You Might Be Using BitLocker Without Even Knowing It
I recently came across a couple of situations where people discovered that their system drive was encrypted with BitLocker without them having enabled encryption themselves.
I have a feeling that something similar might have happened to me in the past. Since I wanted BitLocker activated, I probably didn’t pay much attention to it.
However, there’s an important aspect that you need to be aware of during this process: the recovery key.
The Traditional Way of Setting Up BitLocker
If you explicitly turn on full-disk encryption with BitLocker, you’ll be prompted to save the recovery key at some point during the setup process.
Prompt to back up your BitLocker recovery key. (Screenshot: askleo.com)
It’s crucial to choose at least one of these options, if not more. The recovery key serves as your lifeline in case you lose the ability to sign in to Windows normally or need to transfer the drive to a different machine.
Make sure to keep the recovery key in a safe place to prevent potential loss of access to all the data on that drive if something goes wrong.
But what if you didn’t follow this path?
Could BitLocker Be Enabled by Default?
As it turns out, several computer manufacturers ship their machines with BitLocker enabled by default.
Who would’ve thought?
This has a few implications:
- You might currently be using BitLocker without even realizing it.
- Your hard drive is more secure than you might have expected, regardless of whether you believe you need that extra protection.
- You probably didn’t go through the process of activating BitLocker, which means you weren’t prompted to save your recovery key.
Personally, I’m perfectly fine with BitLocker being enabled. Of course, if you don’t share the same sentiment, you can always turn it off.
However, that last point is what concerns me the most—and the reason I’m writing this article: the recovery key.
The Quick and Easy Way: Using Your Microsoft Account
To find your recovery keys associated with your Microsoft account, visit the following URL:
This page displays all the BitLocker keys linked to your Microsoft account.
BitLocker recovery keys. Click for larger image. (Screenshot: askleo.com)
In the screenshot above, you can see the list of recovery keys in my personal Microsoft account. There are a few interesting observations worth noting:
- One machine is listed multiple times. Each entry likely represents a Windows reinstallation and the subsequent creation of a new BitLocker encryption. Technically, I probably don’t need the older entries, but it doesn’t hurt to keep them, just in case.
- One machine doesn’t have BitLocker enabled on any drives. It’s likely that I turned off BitLocker on that particular machine.
- One machine’s name is incorrect. This suggests that the key was saved before I changed the machine’s name from its automatically assigned default to my own naming scheme.
If you’re using BitLocker, check if any keys are listed here. If they are, it’s advisable to back up this information somewhere else for added safety. For instance, take a screenshot of the page and save the image in a secure location.
This is particularly useful if you suddenly need a recovery key for a drive you didn’t realize had BitLocker enabled.
But here’s the question: How can you ensure that these recovery keys are up to date?
To be honest, you can’t.
The Reliable Method: Backing Up Your Recovery Key
Right-click on the drive in Windows File Explorer.
Manage BitLocker option. (Screenshot: askleo.com)
If the context menu includes the option “Turn on BitLocker,” it means that BitLocker is not enabled for that drive, so you don’t need to take any action. (If there is no BitLocker option at all, it’s likely that you have the Home version of Windows, which doesn’t support BitLocker.)
If, however, it says “Manage BitLocker,” click on that.
Manage BitLocker, Backup your recovery key option. Click for larger image. (Screenshot: askleo.com)
Click on Backup your recovery key, and you’ll be presented with the options shown earlier to complete the process. I recommend backing up to both your Microsoft account (so it’s listed online, as I demonstrated earlier) and another form, such as saving it to a different location. Once you have an additional copy, ensure that you store it somewhere secure where you can easily access it if needed.
Whole disk encryption is an effective way to secure data, particularly on laptops and other portable devices. BitLocker is a reliable solution for Windows, but it’s essential to have those recovery keys readily available in case you ever require them. Since BitLocker can be enabled without your knowledge, it’s crucial to double-check.