Disk encryption is a great feature. You can be sure that your data is safe even if your device is lost or stolen. But if you lose the encryption key, you will never be able to access your data. Here’s how you can back up your encryption key in a safe place.
Content
- What is encryption?
- How to Back Up Your Recovery Key
- Find your local recovery key
- Find the recovery key stored by Microsoft
- Where to store the recovery key?
- On your mobile phone
- In the cloud
- Physical copy
What is encryption?
Encryption is a means of data obfuscation, it cannot be read without the appropriate key to “unlock” it. In practice, this means that your encrypted messages cannot be intercepted and read by third parties, your sensitive medical data can be digitally transferred securely, and the files you encrypt before uploading to the cloud are protected from prying eyes. eyes.
Encryption is essential for security in the digital world, whether you’re a single person sending iMessages back and forth or the largest financial institution on the planet.
Windows is slowly implementing disk encryption, but things are slowly changing. All Windows 11 devices will support either device encryption or full BitLocker encryption, depending on which version of Windows 11 you’re running. Generally speaking, this means that even if someone steals your computer and rips out the drive, they won’t be able to access anything on it.
Of course, this also means you won’t be able to access your data if you need access to your data and don’t have the encryption key handy.
How to Back Up Your Recovery Key
Most users running Windows 11 have created a PC user account with a Microsoft login. In this case, your recovery key is stored on Microsoft servers. It is also stored locally – if you set up a local account, you will only have a local copy. We will consider both scenarios.
Note. Windows 11 Professional users will have additional options related to BitLocker. These instructions are for everyone and will work regardless of your version of Windows.
Find your local recovery key
The most universal way to get a recovery key is in PowerShell. Run Terminal as administrator—the easiest way is to right-click the Start button or press Windows+X and select “Terminal (Admin)”—and make sure you have your PowerShell profile open.
(If you don’t have an open PowerShell profile, click the down arrow on the tab bar and select “Windows PowerShell”)
Copy and paste the following command into the terminal and then pressEnter:
(Get-BitLockerVolume -MountPoint C).KeyProtector
You will see your recovery key displayed on the page. You can copy and paste it, take a screenshot or write it down.
Alternatively, you can have PowerShell write information to a text file. This writes it to a “txt” file on the desktop named “recoverykey.txt.” Here is the command:
(Get-BitLockerVolume -MountPoint C).KeyProtector | Out-File -FilePath $HOME/Desktop/recoverykey.txt
If the commands do nothing, nothing is displayed in the console, or nothing is written to the file, then your drive is not encrypted and does not have a recovery key.
Warning. If you are using a local account and are trying to enable device encryption, you will receive the message “Sign in with a Microsoft account to complete encryption of this device.” This message may mean that your device is not encrypted until you sign in to your Microsoft account. This impression is wrong. Your device will be encrypted and you should be sure to manually back up your recovery key.
Find the recovery key stored by Microsoft
Microsoft saves recovery keys for all Microsoft online logins. default. Just go to the Microsoft recovery key page and you will see a screen like this:
You can copy and paste this information into a text file, print the page, save it as a screenshot or photo on your phone, or do whatever works for you.
Where to store the recovery key?
You choose the best place to store the key, as there are many good places where you could store it, but they all come with some risk. Don’t keep it as a note pinned to your computer – that’s probably the worst place to save it. Don’t just save it to your PC’s hard drive. It’s completely useless there, as you won’t be able to access it when you need it.
On your mobile phone
Modern mobile phones can create encrypted notes that can only be read with a different password or device PIN. You can store the recovery key there so it will always be with you and it is unlikely that someone will be able to steal your phone and bypass the encryption.
You can also take a picture of it with your mobile phone.
In the cloud
You can always save the recovery key as a text file or a screenshot and then upload it to the cloud – anyway, that’s how Microsoft automatically handles the situation. However, you can upload it to any reputable cloud service you like. If you’re worried about storing it in the cloud, you can always double your security by putting it in a password-protected ZIP file.
Physical copy
You can always make a physical copy of the key, either by printing it out or writing it down on a piece of paper. If you have a safe for important files, documents or photos, you can put it there. Alternatively, you can simply file it with the rest of your documents. Just don’t lose it.
Regardless of which options you choose, you should save your recovery key in several places. Things happen – phones are accidentally bathed or dropped, cloud logins are forgotten, and documents are easily lost or damaged. Losing access to your files due to a lost recovery key is completely preventable if you plan ahead.