About Recovery Keys

Applies To: WatchGuard Full Encryption

Microsoft BitLocker technology protects data from unauthorized access. A BitLocker recovery key is a unique 48-digit key that unlocks a BitLocker protected hard drive. When WatchGuard Full Encryption detects unusual activity on a protected computer, Full Encryption prompts the user to enter a BitLocker recovery key.

Unusual activity might include:

  • A user makes repeated attempts to enter an incorrect PIN or password while the device boots up
  • A Trusted Platform Module (TPM) chip detects a change in the boot sequence
  • Changes are made to the computer motherboard
  • Deletion or disablement of TPM content

Full Encryption stores the recovery keys for all encrypted computer drives that it manages. Each encrypted drive has a unique recovery key.

To obtain a recovery key:

  1. From the top navigation bar, select Status.
  2. From the left pane, select Full Encryption.
  3. Click a status in the Encryption Status tile.
    The Encryption Status page opens and shows computers with the selected status.

    Encryption Status

  4. Click a computer item.
    The Computers page opens.
  5. In the Details > Data Protection section, click Get Recovery Key.

    Get Recovery Key
    The Get Recovery Key dialog box opens and shows the IDs of the encrypted drives on the computer.

  6. Click the encrypted drive ID of the key to recover.
  7. Click Copy Recovery Key.

To obtain a removable drive recovery key:

  1. In the Details > Data Protection section, click View Encrypted Devices on This Computer.
    The Encrypted Devices on This Computer dialog box opens and shows the IDs of the encrypted drives on the computer.
  2. Click the encrypted drive ID of the key to recover.
  3. Click Copy Recovery Key.

See Also

About Full Encryption

Full Encryption Authentication Types