What do I do when I forget my encryption passphrase on Windows?

This tutorial applies to the following operating system:

 Windows (BitLocker)

In the case that a user forgets the Power-On-Authentication passphrase that they set when encryption was enabled, a recovery key can be generated so that they can boot their computer and reset their passphrase. This recover key process will work regardless of a user’s location and a key can only be used once.

Request encryption assistance

Step 1:

Contact your TSP or Local Support, who will be able to assist you through the rest of the process.

At the Power-On-Authentication prompt when the computer has first been powered on, press Esc to access the Recovery Key Entry screen.

Press Esc to access the Recovery Key Entry screen.
Press Esc to access the Recovery Key Entry screen.

Step 2:

Your TSP or Local Support will generate a one-time use Recovery Key for you. Enter the Recovery Key into the eight blank spaces on the Recovery Key Entry screen

Enter the Recovery Key into the eight blank spaces on the Recovery Key Entry screen.Enter the Recovery Key into the eight blank spaces on the Recovery Key Entry screen.

Step 3:

If prompted, read the Recovery Key back to your TSP or Local Support as you have entered it in order to confirm that the key is correct. Press Enter to proceed with the boot process.

Press Enter to proceed with the boot process.
Press Enter to proceed with the boot process.

Step 4:

Once the machine has completed the boot process, log in to your account as you normally would.

Log in to your account as you normally would.
Log in to your account as you normally would.

Step 5:

In the lower right hand corner of the screen in the system tray, next to the clock, right click on the Sophos SafeGuard icon and select Reset BitLocker credentials.

In the lower right hand corner of the screen in the system tray, next to the clock.
In the lower right hand corner of the screen in the system tray, next to the clock.

Right click on the Sophos SafeGuard icon and select “Reset BitLocker credentials.”
Right click on the Sophos SafeGuard icon and select “Reset BitLocker credentials.”

Step 6:

In the resulting dialog box, enter and confirm your new passphrase. This will be the new passphrase you will use when booting your computer. In order to prevent unauthorized access to your computer, do not write this passphrase down.

In the resulting dialog box, enter and confirm your new passphrase.
In the resulting dialog box, enter and confirm your new passphrase.

This will be the new passphrase you will use when booting your computer.
This will be the new passphrase you will use when booting your computer.

Details

Article ID: 44
Created
Wed 12/6/17 11:02 AM
Modified
Thu 4/2/20 12:13 PM