLocker recovery prompt asking them to provide the key. In this case, the prompt may prevent you from opening your computer.
- In other cases, you may be blocked from entering a specific external drive or internal partition or volume.
Why Is Windows Asking for a Microsoft BitLocker Recovery Key?
The recovery prompt is a security measure to ensure outside parties don’t have unauthorized access to your computer. Typically, you shouldn’t have to provide the key because Windows has an auto-unlock feature that unlocks encrypted drives. However, the recovery prompt appears when auto-unlocking is not turned on or fails to work.
If you’re experiencing the issue on an internal drive, BitLocker may ask for the recovery key because:
- Your BIOS/UEFI was recently updated.
- You changed specific BIOS settings.
- The Trusted Platform Module (TPM) was recently updated.
- You installed another hard drive with BitLocker encryption.
External drives with BitLocker encryption generally ask for passwords to decrypt the drive once you insert them into your computer. The prompt for the recovery keys appears when you repeatedly enter the wrong passwords.
How to Find Your BitLocker Recovery Key in Windows
Microsoft provides different backup options to make key recovery possible. They include your Microsoft account, USB flash drives, and file backups. I’ll show you how to get your BitLocker recovery key using these different methods.
Use your Microsoft account to find the BitLocker recovery key
This is the most common method for recovering your BitLocker key. It is the default backup option, as Windows automatically uploads the recovery key to your account whenever you switch your computer’s login option to your Microsoft account.
Here’s how to get your BitLocker recovery key through your Microsoft account:
- Go to the following address in your web browser:
https://account.microsoft.com/devices/recoverykey
- Your browser will bring up the sign-in prompt if you’re not logged in.
- Once you’re signed in, you should see the BitLocker recovery keys page. If you have multiple keys for different devices, they will be listed next to each device.
- If you don’t see the page, follow these steps:
- Click Devices on the left side of your dashboard.
- Select See details under the computer whose recovery keys you want to see.
-
- Once you see the device’s page, click Manage recovery keys under BitLocker data protection to open the BitLocker recovery keys page.
If you use a business account, go to Manage devices, open the menu for the device you want to unlock, and select the View BitLocker keys option.
Use Windows PowerShell to find the recovery key
There are different ways to retrieve your recovery password using Windows PowerShell or Terminal, as it is called in Windows 11. We’ll explain both methods so you get to pick the one that works.
Here’s how to find your recovery key using the first PowerShell method:
- Right-click the Start button or press the Windows and X keys simultaneously.
- Click Terminal (admin) or Windows PowerShell (admin).
- After the PowerShell window appears, type the following command and hit Enter:
Get-BitLockerVolume
- You should see details about your drives listed in the PowerShell window now. The listed information tells which drive has BitLocker encryption.
- Locate the drive you want to open and note down its Mount Point, another name for the drive letter.
- Now, type the following into the PowerShell window and replace D with the drive’s mount point (drive letter) value you copied earlier:
(Get-BitLockerVolume -MountPoint D).keyProtector
- You should now see the drive’s recovery key next to RecoveryPassword.
Here’s the second method:
- Type the following command and hit Enter once you open Terminal or Windows PowerShell as an administrator:
manage-bde -protectors -get D:
- Remember to replace D: with your hard drive or partition letter. You’ll have to add the colon this time.
- In this case, you should see your recovery key for that drive under Password.
Contact your system administrator
If you’re using a school or organization computer, the recovery keys will be saved to the organization’s Microsoft account by default when automatic encryption is enabled. In this case, you can contact your administrator for the keys whenever you get a prompt. Most enterprises back up recovery keys using Azure Active Directory or Microsoft’s new Entra ID. So, you can contact the organization’s help desk to get the issue sorted.
Check other backup options
When setting up BitLocker for the first time, you may have backed up your recovery keys to a USB drive. If you can get your hands on that drive, insert it into the computer and follow the instructions that show up on your screen.
There’s also a printout option for backing up recovery keys. Go through your physical files to check whether you printed out a copy of your recovery keys.
