I want to encrypt my hard drive using BitLocker, but it requires me to create a recovery key. Now, I understand why this is important, as there may be cases where my password alone can't unlock the drive, such as if the user profile gets corrupted. The problem is that if a determined thief gets my hard drive, then they might be able to get my recovery key as well, assuming I actually keep it in my house, on my person, or anywhere remotely connected to me. Of course, if my password is STILL required to unlock the drive, then the thief can't access my data. However, if the recovery key ALONE can unlock the drive, then there's absolutely nothing to stop the thief from accessing my data. It would be like a burglar entering somebody's house using a key from underneath a potted plant.
What am I missing? How do ensure, on the one hand, that I won't ever be locked out of my data so long as I remember my password, and on the other hand, that I'm not creating something that a thief could use to bypass my password.
Note: I'm not using TPM.