Skip to content Skip to site navigation Skip to service navigation

How to Self-Recover Your Computer Encryption Key

After January 14, 2020, Microsoft will no longer provide security updates or support for computers running Windows 7. All Windows 7 computers used for Stanford activities should be upgraded to Windows 10 by January 2020. Learn more about upgrading to Windows 10 by January 2020.

If your computer is encrypted and you forget the password that unlocks your hard drive, you'll  need the encryption recovery key to unlock your drive.  A  self-service process to recover your encryption key is available for computers managed by BigFix or monitored by VLRE — provided you opted to have VLRE escrow your recovery key. MyDevices does not generate the encryption key — it retrieves the key that was escrowed (i.e., stored on your behalf) in a secure database via BigFix or VLRE.

To  recover your encryption key:

  1. Turn off the device whose encryption key you want to recover.
  2. From another device, go to mydevices.stanford.edu to launch the MyDevices app.

    MyDevices home page
  3. Click the link for the device whose encryption key you want to recover.
  4. On the Device Details page, in the Device Information section, in the Encryption Status row click Recover your encryption key.
    Note: If your device's encryption key is not escrowed, a message saying that an encryption key is not available for the device is displayed instead of the link.

    click link to start encryption key self-recovery process
  5. Two-step authentication is required to proceed. Enter your SUNet ID and password on the WebLogin screen and then enter your second factor.
  6. A window displays with the device's encryption key. Write this number down and note the time. The Encryption Key Recovery window closes 15 minutes after it opens.
    encryption recovery key
  7. Turn on the device for which you need the encryption key to be able to log in.
  8. Enter the recovery key.
    • Windows: Press ESC and then ENTER. Enter the encryption key.
    • Mac: Click the question mark  in the password field.  Then, click the arrow after the message saying you can reset your password using your recovery key. Enter your encryption key in the recovery key field.
  9. Reset the password that unlocks your hard drive.
    Note: If you are prompted for a password that you don't know, please contact your local IT support, submit a Help ticket or call the IT Service Desk at (650) 725-HELP (5-4357).
    • Windows 8.1 and Windows 10: On the Start page, in the search box, search for  BitLocker. Click Manage BitLocker to open the BitLocker Drive Encryption control panel. Click Change password > Reset a forgotten password.
    • Windows 7: Click Start. In the search box, enter BitLocker. Click Manage BitLocker to open the BitLocker Drive Encryption control panel. Click Manage BitLocker > Reset PIN.
    • Mac OS: After you have created a new password you may be prompted to enter your old password for the Login Keychain.  Depending on your operating system, there are procedures for temporarily disabling this prompt and allowing the Login Keychain to be updated on your next reboot.  If you encounter this and are unsuccessful in getting past the prompt, please submit a Help ticket.

If you need assistance with recovering your encryption key, please submit a Help ticket or call (650) 725-HELP (5-4357).

Last modified May 22, 2018