Bitlocker Security Questions

hsehestedt · Saturday at 8:15 AM

Did some research and now I remember: When you setup auto unlock for a drive this creates a .bek file on the C: drive. This is why BitLocker is required on the OS drive to enable auto unlock - because these .bek files need to be protected.

TraderGary · Saturday at 8:33 AM

hsehestedt said:
Did some research and now I remember: When you setup auto unlock for a drive this creates a .bek file on the C: drive. This is why BitLocker is required on the OS drive to enable auto unlock - because these .bek files need to be protected.

I just started a File Explorer search on my C: drive for *.bek.

TraderGary · Saturday at 8:36 AM

TraderGary said:
I just started a File Explorer search on my C: drive for *.bek.

No items match my search.

hsehestedt · Saturday at 9:07 AM

LOL, I was doing the exact thing here. On a couple of different machines. No luck either. I wonder if they are "super hidden" files or if the system does something special with them.

Time for more research.

kelper · Saturday at 9:20 AM

My friend ChatGPT says,

Key Facts About .BEK Files

Purpose – It contains a startup key required to unlock a BitLocker-protected volume automatically during boot.
Location – Usually stored on a USB drive (e.g., X:\RecoveryKey.bek).
Format – The contents are binary and not human-readable, unlike .TXT BitLocker recovery keys, which store the key in a readable format.
Usage – Needed when using BitLocker with pre-boot authentication in environments where TPM is not used or requires additional authentication.
Security – If lost, access to the encrypted drive could be difficult without an alternative recovery method.

BitLocker can store the key in the TPM chip itself, and it won't need a USB key for auto-unlock. You can also use a PIN in addition to TPM for extra security. In this case, the key is stored within the TPM, and no external USB is required for auto-unlock.

hsehestedt · Saturday at 9:31 AM

So, I'm

kelper said:
My friend ChatGPT says,

Key Facts About .BEK Files

Purpose – It contains a startup key required to unlock a BitLocker-protected volume automatically during boot.

Location – Usually stored on a USB drive (e.g., X:\RecoveryKey.bek).

Format – The contents are binary and not human-readable, unlike .TXT BitLocker recovery keys, which store the key in a readable format.

Usage – Needed when using BitLocker with pre-boot authentication in environments where TPM is not used or requires additional authentication.

Security – If lost, access to the encrypted drive could be difficult without an alternative recovery method.

BitLocker can store the key in the TPM chip itself, and it won't need a USB key for auto-unlock. You can also use a PIN in addition to TPM for extra security. In this case, the key is stored within the TPM, and no external USB is required for auto-unlock.

Interesting. Yes, I'm seeing conflicting info saying that it is stored on the C: drive which makes more sense to me. First, that would be the reason that auto unlock only works on a system where C: is protected by BitLocker. Also, if you take a portable drive, thumb drive, etc. to another machine it will not auto unlock unless you enable it on that machine. That would indicate to me that it is not getting it from the portable drive.

Also, even without your portable device connected, you can issue a manage-bde command that will delete ALL auto unlock entries for all devices. Again, this would indicate that it is stored locally.

Finally, I tried to find the .BEK file(s) using powershell and while I didn't find it, this gives me a hint:

The point here is that there are places that a user, even an admin, clearly does not have access to.

But maybe with a TPM the TPM itself stores that info? I'm not sure.

The weird part of this is that I have a vague recollection of actually seeing .BEK files in the past. My recollection is that it looks almost exactly like the text file that you save if you save your BitLocker recovery key to a text file. But it has been been so long that I may be hallucinating even more than Copilot which is giving me nonsensical answers to this question.

kelper · Saturday at 9:42 AM

The bek could be stored on a network drive or Active Directory?

hsehestedt · Saturday at 9:47 AM

Here is some interesting info although it still doesn't ultimately answer the question fully:

Find BitLocker Bek File and Unlock BitLocker with Bek File

hsehestedt · Saturday at 9:59 AM

Okay, so clearly there does exist a .BEK file, but I just cannot find it. Here is info for my Z: drive. Note that it does indeed reference a .BEK file...

