How to create your own USB startup key from scratch on Windows 11
Did you know you can use just about any USB drive as a “startup key” on Windows 11? When you enable BitLocker on newer PCs, Windows automatically unlocks your system drive every time you start up your computer using Trusted Platform Module (TPM).
The ability to add an extra level of security with the convenience with using a USB startup key on a BitLocker enabled PC is indispensable. It effectively adds two-factor authentication to BitLocker encryption. Now, your PC won’t even start without the USB startup key inserted for your drive to be decrypted and Windows to start.
It is important to point out the difference between a USB startup key and a USB security key. A USB security key, like the Yubikey 5 Series from Yubico, offer FIDO2 (Fast Online Identification) authentication, which is also offered by Microsoft’s Windows Hello.
A USB startup key prevents a PC from booting into Windows on a BitLocker-enabled drive unless the startup key is present. It’s not quite the same level of protection, but still more secure than just a password, for example.
In this guide, we will show you how to create one from scratch on Windows 11.
