Jun 14 2024
Security

4 Ways to Save Microsoft BitLocker Encryption Keys

Encrypting sensitive data is a critical security step. Microsoft makes it easy, but managing bitlocker keys and where they are saved can be a challenge.

Editor's note: This article was originally published in January 2022 and has been recently updated.

It’s always a good idea to secure sensitive data with Microsoft’s BitLocker encryption technology. BitLocker ensures only the owner can access the encrypted files.

The downside: Encrypting data with BitLocker comes with the overhead of managing encryption keys and the risk of data loss if you lose the keys. To mitigate that risk, it’s critical that BitLocker encryption keys are backed up and easily recoverable should the need arise. To do this, start by right-clicking on your storage volume in Windows 11 and click Manage BitLocker, then choose one of these four options.

1. Save to a USB Storage Device

If you want the ultimate in protection for your recovery keys, saving them to a USB storage device is a great option. Doing so allows you to create an offline backup of the recovery key, preventing any unauthorized access. To back up a recovery key to a USB storage device, choose “Save to a USB flash drive” in the BitLocker backup menu and specify a connected flash drive. Windows will do the rest.

Click the banner below to read the 2024 CDW Cybersecurity Report.

 

2. Save to a TXT File

Windows 11 also provides the option of backing up to a text file. By choosing the “Save to file” option, BitLocker allows you to specify a local or network location for the saved key. Once confirmed, the recovery key will be stored in a text file at your requested destination. Saving a recovery key to a text file is a good approach if you have a secure network location in mind.

LEARN MORE: Check out this guide to Windows 11.

3. Print to Paper Or File

Worried about storing important recovery keys digitally? No problem. BitLocker allows you to print the recovery key to physical paper via the “Print the recovery key” option. Printing a recovery key not only ensures the backup is not susceptible to data corruption but also provides a true physical barrier. Many choose to store this important paper in a bank safety deposit box or another secure area.

4. Save to a Microsoft Account

If you are logged in to your Windows 11 PC using your Microsoft account, BitLocker can save recovery keys to your Microsoft account in the cloud. By choosing the “Save to your Microsoft account” option, BitLocker will automatically create the backup and upload it. Simply authenticate to Windows 10 with your Microsoft account, and your recovery key will be immediately available.

NicoElNino/Getty Images
Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.