Skip to content Skip to navigation

Encryption Key Self-Recovery

If your computer is encrypted and you forget the password that unlocks your hard drive, you'll  need the encryption recovery key to unlock your drive.  A  self-service process to recover your encryption key is available for computers managed by BigFix or monitored by VLRE — provided you opted to have VLRE escrow your recovery key. My Devices does not generate the encryption key — it retrieves the key that was escrowed in a secure database via BigFix or VLRE.

To  recover your encryption key:

  1. Turn off the device whose encryption key you want to recover.
  2. From another device, go to mydevices.stanford.edu to launch the My Devices app.

    My Devices home page
  3. Click the link for the device whose encryption key you want to recover.
  4. On the Device Details page, in the Device Information section, in the Encryption Status row click Recover your encryption key.

    click link to start encryption key self-recovery process
  5. Two-step authentication is required to proceed. Enter your SUNet ID and password on the WebLogin screen and then enter your second factor.
  6. A window displays with the device's encryption key. Write this number down and note the time. The Encryption Key Recovery window closes 15 minutes after it opens.

    encrypiton key
  7. Turn on the device for which you need the encryption key to be able to log in.
  8. Enter the recovery key.
    • Windows: Press ESC and then ENTER. Enter the encryption key.
    • Mac: Click the question mark  in the password field.  Then, click the arrow after the message saying you can reset your password using your recovery key. Enter your encryption key in the recovery key field.
  9. Reset the password that unlocks your hard drive.
    • Windows 8.1 and Windows 10: On the Start page, in the search box, search for  BitLocker. Click Manage BitLocker to open the BitLocker Drive Encryption control panel. Click Change password > Reset a forgotten password.
    • Windows 7: Click Start. In the search box, enter BitLocker. Click Manage BitLocker to open the BitLocker Drive Encryption control panel. Click Manage BitLocker > Reset PIN.
    • Mac OS: After you have created a new password you may be prompted to enter your old password for the Login Keychain.  Depending on your operating system, there are procedures for temporarily disabling this prompt and allowing the Login Keychain to be updated on your next reboot.  If you encounter this and are unsuccessful in getting past the prompt, please submit a HelpSU request.

If you need assistance with recovering your encryption key, please submit a HelpSU request or call (650) 725-HELP (5-4357).

Last modified October 19, 2015