Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

"Allow my iCloud account to unlock my disk" and "Allow Apple ID reset user password"

h.gilbert

h.gilbert

macrumors 6502a
Original poster
Nov 17, 2022
718
1,263
Bordeaux
What's the relationship between these two options, I'm confused. One is for allowing to login via Apple ID, and the other is allowing to decrypt via AppleID. However, by allowing Apple ID to reset user password doesn't that therefore by extension allow you to enter the computer and therefore basically decrypt and gain access to all the files? And the other way around, if you don't allow Apple ID to reset the password and fail to log in, I assume there is a way to remotely gain access to the files if you have iCloud decryption enabled?

I don't know what to select for both options. At the moment I have disallow Apple ID to reset password, but allow iCloud to unlock disk.
 
I

iStorm

macrumors 68020
Sep 18, 2012
2,035
2,442
"Allow my iCloud account to unlock my disk" applies to FileVault, which uses your account password to unlock the disk in order to keep things simple. When FileVault is on, the initial login screen you see after a restart or shutdown is essentially a FileVault login screen to unlock the disk even though it looks like macOS.

When you turn on FileVault, you're given two options:
  1. Store the key in your iCloud account (and let you reset your account password by using your Apple ID).
  2. Do not store the key in your iCloud account (take a picture of it, write it down, etc.)
If FileVault is turned on and you forget your account password:
  • #1 will let you log into your Apple ID/iCloud account to retrieve the recovery key, and then let you reset your password. An internet connection is required. This is only to retrieve the key so you can unlock the disk again. It does not let you remotely gain access to the files.
  • For #2, you would have to enter in the key yourself to unlock the disk, and then proceed with the password reset procedure.
As for "Allow user to reset password using Apple ID", Apple says this option isn't available if FileVault is turned on and set to allow the user to reset their password at startup using their Apple ID. I'm using Ventura and this option is showing up for me even though I have FileVault turned on and have my key stored in iCloud. I think it may be a bug, or things have changed. Regardless, I noticed I'm presented this method to reset my password after the disk has already been unlocked and is on the switch user screen. (i.e. I logged in and logged out, which would have unlocked the disk; but did not restart or shutdown to lock the disk again.)
 
h.gilbert

h.gilbert

macrumors 6502a
Original poster
Nov 17, 2022
718
1,263
Bordeaux
iStorm said:
"Allow my iCloud account to unlock my disk" applies to FileVault, which uses your account password to unlock the disk in order to keep things simple. When FileVault is on, the initial login screen you see after a restart or shutdown is essentially a FileVault login screen to unlock the disk even though it looks like macOS.

When you turn on FileVault, you're given two options:
  1. Store the key in your iCloud account (and let you reset your account password by using your Apple ID).
  2. Do not store the key in your iCloud account (take a picture of it, write it down, etc.)
If FileVault is turned on and you forget your account password:
  • #1 will let you log into your Apple ID/iCloud account to retrieve the recovery key, and then let you reset your password. An internet connection is required. This is only to retrieve the key so you can unlock the disk again. It does not let you remotely gain access to the files.
  • For #2, you would have to enter in the key yourself to unlock the disk, and then proceed with the password reset procedure.
As for "Allow user to reset password using Apple ID", Apple says this option isn't available if FileVault is turned on and set to allow the user to reset their password at startup using their Apple ID. I'm using Ventura and this option is showing up for me even though I have FileVault turned on and have my key stored in iCloud. I think it may be a bug, or things have changed. Regardless, I noticed I'm presented this method to reset my password after the disk has already been unlocked and is on the switch user screen. (i.e. I logged in and logged out, which would have unlocked the disk; but did not restart or shutdown to lock the disk again.)
Click to expand...

Thanks 🙏🙏🙏

makes sense now
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom