System Preferences -> Users & Groups -> Login Options (above lock) -> Display login window as: Name and password
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Anybody else enabled FileVault?
- Thread starter konradsa
- Start date
- Sort by reaction score
System Preferences -> Users & Groups -> Login Options (above lock) -> Display login window as: Name and password
Hell, I have always had to type my user account name in during startup.
The thing that bothers me is that my account name is my real first and last name, yet I only have to type my first name in and it will work.
I understand what you are saying here in theory, but in actual practice how are you suggesting one would get into your account if the FV2 encrypted machine were simply asleep? Someone would still need the account password to get in and they won't be able to retrieve the PW from memory due to direct memory access (DMA) being blocked since 10.7.2.
I'm not trying to be argumentative, I just curious exactly how this would work.
Last edited:
I understand what you are saying here in theory, but in actual practice how are you suggesting one would get into your account if the FV2 encrypted machine were simply asleep? Someone would still need the account password to get in and they won't be able to the the PW from memory due to direct memory access (DMA) being blocked since 10.7.2.
I'm not trying to be argumentative, I just curious exactly how this would work.
In another thread you mentioned how the login password alone was easily beatable. So if the machine isn't encrypted during sleep, then can't they just get passed the login password like you mentioned?
Here is the thread: https://forums.macrumors.com/threads/1766286/
You can change this if you want, without changing anything else in your account.
No, because having FileVault on would block that method of resetting the password.
When you edited my quote you cut off the important part. My username is John Smith, yet I only have to type in John to login.
----------
Even if Filevault wasn't on at the time?
I'm just trying to understand how this works
When you edited my quote you cut off the important part. My username is John Smith, yet I only have to type in John to login.
----------
Even if Filevault wasn't on at the time?
I'm just trying to understand how this works
Firevalut is always on when enabled. But as mentioned, the data is not encrypted while at sleep. But in order to reset the password, you need to shut down the machine to access the boot screen--so the machine would need to be shut down first and of course once shut down, the data is encrypted. You can't change the firevault password this way.
Even if Filevault wasn't on at the time?
I'm just trying to understand how this works
FileVault is on all the time once enabled, but I understand you are asking once it is unlocked. It would still block that password reset method. If you notice in that process you reboot to recovery then type "resetpassword" and enter a new password. The problem is with FileVault that new password cannot be written to the main volume because it is now locked, so the password reset will not be saved to the disk.
So it's as simple as needing to reboot, which will re-lock it. Make sense! I knew there was a simple explanation I was overlooking.
I still think it would be cool to lock it when the computer goes into sleep mode, since I think most people leave their computers on nowadays and just let it sleep.
I still think it would be cool to lock it when the computer goes into sleep mode, since I think most people leave their computers on nowadays and just let it sleep.
Thanks, that works for the login (if I log out) but not during startup. When I restart my computer it still just shows my user account name and I just have to type my password to decrypt/login.
Can someone please confirm and/or clarify this? If I am understanding BasicGreatGuy's post, the password that was in place AT THE TIME of encryption is permanent and does not change if one changes the AppleID/iCloud password. Is that the case?
If so, this could prove very problematic. I know my passwords, and very likely would be able to recall what I used when I did the encryption. But I also support several family members that certainly would not remember their password months or even years back. Nor would they be able to pinpoint what their password was on a specific date.
My assumption was that the AppleID/iCloud password was the "master" that would always unlock the encrypted drive.
Why won't your family members remember the password that they use everyday to get into their computer?
Have your family members write their passwords down on a piece of paper and tuck it behind a piece of molding in the house, maybe above a door in which you need to stand on a chair to see it.
----------
I have a question about theory. It's just for curiosity's sake.
I remember a while back some guy got arrested suspicion of child porn, but his laptop was encrypted. Apparently even the FBI couldn't get thru it, so they were trying to make him give them the password, but it turned into a 5th amendment case since they said giving up his password would be self incrimination.
Anyway... Let's say in that situation the FBI found the computer while it was running and the encryption was unlocked. Would it be any easier for them to break into the computer thru the user account with the encryption unlocked than if the computer was turned off and they had to start with the encryption locked?
Again, this is just curiosity. It seems like the best way is for Apple to lock the encryption during standby/sleep. But that's just my amateur assumption.
I don't find your response on point to my question. Nor are you seemingly recognizing the concern.
It is not a simple matter of remembering (or recording) the password. If I am understanding the implementation of FileVault and the password connection, it is based on BOTH the password at the time of encryption AND does not change with changes to the Computer (and AppleID password if you have them synced).
So a person would need to have properly document the password of the machine AT THE TIME of encryption.
I personally am highly organized. I would have this information documented, stored in a safe place, and I would know where to find it if I ever needed it. However, if you support any family/friends, then you will realize that many people (if not most people), simply do not have such structure.
I challenge you...ask 5 random people what their AppleID password is...My bet...
2 of the 5 will ask you "what do you mean my Apple ID password...is that what I use when I buy an app? Wait, I think it is........ Or maybe...... I can't remember if it is a capital letter or not, but try this......".
The other 2 of the 5 will just stare at you blankly and say they don't know if they ever set one up.
1 of the 5 will know it.
So I go back to my initial question. Is the FileVault password actually "set and frozen" based on the password in use AT THE TIME of encryption or does it always sync with the users current AppleID password (which can be set/synced as the computer password)?
My response is a normal and viable solution for your issue.
Of course it is.
Someone needs to remember or write down the password that they set.
