Jan 26 2022
Security

4 Ways to Save Microsoft BitLocker Encryption Keys

Encrypting sensitive data is a critical security step. Microsoft makes it easy, but managing bitlocker keys and where they are saved can be a challenge.
Adam Bertram
by

Adam Bertram is a 20-year IT veteran, blogger and freelance writer. Follow him on Twitter @adbertram.

It’s always a good idea to secure sensitive data with Microsoft’s BitLocker encryption technology. BitLocker ensures only the owner can access the encrypted files.

The downside: Encrypting data with BitLocker comes with the overhead of managing encryption keys and the risk of data loss if you lose the keys. To mitigate that risk, it’s critical that BitLocker encryption keys are backed up and easily recoverable should the need arise. To do this, start by right-clicking on your storage volume in Windows 10 and click Manage BitLocker, then choose one of these four options.

1. Save to a USB Storage Device

If you want the ultimate in protection for your recovery keys, saving them to a USB storage device is a great option. Doing so allows you to create an offline backup of the recovery key, preventing any unauthorized access. To back up a recovery key to a USB storage device, choose “Save to a USB flash drive” in the BitLocker backup menu and specify a connected flash drive. Windows will do the rest.

Click the banner below to unlock exclusive security content when you register as an Insider.

BT Insider - Security BT Insider - Security

2. Save to a TXT File

Windows 10 also provides the option of backing up to a text file. By choosing the “Save to file” option, BitLocker allows you to specify a local or network location for the saved key. Once confirmed, the recovery key will be stored in a text file at your requested destination. Saving a recovery key to a text file is a good approach if you have a secure network location in mind.

3. Print to Paper Or File

Worried about storing important recovery keys digitally? No problem. BitLocker allows you to print the recovery key to physical paper via the “Print the recovery key” option. Printing a recovery key not only ensures the backup is not susceptible to data corruption but also provides a true physical barrier. Many choose to store this important paper in a bank safety deposit box or another secure area.

4. Save to a Microsoft Account

If you are logged in to your Windows 10 PC using your Microsoft account, BitLocker can save recovery keys to your Microsoft account in the cloud. By choosing the “Save to your Microsoft account” option, BitLocker will automatically create the backup and upload it. Simply authenticate to Windows 10 with your Microsoft account, and your recovery key will be immediately available.

NicoElNino/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now