TraderGary · Saturday at 10:21 AM

From Copilot:

A .BEK file is a BitLocker recovery key file used by Microsoft's BitLocker Drive Encryption. When BitLocker encrypts a drive, it generates a recovery key to help users regain access to their encrypted data if they forget their password or if the system detects potential security risks1. The .BEK file is a binary file that contains this critical recovery information.

It's typically created when BitLocker is initially set up and can be saved to a USB drive or another location. If you ever need to unlock your BitLocker-protected drive and can't remember your password, you can use the .BEK file to regain access.

hsehestedt · Saturday at 10:24 AM

Yeah, but where does it save this for the support of auto unlock?

I guess it is not strictly necessary to know where it is - you can pull the needed info by running manage-bde or by saving the info yourself, but it's just one of those things that irritates me

andrew129260 · Saturday at 1:03 PM

user1010 said:
Don't know if it's possible anymore but with earlier windows, the local admin password could easily get reseted with linux software.

it's still very easy in multiple ways to reset a local account password. Thankfully, as far as I know, any microsoft account set for a pc does not have this security issue.

kelper · Saturday at 1:17 PM

I have an app that can convert any MS account to a local account and then reset the password. I won't name it as it might be deemed a hack and I wish to respect forum rules.

andrew129260 · Saturday at 1:22 PM

kelper said:
I have an app that can convert any MS account to a local account and then reset the password. I won't name it as it might be deemed a hack and I wish to respect forum rules.

huh. I will have to look into this then. As far as I knew, microsoft accounts were safe from offline/preboot bypassing.

hsehestedt · Saturday at 2:00 PM

kelper said:
I have an app that can convert any MS account to a local account and then reset the password. I won't name it as it might be deemed a hack and I wish to respect forum rules.

I am not going to ask the name of this app because I do not wish to get into trouble, but just out of curiosity, so that I know how paranoid I should be

, do you know if this app will work if Secure Boot is enabled and does it require that you be logged into Windows to use it?

andrew129260 · Saturday at 3:05 PM

hsehestedt said:
I am not going to ask the name of this app because I do not wish to get into trouble, but just out of curiosity, so that I know how paranoid I should be , do you know if this app will work if Secure Boot is enabled and does it require that you be logged into Windows to use it?

Yup looks like it. It converts the microsoft account to a standard account, which then allows the traditional bypass methods to work.

I am going to try it myself soon and see what happens.

At least its not free. I will see if I can find a free method online.

newmann · Saturday at 10:00 PM

TraderGary, do you have on your laptop 24/7 or you power it off at night?

If you are going to be away from your laptop for a short while... say you going to go to the grocery store for a bit and coming back. Do you power off your laptop or do you just lock it? By lock it, I mean control alt delete and lock so only way to get in laptop is type in your windows 11 password? You said you don't use that but some biometrics windows password?

The way I have it set up where if you power off laptop and then power it on... you have to enter the bitlocker pin in order to get in. Then you have to type in the windows 11 pro password in order to get to laptop. Then if I'm away from laptop for a short while or a while but want laptop on, I lock it. Is that fine for security? I literally leave my laptop on 24/7 and lock it with my 2 external monitors connected and it's plugged in all the time. Thoughts on that? Do you have laptop plugged in always or you use it in other places and thus on laptop battery often? I use my laptop as a desktop replacement basically.

Can others here confirm my laptop is secure as long as it's powered off or on the lock screen? When it's off, you need the bitlocker pin and windows 11 pro password to access laptop. If it's on locked screen, you need the windows 11 pro password. Now if you have the bitlocker recovery key, then obviously that would work but I don't have that lying around near my computer.

Thoughts on this? Previously I would just power off my laptop whenever I even go outside for a short bit before coming back but I find this very annoying have to power it on and open all my programs everytime. This is with bitlocker on of course. Can others confirm this is fine?

