BitLocker · Windows

Where to find your BitLocker recovery key.

Being met by BitLocker’s blue recovery screen asking for a 48-digit key you don’t remember creating is genuinely alarming — but in the vast majority of cases, that key isn’t lost. It was saved somewhere when BitLocker was switched on, and finding it is usually just a matter of knowing where to look. Here are the places it lives.

Free 48-hour diagnostic
Handled in-house
No fix, no fee · most jobs
// in short

It’s almost certainly saved.

The 48-digit key was recorded when BitLocker was enabled — usually in your Microsoft account or your organisation’s records. In most ‘lost key’ cases, it’s simply somewhere you can reach.

48 digits
The recovery key
Saved
When BitLocker was on
Microsoft
Account, for personal PCs
IT
For work devices
// why asked

Why you’re being asked for it.

First, some reassurance about why the screen appeared. A BitLocker recovery prompt usually follows a change the drive’s protection didn’t expect — a firmware or BIOS update, a hardware change, a new boot setting, or a forgotten PIN. BitLocker’s security tied the key to your machine’s startup state, and when that changed, it fell back to asking for the recovery key as a safeguard. It doesn’t mean anything is broken.

What it does mean is that you now need the 48-digit key — so let’s find it. The good news is that it was almost certainly recorded when BitLocker was first enabled.

// where to look

Where the key lives.

There are a handful of places BitLocker saves the recovery key, depending on the machine. Work through them:

01

Your Microsoft account

For personal PCs, this is the most likely spot. Sign in at account.microsoft.com/devices/recoverykey on another device — modern Windows often auto-saves the key here.

02

Work or school IT

For a company or school device, IT holds it — retrieved from Azure AD / Entra ID or Active Directory, matched to your specific machine. Ask them.

03

A saved file or printout

When BitLocker was enabled, you may have printed the key or saved it to a text file. Check documents, drawers, and any ‘BitLocker Recovery Key’ .txt file.

04

A USB flash drive

BitLocker offers to save the key to a USB stick during setup. Check any USB drives you may have used at the time.

// microsoft account

Your Microsoft account in detail.

For most home users, the Microsoft account is the answer. Recent versions of Windows enable “device encryption” automatically on many PCs and quietly back the recovery key up to the Microsoft account you signed in with — which is why people who never knowingly set up BitLocker still find a key waiting there. On another phone or computer, go to account.microsoft.com/devices/recoverykey and sign in with the same account.

If you have more than one Microsoft account, try each — the key is tied to whichever account was signed in when encryption was enabled.

// matching

Matching the right key.

You may find more than one key listed — if you have several encrypted drives or devices, each has its own. The BitLocker recovery screen shows a Key ID (a short string, the first part of a longer identifier), and each saved key is listed with a matching ID. Match the ID on your screen to the ID in your records to pick the correct 48-digit key.

Enter that key at the recovery prompt and the drive unlocks. It’s worth double-checking the ID rather than guessing, especially if you manage multiple machines.

// cant find

If you genuinely can’t find it.

Be honest with yourself here, because it matters. If the key isn’t in any Microsoft account, your IT department has no record, and there’s no printout or file anywhere — and the drive won’t release the key itself — then the data may be unrecoverable. BitLocker’s encryption can’t be broken without the key, and no legitimate service can “crack” it. Anyone claiming they can should be treated with real caution.

Before concluding that, though, exhaust every avenue — every Microsoft account, every old USB stick, IT, and any documents from when the machine was set up. In the great majority of cases, the key really is recorded somewhere.

// drive failed

If the drive has also failed.

One more scenario: the drive is BitLocker-locked and has physically failed or won’t boot. If you have the recovery key, this is still recoverable — a lab can image the failing drive first, then decrypt the copy with your key and extract the data, all without stressing the original. The key is the essential ingredient; with it, even a failed encrypted drive can be recovered.

What no one can do is recover a failed and locked drive with no key — so if the key exists, keep it safe, because it’s what makes the difference.

// faq

Common questions.

What people ask us most about BitLocker recovery keys.

The most likely place, for a personal PC, is your Microsoft account — sign in at account.microsoft.com/devices/recoverykey on another device. For a work or school machine, IT can retrieve it from Azure AD or Active Directory. It may also have been printed, saved to a text file, or stored on a USB stick when BitLocker was enabled. In most cases, it’s recorded somewhere you can reach.

Because recent versions of Windows enable device encryption automatically on many PCs and quietly save the recovery key to the Microsoft account you signed in with. That’s why people who never knowingly turned on BitLocker still find a key waiting in their Microsoft account. Check account.microsoft.com/devices/recoverykey with the account you use on that PC.

Exhaust every option first — every Microsoft account, your IT department, any printouts, files or USB sticks from setup. If the key genuinely isn’t recorded anywhere and the drive won’t release it, the data may be unrecoverable, because BitLocker can’t be broken without the key and no legitimate service can crack it. But in most cases the key is saved somewhere, so it’s worth a thorough search.

// locked and failed?

BitLocker drive locked and failing? With the key, we can help.

If you’ve found your recovery key and the drive has also failed, we can image it and decrypt the copy to recover your data. We recover with your key — we never crack encryption. Post it in from anywhere in the UK, or drop it to us in Belfast.

Call us — 028 9002 0144
Mon–Fri · 9am–5:30pm · No fix, no fee
Start a free diagnostic →
028 9002 0144