You may be using BitLocker and not even know it.
I’ve recently run across a couple of cases where people have discovered that their system drive was BitLocker encrypted without their having turned encryption on.
I’ll admit that I believe this may have happened to me some time ago. Since I want BitLocker on, I probably thought nothing of it and moved on.
But there’s something important you weren’t pestered about in this process: the recovery key.
Become a Patron of Ask Leo! and go ad-free!
BitLocker may be enabled by default without your knowledge. You can examine all the BitLocker recovery keys associated with your Microsoft Account by visiting https://account.microsoft.com/devices/recoverykey, or you can examine the state of each drive, and back up its recovery key manually, by right-clicking on the drive in Windows File Explorer and clicking Manage BitLocker. Either way, if you’re using BitLocker, make sure to back up your recovery key.
Traditional BitLocker setup
If you explicitly turn on BitLocker full-disk encryption, at some point in the process you’ll be encouraged to save the recovery key.
It’s important that you take at least one of these options, if not more than one. The recovery key is your way back in should you lose the ability to sign in to Windows normally, or should you ever need to move the drive to a different machine.
It’s important to keep somewhere safe to avoid possibly losing access to everything on that drive, should something go wrong.
Great. But what if you didn’t take this path?
BitLocker on by default?
It turns out that several computer manufacturers are delivering machines with BitLocker turned on by default.
That has several implications:
- You may be using BitLocker right now and not even realize it.
- Your hard drive is more protected than you thought, whether or not you think you need that extra protection.
- You probably didn’t walk through the process of turning on BitLocker, and thus weren’t prompted to save your recovery key.
Personally, I’m just fine with BitLocker being on. You can turn it off, of course, if you don’t feel the same way.
It’s that last point, though, that has me the most concerned, and the reason for this article: the recovery key.
The quick way: using your Microsoft Account
Visit this URL:
This page lists all the BitLocker keys associated with your Microsoft account.
Shown above is the list that shows in my personal Microsoft account. There are several interesting things to note.
- One machine is listed multiple times. Each likely represents a reinstall of Windows and a re-creation of the BitLocker encryption. Technically, I probably don’t need the older ones, but there’s no reason not to leave them there, just in case.
- One machine doesn’t have BitLocker on any drives. It’s likely it’s a machine on which I turned BitLocker off.
- One machine’s name is incorrect. This implies that the key was saved before I changed the name of the machine from it’s auto-generated default to my own NOTEN-based naming scheme.
If you use BitLocker, see if any keys are listed here. If they are, then further back up this information somewhere else, just for safety. Take a screenshot of the page and save the image in a safe place, for example.
This is great, particularly if you suddenly need a recovery key for a drive you didn’t realize had BitLocker enabled.
My question, though, is how do I know if these are up to date?
The accurate way: backup your recovery key
Right-click on the drive in Windows File Explorer.
If the menu includes “Turn on BitLocker”, then BitLocker is not enabled for this drive. There’s nothing you need do. (If the menu has no Bitlocker option at all then you probably have the Home version of Windows without BitLocker support.)
If, however, it says “Manage BitLocker”, click on that.
Click on Back up your recovery key, and you’ll be given the options shown earlier to do exactly that. My suggestion is that you back up to both your Microsoft account (so as to be listed online, as I showed earlier) and in some other form. Once you have that other form, make sure to store it somewhere safe where you can find it if needed.
Whole disk encryption is a valuable approach to securing data, particularly on laptops and other mobile devices. BitLocker is a fine solution for Windows, but it’s important to make sure you have those recovery keys available should you ever need them. Particularly since BitLocker might be turned on without your knowledge, it’s doubly important to check.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!