Now if someone was to connect a USB flash drive to my laptop USB port while it's powered off and they power it on but on the e bitlocker pin screen or if it's on the windows locked screen, they can't get any virus into my laptop right since it's locked? Or are the USB ports unsafe you do something to the setting? Imagine going to a coffeeshop and then being away for a minute and you lock it and someone plugs in USB flash drive with malware on it for a minute. Would that do anything or not since it's locked?

TraderGary · 2025-02-09T01:14:58-0500

newmann said:
TraderGary, do you have on your laptop 24/7 or you power it off at night?

I seldom ever power off. All I ever do is close the lid. That's security enough for me as when the lid is opened again Windows Hello looks for my biometric Face ID. If a valid face ID isn't presented, then a PIN is required. My PIN is a 16-digit passphrase and is secure.

newmann said:
If you are going to be away from your laptop for a short while... say you going to go to the grocery store for a bit and coming back. Do you power off your laptop or do you just lock it? By lock it, I mean control alt delete and lock so only way to get in laptop is type in your windows 11 password? You said you don't use that but some biometrics windows password?

Just closing the lid is enough security for me. When the lid is opened again, I want to be instantly recognized and I'm right where I left off.

newmann said:
The way I have it set up where if you power off laptop and then power it on... you have to enter the bitlocker pin in order to get in. Then you have to type in the windows 11 pro password in order to get to laptop. Then if I'm away from laptop for a short while or a while but want laptop on, I lock it. Is that fine for security? I literally leave my laptop on 24/7 and lock it with my 2 external monitors connected and it's plugged in all the time. Thoughts on that? Do you have laptop plugged in always or you use it in other places and thus on laptop battery often? I use my laptop as a desktop replacement basically.

When I open the lid of my computer, I want it to instantly recognize me and I'm ready for work again, exactly where I left off. I don't want to be bothered with needlessly having to type in two passwords in a row. If you like to do that, knock yourself out.

newmann said:
Can others here confirm my laptop is secure as long as it's powered off or on the lock screen? When it's off, you need the bitlocker pin and windows 11 pro password to access laptop. If it's on locked screen, you need the windows 11 pro password. Now if you have the bitlocker recovery key, then obviously that would work but I don't have that lying around near my computer.

Thoughts on this? Previously I would just power off my laptop whenever I even go outside for a short bit before coming back but I find this very annoying have to power it on and open all my programs everytime. This is with bitlocker on of course. Can others confirm this is fine?

Now if someone was to connect a USB flash drive to my laptop USB port while it's powered off and they power it on but on the e bitlocker pin screen or if it's on the windows locked screen, they can't get any virus into my laptop right since it's locked? Or are the USB ports unsafe you do something to the setting? Imagine going to a coffeeshop and then being away for a minute and you lock it and someone plugs in USB flash drive with malware on it for a minute. Would that do anything or not since it's locked?.

I often go to the bookstore or coffee shop. When I do, my laptop is in my backpack. I absolutely NEVER leave my laptop unattended. If I need the concession area or restroom, my laptop goes back in my backpack and goes with me. Your USB flash drive concern could never happen to me.

kelper · 2025-02-09T03:26:31-0500

hsehestedt said:
I am not going to ask the name of this app because I do not wish to get into trouble, but just out of curiosity, so that I know how paranoid I should be , do you know if this app will work if Secure Boot is enabled and does it require that you be logged into Windows to use it?

Secure Boot does not affect it. You boot it from a USB, so, no, you don't need to be logged in.

Bitlocker Security Questions

Well-known member

My Computers

Stock Market Wizard

My Computer

Stock Market Wizard

My Computer

Well-known member

My Computers

Well-known member

Key Facts About .BEK Files​

My Computers

Well-known member

Key Facts About .BEK Files​

My Computers

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Stock Market Wizard

My Computer

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computer

Stock Market Wizard

My Computer

Well-known member

My Computers

Similar threads

Key Facts About .BEK Files

Key Facts About .BEK Files