TL;DR: Don’t power-cycle endlessly. Fetch the recovery key on a clean device (Microsoft/Apple/IT admin), unlock once, back up immediately, then fix the root cause. No key and a sick disk? Stop DIY — we’ll image first, then attempt recovery.

What the prompts mean (plain English)

BitLocker (Windows): Your system drive is encrypted. Windows needs the 48-digit recovery key (8 groups of 6 digits) to unlock.
FileVault (macOS): Your disk is encrypted with FileVault 2. You’ll be asked for your user password or a recovery key (alphanumeric blocks).

These screens don’t mean the disk is dead — they’re asking for proof you’re allowed in.

Where to find your key (common places)

BitLocker

Personal Microsoft account: Sign in on another device → Devices → Recovery keys.
Work/School (Entra ID/Azure AD): Ask your IT admin; the key is attached to the device object.
On-prem AD: IT can read the key from Active Directory (if escrow was enabled).
Printed/USB/.txt: Check the places you save important docs.
Already in Windows and want to note it for later?
- Run: manage-bde -protectors -get C: and save the Recovery Key ID & value.

FileVault

Apple ID (if chosen at setup): Sign in on another device → check the Mac’s FileVault recovery option.
MDM/IT: Managed Macs escrow the key with your admin.
Local recovery key: Some users wrote it down; look for a 24-character code in 6 groups.
Already in macOS and want to note it for later?
- Run: fdesetup status (should say FileVault is On), then sudo fdesetup recover or check your MDM profile for escrow.

Do-nots (they make things worse)

Don’t factory-reset or reinstall over the encrypted disk before backup.
Don’t run disk “repairs” or CHKDSK on a clicking/SMART-failing drive.
Don’t guess the key repeatedly (lockouts happen).
Don’t disable BitLocker/FileVault during instability; back up first.

Our recovery workflow (data-first)

Intake & quick health checks — power, SMART/SSD wear, temperatures.
Image first if any instability is detected (we preserve a read-only copy).
Unlock/repair from the image using your provided key; verify sample files.
Fix the root cause — firmware/TPM alignment, OS/driver repair, bootloader, or policy changes.
Handover & hardening — confirm backups, store keys safely, document what changed.

Start here: Data recovery assessment
Protect yourself next time: Cloud backup setup
New device setup without surprises: Remote support session

A simple, safe key-storage plan (students & SMEs)

Students (1–3 devices)

Store the recovery key in your password manager (secure note), plus one printed copy in a safe place.
Keep OneDrive/Google Drive active so you can back up right after an unlock.
Add recovery codes for email/Microsoft/Apple IDs to the same secure note.

SMEs (5–50 devices)

Centralise: escrow BitLocker keys to your organisation directory; escrow FileVault keys to MDM.
Document: device → user → key escrow location → last verified date.
Break-glass: keep a sealed admin account + vault procedure for after-hours incidents.
Quarterly: test one device unlock path end-to-end; rotate anyone who has access to keys.

Need help implementing this? Book Cybersecurity hardening or a Remote support session.

Quick links (book in minutes)

Image-first backup & recovery → Data recovery assessment
Cloud backup that actually restores → Cloud backup setup
New PC/Laptop setup (guided) → Remote support session
Got questions now? → Contact us

FAQs

Windows: the screen shows a Recovery Key ID — what do I do with it?
Give us (or your admin) that Key ID; it matches the right key in your directory/portal. Then we unlock once, back up, and fix the cause.

Mac: I forgot the FileVault password and don’t have the key. Can you still help?
We can stabilise the Mac and protect hardware, but encrypted data needs the correct key/password. If you find it later, we can continue recovery.

Why did BitLocker ask for a key after a BIOS update?
The TPM/secure-boot trust changed; BitLocker wants confirmation. Enter the key, then we’ll re-seal BitLocker to the new configuration.

Should I keep encryption on?
Yes. It protects your data if a laptop is lost/stolen. Just make sure keys are escrowed and backups exist.

Will imaging void encryption?
No. We image sectors safely; when a valid key exists we work from the image to rebuild files, reducing risk to your original disk.

Bottom line: Encryption is your friend — if keys are stored sensibly. When a prompt appears, unlock once, back up, and fix what caused it. If you can’t get the key or the disk sounds unhappy, we’ll protect your data and take it from there.