Hard drives are often encrypted for security reasons, either to protect important data from unauthorized user access or for compliance reasons, such as GDPR, HIPAA, etc. However, there are several causes that explain why users may not be aware that their hard drives are encrypted until they send their media to a data recovery service lab like ATP Data Services.
Common Reasons Why Users Don’t Realize their Hard Drive is Encrypted with a Password
Default encryption settings: Many modern operating systems, like Windows (with BitLocker) or macOS (with FileVault), offer automatic encryption during setup or as part of system updates. If a user enables full disk encryption without manually configuring it, they might not realize that the feature was turned on by default.
“Transparent” encryption: Encryption happens in the background without the user’s direct interaction. For example, if encryption is done at the file system level or as part of the operating system's default security practices, users might not notice any significant changes to their workflow, other than the need to enter a password during startup or login.
Enterprise IT-managed devices: In corporate environments, IT departments may encrypt users' devices as part of their security protocols, but employees might not be informed about the encryption process.
Encryption is built in the devices: Some laptops and other devices come with hardware-level encryption (like self-encrypting drives or Trusted Platform Modules - TPM), which means that the encryption process happens transparently and without requiring the user's involvement. These devices are often marketed as "secure," but users may not realize the role encryption plays in that security.
Can an Encryption Password be Reset?
Encryption is designed to be secure, and if you don't have the correct password or recovery key, it's impossible to break through the encryption. Unfortunately, you will not be able to reset your encryption password without having the old password. Instructions can be found online about resetting the password of encrypted drives but we strongly recommend not following them because they will likely cause data corruption. This includes methods we have seen such as running CHKDSK (Check Disk Utility), using the command prompt to unlock your hard drive, running system file checker (SFC), using Startup Repair or performing a system restore.
If you suspect your company’s IT department encrypted your device, or if it's a managed device, it’s best to seek their help as they may have tools or recovery keys to unlock the drive. Some systems might allow recovery via a secondary account (e.g., an admin account).
A Failed Decryption Process Can Cause Data Corruption or Permanent Data Loss
Modern encryption algorithms use complex mathematical processes to secure data. If you're trying to reset the password and enter incorrect recovery keys or passwords, the system may fail to properly decrypt the data, leading to corruption or loss of access.
How to Prevent Data Corruption When Resetting a Password
It’s always a good idea to regularly back up important data before setting up encryption, or before attempting any password reset or recovery processes.
Make sure you securely store recovery keys, password hints, or backup passwords to prevent issues in the future.
Use password hints. Some systems provide a password hint when you enter the wrong password. Check if you can find any clues there.
Use Backup Recovery Keys (if available). Many encryption systems, such as BitLocker (Windows) or FileVault (macOS), offer recovery options that can help you access your data.
How to Find a Previously Saved Password on Your Computer
For an Apple computer:
If you are able to automatically unlock the drive without being prompted to enter a password, chances are, the password is stored in your device's Keychain. Keychain Access is an app built-in to all computers running macOS. This is where account passwords, wi-fi passwords, application certificates, and more are stored. This is a good place to find saved passwords if you ever forget them. To access Keychain Access on your computer:
Open the Applications folder
Open the Utilities folder
Open Keychain Access
There are 4 main keychains you will see:
Login: The login keychain stores any passwords, certificates (etc.) that your account needs
iCloud: The iCloud keychain is everything synced in your iCloud Keychain
System: The System keychain is where system passwords are stored
System Roots: This is where system certificates are stored
You should find the password in the "Login" Keychain. It can be found by looking in the column "Kind" and checking for "encrypted volume password". The name is usually in a format like “0674D1F3-6A2E-4358-9791-C9C3E8AB2C50” but in the entries with "encrypted volume password", open them and tap "Show password" to see the actual password.
For a computer with Windows as the Operating System (OS):
Make sure the drive is already unlocked. Open the command prompt in the admin mode and type “manage-bde -protectors x: -get” ( x: is the driveletter, “C” for example)
For detailed instructions, visit the Microsoft website at Find your BitLocker recovery key - Microsoft Support
For more storage device and data management best practices, follow our page on LinkedIn.