Bitlocker recovery issue

Hi

It appears that my usb stick with the startup and recovery key on it, which had been working for years, has just died. I thought I was covered and as it turns out I was, found a duplicate bitlocker startup usb stick, phew. But for future reference want to understand how the bitlocker recovery screen, key and process should work.

I was looking at the record I kept of the recovery key but could not make head or tail of this as this key was actually displayed on the bitlocker blue recovery screen!

First question what is meant to be done with this 'recovery key' if just pressing escape displays the recovery key on the recovery screen?

Second question, I was unable to try that or any other key as my laptop keyboard (UK config) would only register numbers on the bitlocker recovery screen, no letters. How would I get around this if it was my only backup method?

If I had not remembered I had secreted a second usb key with decryption keys on it, I would have been stuffed until I could get to my other PC (in different part of country) to retrieve them to a new USB stick.

Thanks for any light that can be shed ont his. In future I woudl like not to be relyign on just ne method but also have a second method.

What you see on the recovery screen is NOT the recovery key. It is a unique identifier. The identifier is meant to help you find the right recovery key.

As an example, say you have 5 systems with BitLocker. When you save your BitLocker key, Windows will save an identifier with it because there is nothing that says "this key is for the C: drive on your system named "xyz". So Windows provides an identifier that it displays on the recovery screen. You can check your records to see what recovery key is associated with that identifier.

As an example, if I right-click on the C: drive in my system and choose to manage BitLocker, one of my options is to print a copy of my BitLocker recovery key. This is what that printout looks like (with the numbers altered, of course):

___________________
BitLocker Drive Encryption recovery key

To verify that this is the correct recovery key, compare the start of the following identifier with
the identifier value displayed on your PC.

Identifier:

11111111-1111-1111-1111-111111111111

If the above identifier matches the one displayed by your PC, then use the following key to
unlock your drive.

Recovery Key:

111111-111111-111111-111111-111111-111111-111111-111111

If the above identifier doesn't match the one displayed by your PC, then this isn't the right key
to unlock your drive.
Try another recovery key, or refer to https://go.microsoft.com/fwlink/?LinkID=260589 for
additional assistance
___________________

As for the keyboard only registering numbers - that is 100% normal and expected behavior because the recovery key is only numbers. There will NEVER be anything other than numbers in the recovery key. Once again, the number with the letters in it is actually the unique identifier that is associated with the matching recovery key.

One more thing:

I'm glad that you had a second copy of information, but this underscores something that relates to backups of all important data: ALWAYS make sure to have more than one copy!

Here is a strategy that I use:

I keep multiple thumb drives which themselves are also BitLocker encrypted. I store a copy of all my recovery keys there. The nice thing about the thumb drives is that they are protected with a password, so you'll never run into needing a recovery key for them. So long as you remember the password, you are good.

To make a backup copy of the recovery key, open File Explorer. Right-click the drive and choose Manage BitLocker, and then Back up your recovery key. One of your options will be to print the recovery key. I print it to a PDF file and that is what I save on my thumb drives.

Hope all this helps! Please do let me know if you have more questions.

idgat said:

... Don't use Bitlocker.

Half the forums on the internet would cease to exist were it not for users having problems with BL.

(And, in any case, relying on anything stored on a USB stick will only end in tears)

Sorry to voice a different opinion, but this is utter rubbish IMHO. !!No offense intended by this statement!!

BitLocker is completely reliable and a fantastic solution for encryption. I dare say that the majority of people with issues simply don't follow best practices or may have other underlying issues such as hardware issues. Backups should still always be maintained and proper procedures should be in place as is the case with or without BitLocker.

I've used BitLocker on literally a couple hundred systems and I'm not exaggerating when I say that I have NEVER EVER had problem one with it. Does that mean it's impossible to have a problem? Of course not. But you can have problems without any encryption as well.

Of course, you are entitled to your opinion - my point is simply that I would not be afraid in the least to use BitLocker. Just make sure you have proper planning and an understanding of the BitLocker solution on your side. For example, misunderstanding the identifier vs the actual recovery key is an important piece of info to be aware of!

Before I use BitLocker for the first time years ago, I made darn sure I knew what I was getting into!

As for storing data on USB sticks - I don't view that as any less reliable than a HD. In fact I can drop my USB sticks and toss then around with no problems. Try that with a HD. Again - never trust just one single backup! Always have multiple copies. I maintain a minimum of 4 copies of my really important stuff including off site and out of state backups. Heck, a nuclear blast couldn't cause me to loose my data. Of course, I might not be around to use it, but that's another story!