What you can do if you forget your password on a FileVault-protected Mac

Glenn Fleishman
9 March, 2017
View more articles fromthe author
AAA
Help

Several readers have asked recently about what to do with systems they’ve purchased, inherited, or were given to them that were protected by FileVault and the original owner can’t recall or provide the password.

FileVault 2, os x, security, macworld australiaFileVault protects in two parts: You know the first, which is that while a Mac is at rest (that is, powered down), its startup drive remains strongly encrypted, so even if the data is extracted, it’s unusable to another party.

But it also protects the startup process. Because the disk is encrypted, macOS can’t boot into your main system on the startup volume. Instead, it boots a special part of the Recovery Disk, a partition you normally use for emergencies. That boot process presents a login screen that looks similar to the main macOS login, but only contains accounts that have FileVault-access enabled.

Behind the scenes, after you enter the password correctly for one of those accounts, macOS decrypts the volume encryption key and passes the boot to the startup partition along with the affirmation that you’ve logged in correctly.

You can recover a lost FileVault password or erase a FileVault drive, losing everything but regaining the ability to use the system.

(Now if I were suspicious, I’d wonder if the emails I’ve received were from people who had obtained systems illegitimately, and were trying to crack into them or reformat a system that they’d potentially obtained through another party who might not have had full authority to give it to them. However, each email I’ve received sounded fully plausible, and most had personal details attached.)

If you don’t have a valid password, you can try to recover one. Apple has full instructions at the bottom of this page, but it requires that you either cached your password in iCloud—which doesn’t work for another party who doesn’t have access to your account—or the person who enabled FileVault created a recovery key that they can provide to you. (Rich Trouton wrote up an extensive blog entry on the recovery process in 2015 that remains valuable.)

Erase via Recovery. Hold down Command-R at startup (Option by itself won’t work on a FileVault-protected Mac), and then erase the FileVault partition using Disk Utility, and then reinstall macOS. This may not always work, in which case you have two other options.

Erase via another startup drive. FileVault protects the startup drive from access, but you can hold down Option at startup and select other attached drives’ volumes that have valid macOS (or OS X) startup partitions. Boot from one of those, and you simply wipe the FileVault drive. You’ll need to reinstall macOS entirely on that drive to wipe out the Recovery Disk settings.

Use Internet Recovery. At startup, hold down Command-Option-R, and you can select Reinstall macOS. This retrieves macOS over the Internet, which can take a while if you have a slow connection.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us