How to login to your computer when you forget your encryption password on Windows 10

• This article guides the steps to login when the user forgets the password on Windows 10 using Recovery Key

Diagram and implementation steps

• As the diagram we see administrator can sit anywhere to control endpoint via Sophos Endpoint Protection.
• To do this, the endpoint need to install Sophos Endpoint Protection on their computer.
• You can see installation guide Sophos Endpoint Protection here.
• In this article, we will configure Sophos Endpoint Protection on laptop Thinkpad X201 running Windows 10 OS and create Policy on Sophos Central to encrypt drive on device.
• You can see installation guide How to configure Full Disk Encryption on Windows 10 here.
• Finally we will simulate a user who forgot the password and use Recovery Key to login into the machine.

Configuring

There are two ways to get Recovery Key

1. Contact administrator

• When we forget the PIN of BitLocker and can not login into the machine we can contact administrator to get Recovery Key to login.
• To get Recovery Key, administrator need to login into Sophos Central using admin account > click Devices > click Security Heartbeat (Name of the PC is encrypted in previous manual) > Device Encryption > Retrieve Recovery Key.
• Retrieve Recovery Key pane appear, copy this code for user to user login into the machine.

After restart the machine blue pane appear, we press ESC on the keyboard to enter BitLocker Recovery and enter the code is provided by administrator.

• Press enter and so we are logged into the machine.
• After successful login Sophos Central will show you a table asking you enter a new password because you used Recovery Key to login into the machine.
• Enter new password into the blank and press Save new Pin to finish.

2. Login into User Portal to ger Recovery Key

• In addition to contacting the administrator, we can also log into Sophos Central’s User Portal page to retrieve the Recovery Key code.
• The link to the User Portal page is https://www.central.sophos.com/manage/self-service
• After logging in with an administrator account, select Device Encryption and you will see the Recovery Key.Enter the Recovery Key into BitLocker Recovery and you will successfully login to the computer.