Self-serve recovery if you forget your PIN (Windows 7)

Process to retrieve Windows BitLocker Drive Encryption Recovery Key in your Windows 7 machine after you have forgotten your BitLocker PIN.

Note: This procedure applies to Windows 7 computers only.

Before you start

You will require the following before starting the recovery process:

  • A second internet-connected device to access the Sophos BitLocker Self-Serve portal (computer, web-enabled cell phone or tablet).
  • Enrollment in the Sophos Self-Serve program (you would have received a registration link when your computer was originally encrypted)
  • On a Windows 7 machine, you may not have permissions to change your PIN. If you are not prompted for a new PIN, follow the Change your encryption PIN on a Windows 7 computer procedure. If you do not set a new PIN, you will be required to follow this procedure every time you start your computer.


Regain access to your computer using the Self-Serve Recovery Console

  1. Shut down your computer.

  2. Turn it back on. The BitLocker logon screen appears.
    Bitlocker logon screen


  3. Press the Esc key while in the BitLocker logon screen.
  4. On the BitLocker recovery screen, find the Recovery Key ID.
  5. Using your second device, visit the Sophos Self-Recovery Portal. Login using your username ( email address) and Sophos password. If you have forgotten this password, enter your email address and click on the Forgot Password? link. An email will be sent to your address with a recovery link to reset your password.
    Sophos self-recovery portal login screen


  6. Click on the Retrieve link.
    Sophos Device Encryption screen


  7. A new window will display the recovery key.
    Retrieve Recovery Key screen


  8. In the Bitlocker recovery screen on your main computer, carefully enter the 48-digit recovery key displayed on your secondary device and then press the Enter key.
    Windows Bitlocker Drive Encryption Recovery Key Entry screen


  9. Once the recovery key is entered successfully, your computer will be unlocked and you will be prompted to login to Windows.
  10. Once you have logged in, contact the Service Desk (613-562-5800 ext. 6555) with the following information:
    1. identify that your computer that is encrypted
    2. using Windows 7
    3. forgot your PIN/wish to change your PIN.
    A Deskside analyst will be dispatched to your office to assist in setting a new PIN for your workstation. You will be able to use your computer normally until you shut down the computer.

    You will have to repeat the entire procedure if you shut down your computer before being visited by a Deskside analyst to set a new PIN.
Back to top