Last July I set up a bitlocker-encrypted 12 TB Seagate Ironwolf Pro drive in a Sabrent enclosure as an offsite backup to be left in my office at work. I own two other identical drives at home, and they have been flawless over the years.
Anyway, I take files out to my work office on a flash drive periodically to add to the HDD. I have used bitlocker encryption for years and have never had a problem, until now.
Upon starting up the drive (sits quietly, unconnected in my desk drawer most of the time) this Monday, it demanded the 48 digit key instead of my password. Every time I have connected this drive, or any of my other bitlocker-encrypted drives, it ALWAYS asks for the password, which I have memorized. I had to dig out the 48 digit code, and it does not work!
I had the IT guy at work come over and have a look. We hooked it up to his laptop, and same result. I took it over to a lab I use to try the PC there. Same result. I thought maaaaybe there is some issue with a new security feature at work. I tried the drive on my home deskop (Win 11 PRO), and same result.
My local PC tech told me to log on to my Microslop account to see whether I can find it, but NONE of my keys set up with bitlocker over they years are there. I was then advised to “chat” with Microslop. Sounds like fun~
Has anyone ever encountered anything like this before?
What can cause the system to demand the key instead of the password all of a sudden?
Is bitlocker not a recommended method for encrypting an HDD?
Does chatting with Microslop have any chance of working?
I’ve had bitlocker go wrong like twice on work laptops. I guess the good thing is that it was enterprise, so they had copies of the encryption keys. I think by default MS will backup your encryption keys.
Is it possible the drive was damaged? Some how near a magnet? You do need to plug in drives every so often or they can start to loose information. How long since the last time you plugged it in?
I don’t work with bitlocker so I’m not sure how you’d go about troubleshooting it.
If you still have other backups and still have all the data from that drive, e.g. you were not trying to recover some data off that drive, then you’re in luck, and it might be easier to just reformat (if there seems to be nothing wrong with the drive) or just replace it (if there is something wrong with the drive).
Third, if you recently updated your BIOS, changed TPM settings, or replaced hardware like the motherboard, BitLocker may reject the key due to a mismatch in system integrity. In that case, you can try resetting TPM and Secure Boot in BIOS. Restart your device, enter BIOS (usually by pressing F2 or DEL), then look for TPM settings and choose Clear or Reset. Also make sure Secure Boot is enabled.
Next, if you’re stuck and can’t unlock the drive, you can try using the BitLocker repair tool. Open Command Prompt as administrator and run:
repair-bde C: X: -rp [your recovery key]
Replace C: with the locked drive and X: with an empty drive where recovered data can be saved. This won’t unlock the original drive but may help you recover your files.
I suppose I do not fire this drive up as frequently as I should. My external HDD at home (same exact drive/enclosure) is fired up at least once a month for backup. I believe that it is better to have such a backup off and disconnected most of the time, both for reducing exposure to viruses/malware, etc., and also for reduced wear and tear. In any case, the office drive was last turned on in November–too long ago I guess!
When the tech and I looked at it, Format was an option, which is surprising (and alarming) given that it is encrypted! Hopefully at very least the drive is salvageable, even if I have to transfer everything over again.
Disks are generally magnetic and will start to loose their “charge” (over simplification) if they’re not powered on every so often.
I feel like that’s not that long, but there are a lot of unknown factors. When I was rotating a disk offsite, I tried to do it every two weeks to a month.
I think this is even more critical for SSDs, which apparently lose their charge much quicker.
At least I read recommendations to not use external SSDs for backup due to this.
I think for HDD this means you need to actually read the data periodically too (or would you need to write it again? It is not a SSD…). Just plugging in the HDD will IMHO not change (or “charge”) anything.
However, as far as I know, the magnetization should last years before bit flips may occur.
No, it isn’t. At least I would not recommend it, it is a proprietary solution, and as you found, once you are locked out you have no way to recover.
I would recommend
an open, encrypted, incremental, deduplicating tool like borgbackup or restic, preferably both,
with at least one backup on a dedicated provider like BorgBase (despite their name, they also handle restic),
with at least one backup append-only (because of malware etc).
Backing up to a hard disk is usually the worst solution, it is not automated (which means people back up much less frequently than they should — which is around every 15/30 minutes for most people), is prone to hardware failure, etc.
Just to clarify, Vorta is a front-end for borgbackup, for which BorgBase is a provider. While they are great (I use them for my backups), you are not tied to one provider, you can use another one, your own server, etc. Vorta can be used for all. Though I would personally prefer borgmatic, which is very simple.