"PLEASE ENTER YOUR BITLOCKER RECOVERY KEY"

Where is it?

A) Uploaded to microsoft

B) Somewhere in EntraID?

C) Somewhere in our onprem AD?

D) Written down on a scrap of paper when I set up the laptop

the fact that they never ask for the passphrase is a weakness of the system. Because now you have an extremely difficult situation as soon as you're off the happy path.

It's also like 64 characters alphanumeric with no capability to copy/paste.

Compare it to Vera/Filevault where the access key is the users passphrase. In MacOS it's literally your account password, which follows along with your in-OS account credentials.

That happens with Veracrypt as well. I have plenty of friends and family who can't remember their WiFi password without remembering where it was written down, and they use that far more often than an encryption recovery code.

In fleets users wouldn't even be setting up their own code.

I've installed Windows thousands of times on dozens, probably hundreds of systems - long ago I even worked on the Windows team and was installing it every day - and in the last 20 years (yes, I ran Vista Ultimate in 2006) I've had to deal with Bitlocker recovery prompts perhaps 20 times - not 20 times per machine, 20 times across all of them.

Or nowhere you know at all if you're a non-technical user who was on a local account Win 11 setup who was tricked by microsoft dark pattern pop-ups getting you to go to "online accounts" which automatically and silently encrypts your drives in the background and then tells you to go to to some shady domain called aka.ms (with another computer, since yours is now locked on a bluescreen and unusable). Basically a typical ransomware message. In truth in this case it's #1 (uploaded to Microsoft) but the non-technical user doesn't know that. Even I thought aka.ms screen was ransomware when my parent called me saying their computer had a "virus".