If you’ve purchased a Windows computer anytime since about 2017, your hard drive is very likely encrypted with Microsoft’s BitLocker whether you know it or not.  Windows 10 and later comes with this security software enabled by default, so, unless you specifically turned it off, it is enabled on your machine, and you have an unlocking key that you need to keep safe.

BitLocker overview

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.  Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.

Why is this important?

A very good example of why this is important has been in National news for some time now.  You see, there is this laptop that was taken to a computer repair store and never retrieved.  The computer store owner (or manager) was able to read the hard drive it contained and then make copies of it.  To this day, the “contents” of this hard drive have been at the center of a political firestorm that shows little chance of abating anytime soon.  Had this hard drive been encrypted, this entire firestorm would likely never have seen the light of day.

The Recovery Key

If BitLocker is enabled on your device, you have a recovery key that you need to backup now, not later when you might need it and don’t know where to look for it or have no access to it.  Otherwise, you might have a similar issue to the person in this newsgroup post:

I only discovered this when the new Dell decided to flash its bios without asking and locked up the PC. Hope you've got access to your Microsoft Account on another PC so you can get to the 48-character recovery code you need to type in.

In his case, it was a BIOS flash.  It could just as easily be booting your PC from and USB stick for any of a dozen reasons, you’ll need that key to access the hard drive.  No key, no access and Microsoft support CANNOT help you!

Where to find it

Under most circumstances, finding the key is the easy part.  If you set your device up with a Microsoft MSA account, your BitLocker key is available at https://account.microsoft.com/devices/recoverykey.  If you set it up with a Work or School account, your network administrator can supply it.  If you used a local account, you’ll need to launch the BitLocker app from the Windows Control Panel to get it.  Note that this app will allow you to back up the key regardless of what account type you used.  Another important item to note is the name of the key, itself.  Windows computers come with a default name starting with DESKTOP- followed by seven alphanumeric digits.  If you haven’t changed your computer name from the factory setting, this will match the name you find under Settings > System > About.  Sadly, this name does not update if you change the computer name, so you should make note of the original name before you change it.

Back It Up!

To do this, you launch the BitLocker Drive Encryption app from the Windows Control Panel (Start > Windows System > Control Panel for a Windows 10 machine).  From there, click the Backup your Recovery Key link:

From here, you have several choices:

  • Save to your Microsoft Account - This will save the key in the Recovery Keys library of your Microsoft Account where you can easily get to it from any computer in the future.  If you set your device up using a Microsoft Account, this has already been done for you.

Note: If you're signed into a computer managed by your work or school this may say Save to your Azure AD account instead.

  • Save to a USB flash drive - If you have a flash drive handy you can save the key to it. If your computer asks for the key in the future just insert that USB drive and follow the onscreen instructions. The key takes only a couple of KB of space so the drive doesn't have to be large.

Important: Don't store this USB flash drive with the key on it with your computer. If a thief were to get the computer, they could steal the flash drive as well and bypass BitLocker encryption, leaving your data vulnerable.

  • Save to a file - You can save your recovery key as a plain text file on any device. If you need that file in the future just open it with any text editor like Notepad or Microsoft Word and you'll be able to read the key. You won't be able to save it to the BitLocker encrypted drive, so you may have to save it to a USB drive if you don't have a second, unencrypted, volume on the device.  Microsoft recommends copying or moving that text file to your OneDrive Personal Vault for safe and secure storage that can be readily accessed from any device if you need it.
  • Print the recovery key - You can simply print the recovery key if you prefer.

Important: Store that printout somewhere safe and don't keep it with the computer. If a thief were to steal the computer and the printed recovery key they could bypass BitLocker encryption, leaving your data vulnerable.

You can make as many backups as you want. It's not a bad idea to have more than one, just to be safe.  For more information on the subject, please see this Microsoft Learn article:  BitLocker recovery guide