If your system is asking you for your BitLocker recovery key, the following information may help you locate your recovery key and understand why you may be asked to provide it.
Where can I find my BitLocker recovery key?
BitLocker ensured that a recovery key was safely backed up prior to activating protection. There are several places that your recovery key may be, depending on the choice that was made when activating BitLocker:
- In your Microsoft account: Sign in to your Microsoft account on another device to find your recovery key:
- If you have a modern device that supports automatic device encryption, the recovery key will most likely be in your Microsoft account. For more, see Device encryption in Windows 10.
- If the device was set up or BitLocker protection was activated by another user, the recovery key may be in that user’s Microsoft account.
- On a printout you saved: Your recovery key may be on a printout that was saved when BitLocker was activated. Look where you keep important papers related to your computer.
- On a USB flash drive: Plug the USB flash drive into your locked PC and follow the instructions. If you saved the key as a text file on the flash drive, use a different computer to read the text file.
- In an Azure Active Directory account: If your device was ever signed in to an organization using a work or school email account, your recovery key may be stored in that organization's Azure AD account associated with your device. You may be able to access it directly or you may need to contact a system administrator to access your recovery key.
- Held by your system administrator: If your device is connected to a domain (usually a work or school device), ask a system administrator for your recovery key.
What is my BitLocker recovery key?
Your BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock your system if BitLocker is otherwise unable to confirm for certain that the attempt to access the system drive is authorized. This key may be stored in your Microsoft account, printed or saved as a file, or with an organization that is managing the device. The requirement for a recovery key in these cases is a critical component of the protection that BitLocker provides your data.
Why is Windows asking for my BitLocker recovery key?
BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more factors of authentication before it will unlock it, whether for regular Windows use or an unauthorized access attempt. Windows will require a BitLocker recovery key when it detects an insecure condition that may be an unauthorized attempt to access the data. This extra step is a security precaution intended to keep your data safe and secure. Some changes in hardware, firmware, or software can present conditions which BitLocker cannot distinguish from a possible attack. In these cases, BitLocker may require the extra security of the recovery key even if the user is an authorized owner of the device. This is to be certain sure that it really is an authorized user of the device attempting to unlock it.
How was BitLocker activated on my device?
There are three common ways for BitLocker to start protecting your device:
- Your device is a modern device that meets certain requirements to automatically enable device encryption: In this case your BitLocker recovery key is automatically saved to your Microsoft account before protection is activated.
- An owner or administrator of your device activated BitLocker protection (also called device encryption on some devices) through the Settings app or Control Panel: In this case the user activating BitLocker either selected where to save the key or (in the case of device encryption) it was automatically saved to their Microsoft account.
- A work or school organization that is managing your device (currently or in the past) activated BitLocker protection on your device: In this case the organization may have your BitLocker recovery key.
BitLocker is always activated by or on behalf of a user with full administrative access to your device, whether this is you, another user, or an organization managing your device. The BitLocker setup process enforces the creation of a recovery key at the time of activation.
If you are unable to locate a required BitLocker recovery key and are unable to revert and configuration change that might have cause it to be required, you’ll need to reset your device using one of the Windows 10 recovery options. Resetting your device will remove all of your files.