If I set a Facebook password, I need to remember that. When I go and change my Google password, I need to remember the password that I set for Facebook, because it's not going to change automatically when changing Google's password.
Most passwords aren't interlinked, and if you change one manually, you have to either change the other and remember what the other one was.
So that's why you write it down, like I said earlier. It's really that simple.
Again, like I said earlier, write the password down and store it in a secure place. Now you don't have to worry about any of this.
The FileVault password has nothing to do with the AppleID. You can make it the same password or make it a different one. Just like my IMDB password has nothing to do with my MacRumors password, unless I choose to make it the same password and change both at the same time.
Write your family's passwords down.
I use FileVault extensively on all my drives and backups. I have also studied Joe Kissels book Take Control of Filevalt , which I highly recommend. I can't give a 100% answer but I firmly believe it is set at the time of encryption and is not updated automatically if you chose to use your Apple ID password and subsequently change that.
The TC book gives a Terminal based method of changing the FileVault password so you could keep them in step. I have never tried doing it.
Thank you. I will proceed with the understanding that the FileVault password is only the same as the computer password (which MAY be the same as the iCloud password) at the time of encryption.
----------
1) I PM'd about the password maintenance issue. I don't want to get off track within the thread.
2) "Write your family's passwords down" - Possible, yet not very practical. And potentially very burdensome. I support no fewer than 10 family members and 1 very computer-unsavvy friend. I know the AppleIDs of each...until they change them and don't tell me!
3) "The FileVault password has nothing to do with the AppleID" - Actually it does. When you install Yosemite, you are prompted to activate FileVault. Also, there is a now an option to use your AppleID password as your computer password. Therefore, at least at the time of encryption, the FileVault password can in fact be your AppleID password. That was what triggered my questions about what happens if/when the AppleID password is changed.
I suppose in theory it would be easier for them, but that still leaves the question of how they would do that. DMA (direct memory access) is blocked, so I don't see how they would get in.
Hello,
I have scanned through this thread and did not see anything related to the "removability" of the SSD's/HDDs on the newer machines.
I used to encrypt drives for fear that my laptop would be stolen and the SSD removed. Now, this is no longer possible (such as in the case of a MBP from 2014).
So what does filevault actually do for me? If I have business files on my MBP can "bad people" access my files with any less difficulty whether filevault is enabled or not?
I suppose there could be some boot option that I am not aware of that would allow people to bypass a proper login to access my data without a password?
Thanks,
R
(p.s., filevault is currently activated, and generally I have no problems. But after moving to Yosemite, FileSync Free is having trouble syncing files from a PC on my network, and I have gotten some odd messages pointing to filevault - but that is for another thread.)
I have scanned through this thread and did not see anything related to the "removability" of the SSD's/HDDs on the newer machines.
I used to encrypt drives for fear that my laptop would be stolen and the SSD removed. Now, this is no longer possible (such as in the case of a MBP from 2014).
So what does filevault actually do for me? If I have business files on my MBP can "bad people" access my files with any less difficulty whether filevault is enabled or not?
I suppose there could be some boot option that I am not aware of that would allow people to bypass a proper login to access my data without a password?
Thanks,
R
(p.s., filevault is currently activated, and generally I have no problems. But after moving to Yosemite, FileSync Free is having trouble syncing files from a PC on my network, and I have gotten some odd messages pointing to filevault - but that is for another thread.)
You can easily remove the drive on the new MBP. It is just that nobody makes an aftermarket replacement yet, so you don't see it done much.
The whole idea is FV2 completely encrypts the entire drive, so if you Mac is stolen nobody is getting any of your data off of there... period.
There is no way to boot to any other mode and bypass the FV2 password. It is locked down.
If there is data on there you want to protect, having FV2 turned on is the way to go.
Anybody else enabled FileVault?
Without FileVault enabled, it's trivial for anyone with physical access to your machine to access all your data. They could remove the SSD, which is actually easy on any of Apple's current machines, but an even easier way would be to boot into the recovery partition and just change the password. - yes, you can reset user passwords just by running a command from the Terminal from an OS install disc or flash drive, or directly from the recovery partition (http://coolestguidesontheplanet.com/reset-forgotten-admin-password-mac-osx/)
If I stole your system, I could be looking at your files within 5 minutes. With FileVault enabled, I'd never be able to access them.
Without FileVault enabled, it's trivial for anyone with physical access to your machine to access all your data. They could remove the SSD, which is actually easy on any of Apple's current machines, but an even easier way would be to boot into the recovery partition and just change the password. - yes, you can reset user passwords just by running a command from the Terminal from an OS install disc or flash drive, or directly from the recovery partition (http://coolestguidesontheplanet.com/reset-forgotten-admin-password-mac-osx/)
If I stole your system, I could be looking at your files within 5 minutes. With FileVault enabled, I'd never be able to access them.
Thanks guys...
Filevault has been enabled all along. I "fixed" my problem by going from Mac to PC, rather than from PC to Mac with File Sync Free.
I am not sure if it is the app or something in the network communications from the PC...
Either way, I am good and still secure.
Now I suppose I need to decide if forcing the password out of RAM during screen saver or sleep is necessary.
R
Filevault has been enabled all along. I "fixed" my problem by going from Mac to PC, rather than from PC to Mac with File Sync Free.
I am not sure if it is the app or something in the network communications from the PC...
Either way, I am good and still secure.
Now I suppose I need to decide if forcing the password out of RAM during screen saver or sleep is necessary.
R