With so much hacking, scamming, theft, and spying in the digital world, encryption is becoming more popular. You see it in messaging apps like Signal and WhatsApp, in secure connections to websites that start with "https," and on computer hard drives. Both Apple and Microsoft enable hard drive encryption to protect you if your system is lost, stolen, compromised online, or just sold or given away (without the disk having been wiped).
But protecting against these dangers comes with its own danger. What if you can't get into your own hard drive? That can happen if you forget your password or PIN or if software glitches lock you out.
Three times in less than two years – in July of 2024, May 2025, and October of 2025 - Microsoft issued Windows 10 and 11 software updates that caused some systems to boot into BitLocker recovery mode, potentially locking users out of their encrypted drives. (Note that on October 14, Microsoft stopped supporting Windows 10 and advised everyone to upgrade to Windows 11 – if their computer can support it.)
The bugs affected users of PCs running Windows Pro, Enterprise, or Education editions with BitLocker hard drive encryption enabled. (Windows Home PCs have a slightly different encryption system.) The glitch caused some of these PCs to boot into the BitLocker recovery screen, which asked users to enter their recovery key to gain access, and possibly prompted the question, "What's a recovery key?".
So let's answer that question now, before it's too late.
How to Use Recovery Keys
The recovery key is a unique 48-digit number generated when disk encryption is first enabled – be it BitLocker or the generic-sounding "Device encryption" in Windows 10 and 11 Home.
If you are unable to access your hard drive through the normal process of logging in to your computer (say, you forget your password), the recovery key is the only way to decrypt it. If you don't have your recovery key, everything on the disk is irrevocably irretrievable (except in some systems managed by corporate IT departments).
It may be tempting to simply forgo hard drive encryption for this reason. But it provides real security benefits in an increasingly unsecure world. And, Microsoft offers several ways to keep your recovery key safe in case you ever need it. Here's how to do that.
1. Check if Encryption is Already On
In Windows 10 and 11 Pro, Enterprise, and Education editions, press the Windows key or click the Windows Start icon in the taskbar, type “BitLocker” in the search field, and select “Manage BitLocker” from the list of results. If the next screen shows that BitLocker is off, click "Turn on BitLocker."
In Windows 10 and 11 Home, press the Windows key or Start button and search for “encryption”. Click “Device encryption settings” in the results, and on the next screen, make sure the switch next to “Device encryption” is toggled on.
2. Store a Recovery Key
You have several options for where to store your recovery key. The safest would be in your online Microsoft account, as Microsoft takes responsibility for keeping it safe. If your disk is encrypted, the key may already be stored with Microsoft. That's the case if you had signed into your Microsoft account in Windows (not just in the web browser) before encryption was turned on. To find out, click Start button > Settings > Accounts > Your info.
If it shows that you are signed in online, you should be set. But visit your Microsoft account on the web to make sure.
To access your key for Windows Home systems, go to the Recovery Keys page.
To check for a saved BitLocker key, log in to your Microsoft account and navigate to the BitLocker recovery keys page
If you don't see a Recovery Key, you will have to turn encryption off, wait for the drive to decrypt, then turn it back on. This will force Windows to store a new key in your online account.
If you clicked Start button > Settings > Accounts > Your info and saw that you were not logged in on your PC, select "Sign in with a Microsoft account instead." Sign in, then restart your device and turn encryption on. Windows will automatically store your key in your online account. (But check to make sure it worked.)
If you don't feel comfortable linking your PC to your Microsoft account (say, for privacy concerns), you can still store it online using a password manager. When you enable encryption, you will be offered the option of printing out the recovery key or saving it to a PDF, USB drive, or text file. Choose “text file” and open the document. Copy the key from the text file and paste it into your password manager, then delete the text file.
Read more: Everything You Need to Get Started with Google Password Manager
But if you feel safest going the offline route with a printout or USB key, make sure you have a very secure place to keep either – ideally, locked in a safe. The only way to keep a PDF or text file totally secure would be to store it on an encrypted drive, but that won't do any good if you need it to unlock the very device that it's locked up on.
[Images: Screenshots by Sean Captain, illustration by Sean Captain/Techlicious via ChatGPT]
