Skip to content Skip to site navigation Skip to service navigation

How to Self-Recover Your Computer Encryption Key

If your computer is encrypted and you forget the password that unlocks your hard drive, you'll need the encryption recovery key to unlock your drive.  A  self-service process to recover your encryption key is available for computers managed by Jamf or BigFix, or monitored by VLRE — provided you opted to have VLRE escrow your recovery key. MyDevices does not generate the encryption key — it retrieves the key that was escrowed (i.e., stored on your behalf) in a secure database via Jamf, BigFix or VLRE.

To  recover your encryption key:

  1. Turn off the device whose encryption key you want to recover.
  2. From another device, go to mydevices.stanford.edu to launch the MyDevices application.
  3. Click the link for the device whose encryption key you want to recover.
  4. On the Device Details page, locate the Actions button. Click the Actions button and then select Recover Encryption Key.
  5. Note: If your device's encryption key is not escrowed, a message saying that an encryption key is not available for the device is displayed in the Status section of the Device Details page.
  6. Two-step authentication is required to proceed. Enter your SUNet ID and password on the Stanford Login screen if prompted, and then enter your second factor.
  7. A window displays with the device's encryption key. Write this number down and note the time. The Encryption Key Recovery window closes 15 minutes after it opens.
  8. Turn on the device for which you need the encryption key to be able to log in.
  9. Enter the recovery key.
    • Windows: Press ESC and then ENTER. Enter the encryption key.
    • Mac: Click the question mark  in the password field.  Then, click the arrow after the message saying you can reset your password using your recovery key. Enter your encryption key in the recovery key field.
  10. Reset the password that unlocks your hard drive.
    Note: If you are prompted for a password that you don't know, please contact your local IT support, submit a Help ticket or call the IT Service Desk at (650) 725-HELP (5-4357).
    • Windows 8.1 and Windows 10: On the Start page, in the search box, search for  BitLocker. Click Manage BitLocker to open the BitLocker Drive Encryption control panel. Click Change password > Reset a forgotten password.
    • Mac OS: After you have created a new password you may be prompted to enter your old password for the Login Keychain.  Depending on your operating system, there are procedures for temporarily disabling this prompt and allowing the Login Keychain to be updated on your next reboot.  If you encounter this and are unsuccessful in getting past the prompt, please submit a Help ticket.

If you need assistance with recovering your encryption key, please submit a Help ticket or call (650) 725-HELP (5-4357).

Last modified May 25, 2023