How to Get Your BitLocker Recovery Key if It’s Lost
Recovering your lost keys when you can’t remember your password can be quite tricky. Microsoft cannot help you recover keys you deleted from your Microsoft account, and you may be unable to retrieve the key via PowerShell since the drive is locked.
Check other Microsoft accounts
I mentioned earlier that the recovery keys you need might be in the Microsoft account of the person who set up BitLocker on your system.
This might be the case if you inherited the PC from someone else.
If you’re still in touch, you can contact them to check their Microsoft account for a recovery key that matches your computer’s key ID.
It is also possible that you may have backed up the recovery keys to another Microsoft account that you can still access. Such cases happen when your computer’s OEM ships with BitLocker pre-activated, and the keys are automatically backed up the first time you log in with a Microsoft account.
Use recovery solutions
If the USB flash drive where you backed up the keys or saved the text file has been formatted, you can recover the lost data using data recovery software. You can also get help from professional recovery specialists.
Another method is employing professional data recovery services that know how to recover BitLocker keys from encrypted drives. While it’s a viable avenue to explore, you shouldn’t get your hopes up, as there’s no guarantee of success. As mentioned, BitLocker uses AES-128, which is quite formidable and challenging to crack.
What if you can’t recover the lost keys?
If nothing works, you may have to wipe the drive and reinstall Windows to get your computer working again. Unfortunately, this method deletes all your files, which may not be recoverable. The process involves using a bootable drive to install Windows 11 or Windows 10.
If you’re in this situation, check out this guide: How to Factory Reset a Windows 10 & 11 Computer
Back Up Your BitLocker Recovery Keys
If you want to keep BitLocker turned on, especially on your boot drive, it’s best to back up your keys in multiple places. You can use your Microsoft account, save the key as a text file, back up to a USB drive, and make a printout if possible. I’ll show you ways to do that.
Using Windows PowerShell
PowerShell can also help you save your recovery key as a text file. Here’s how:
- Tap the Windows + X keyboard combo or right-click your Start button.
- Select Windows PowerShell (admin) or Terminal (admin).
- Now, type the following command and hit the Enter key:
cd\
This command takes you to your root directory. Type the following command to get to your desktop:
cd \users\YourUsername\Desktop
Take note of the space after cd and replace YourUsername with your computer’s username. You can also check through the File Explorer window to confirm the folder path.
- Type the following command and hit Enter:
manage-bde -protectors -get D: > recovery.txt
- A new text file named recovery.txt will now be saved to your desktop directly.
- Head to your desktop (press Win + D) and open the text file to confirm.
Here’s how to back up your recovery keys through the Control Panel:
- Launch the Control Panel window by opening the Start menu, typing “control panel” and clicking the first result.
- Select System and Security when the Control Panel opens.
- Locate and click BitLocker Drive Encryption.
- Expand the drive with BitLocker turned on and click Backup your recovery key.
- To back up to your Microsoft account: Select Save to your Microsoft account. You must be logged into the account you want to back up to for this to work. You also need an internet connection.
- To back up to a USB drive: Insert your USB flash drive and select Save to a USB flash drive. Select the drive once you see the dialog window and click the Save button.
- To create a text file: Click the Save to a file option, navigate to any folder of your choice, enter a name if you want to, and click the Save button.
- To print a hard copy: Click the Print the recovery key option, choose your printer, and print the key. Ensure you keep the paperwork safe.
Copy the key from your Microsoft account
You can visit your Microsoft account, as explained earlier, write out the recovery key, and keep it in a safe location. You can also create a new Notepad file or Word document, copy and paste the key to the file, and save it to the cloud or any other secure drive.
Another option is to save the key to a password manager, just like securing regular passwords. Most managers allow you to create new text files to paste recovery keys.
How to Get BitLocker Recovery Key: Reestablishing Drive Access
The BitLocker recovery key issue demonstrates the importance of backups. You can open up your hard drive again as long as you have the recovery key saved somewhere, whether it’s your Microsoft account or a paper printout. The problem shouldn’t deter you from encrypting your data, as it serves a critical purpose.
Ensure you create backups for new drives and try your best to avoid deleting your passwords or old keys, as you may need them later.