Windows Bitlocker and automatic unlock password storage safety
I see you've also posted the same query here and here, and have already received some sort of standard response. Anyway, it's an interesting question and here's what I found. As the BitLocker Drive Encryption in Windows 7: Frequently Asked Questions page states,
Automatic unlocking for fixed data drives requires that the operating system drive also be protected by BitLocker. If you are using a computer that does not have a BitLocker-protected operating system drive, the drive cannot be automatically unlocked.
Of course, this does not apply to you as you are using BitLocker To Go to encrypt removable data drives. For you, the following is relevant:
In Windows 7, you can unlock removable data drives by using a password or a smart card. After you've started encryption, the drive can also be automatically unlocked on a specific computer for a specific user account. System administrators can configure which options are available for users, as well as password complexity and minimum length requirements.
Also,
For removable data drives, you can add automatic unlocking by right-clicking the drive in Windows Explorer and clicking Manage BitLocker. You will still be able to use the password or smart card credentials you supplied when you turned on BitLocker to unlock the removable drive on other computers.
and
Removable data drives can be set to automatically unlock on a computer running Windows 7 after the password or smart card is initially used to unlock the drive. However, removable data drives must always have either a password or smart card unlock method in addition to the automatic unlock method.
So now we know how automatic unlocking can be configured for removable data drives, and how such drives can be unlocked on other PCs as well. But what are the keys BitLocker uses, and where are they stored? As the BitLocker Keys section of the Keys to Protecting Data with BitLocker Drive Encryption article states:
The [volume's] sectors themselves are encrypted using a key called the Full-Volume Encryption Key (FVEK). The FVEK, though, is not used by or accessible to users. The FVEK is in turn encrypted with a key called the Volume Master Key (VMK). This level of abstraction gives some unique benefits, but can make the process a bit more difficult to understand. The FVEK is kept as a closely guarded secret because, if it were to be compromised, all of the sectors would need to be re-encrypted. Since that would be a time-consuming operation, it’s one you want to avoid. Instead, the system works with the VMK. The FVEK (encrypted with the VMK) is stored on the disk itself, as part of the volume metadata. Although the FVEK is stored locally, it is never written to disk unencrypted. The VMK is also encrypted, or "protected," but by one or more possible key protectors. The default key protector is the TPM.
So the VMK is again encrypted by one or more key protectors. These can be the TPM, a password, a key file, a data recovery agent certificate, a smart card etc. Now when you choose to enable automatic unlocking for a removable data drive, the following auto-unlock registry key is created:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\FveAutoUnlock
Next yet another key protector of type "External Key" is created and stored at that registry location as:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\FveAutoUnlock\{GUID}
The key and metadata to be stored in the registry are encrypted using the CryptProtectData() DPAPI function using the current user's login credentials and Triple DES (OTOH the actual data on the encrypted volume is protected with either 128-bit or 256-bit AES and optionally diffused using an algorithm called Elephant).
The external key can only be used with the current user account and machine. If you switch to another user account or machine, the FveAutoUnlock GUID values are different.