Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

oberrz

macrumors newbie
Original poster
Apr 27, 2018
9
3
I've installed Mac OS X High Sierra 10.13.4 on my MacBook Pro from the USB flash.
While I installed the OS I chose APFS Encrypted file system on my entire SSD.
Now I have my disk Encrypted (1.png)
1.png
and my FileVault was Enabled automatically after installation (2.png)
2.png
Now when I reboot the MacBook I have two option to logon: (3.jpg)
3.jpg

1) My User account "Alex":
When I type the password for myself user I just login as usual.
2) Second "Disk password":
When I choose "Disk password" I type the password that I chose for Disk encryption.
After 30 sec downloading that option of Disk password just despair and I have just one option (1) "Alex" >
I just put password for my account and login.

There is no differences how did I logged in.

The question is what the difference between these two login option?
Also why am I actually able to login without entering disk password (1 option).

Thanks.
 
I've installed Mac OS X High Sierra 10.13.4 on my MacBook Pro from the USB flash.
While I installed the OS I chose APFS Encrypted file system on my entire SSD.
Now I have my disk Encrypted (1.png)
View attachment 759865
and my FileVault was Enabled automatically after installation (2.png)
View attachment 759866
Now when I reboot the MacBook I have two option to logon: (3.jpg)
View attachment 759868

1) My User account "Alex":
When I type the password for myself user I just login as usual.
2) Second "Disk password":
When I choose "Disk password" I type the password that I chose for Disk encryption.
After 30 sec downloading that option of Disk password just despair and I have just one option (1) "Alex" >
I just put password for my account and login.

There is no differences how did I logged in.

The question is what the difference between these two login option?
Also why am I actually able to login without entering disk password (1 option).

Thanks.

No user login can occur until the encrypted disk is unlocked. It can be unlocked with an authorized user credentials or a non-user specific encrypted disk password. (Not all users have to be authorized to unlock the disk, but typically the first user/admin account created will.)

Option 1: Your password for account "Alex" also unlocks the encrypted disk. So two things happen when login as Alex, the disk is unlocked and then your login credentials are passed to the OS to log you into your user account.

Option 2: A disk specific password is used to unlock the encrypted disk. At that point no users credentials have been entered so the OS displays available accounts for you to log into. The disk is now unlocked for any user account or guest to log into the OS.

That disk unlock option only appears if you've encrypted the disk during OS install. Otherwise, encrypting the disk AFTER install using the Filevault utility prevents that disk-only unlock option from appearing after boot up.
 
  • Like
Reactions: Mike Boreham
No user login can occur until the encrypted disk is unlocked. It can be unlocked with an authorized user credentials or a non-user specific encrypted disk password. (Not all users have to be authorized to unlock the disk, but typically the first user/admin account created will.)

Option 1: Your password for account "Alex" also unlocks the encrypted disk. So two things happen when login as Alex, the disk is unlocked and then your login credentials are passed to the OS to log you into your user account.

Option 2: A disk specific password is used to unlock the encrypted disk. At that point no users credentials have been entered so the OS displays available accounts for you to log into. The disk is now unlocked for any user account or guest to log into the OS.

That disk unlock option only appears if you've encrypted the disk during OS install. Otherwise, encrypting the disk AFTER install using the Filevault utility prevents that disk-only unlock option from appearing after boot up.

Is it safe to remove this "user"?

If yes, how?
 
Is it safe to remove this "user"?

If yes, how?
If that's your user account (the admin account), and the only account on your Mac, then --- no, you can't remove the only admin account. That's YOUR user account.
If you have a second account: for example, an account that you added to your system, and you have two (or more) accounts listed in your Users & Groups pref pane, then the answer is Yes, you can always remove an account that you don't want to keep. Remove it be deleting it from your Users & Groups pref pane. That account would be listed under "Other Users"
Unlock that pane, then select the account that you want to delete. Press the (-) at the bottom of that list. You will then see a response window with some choices about deleting that account, along with a "cancel" button to use if you don't want to make a mistake :cool:
 
If that's your user account (the admin account), and the only account on your Mac, then --- no, you can't remove the only admin account. That's YOUR user account.
If you have a second account: for example, an account that you added to your system, and you have two (or more) accounts listed in your Users & Groups pref pane, then the answer is Yes, you can always remove an account that you don't want to keep. Remove it be deleting it from your Users & Groups pref pane. That account would be listed under "Other Users"
Unlock that pane, then select the account that you want to delete. Press the (-) at the bottom of that list. You will then see a response window with some choices about deleting that account, along with a "cancel" button to use if you don't want to make a mistake :cool:

Thanks, DeltaMac! But by "user" I was referring to the "fake" "Disk Password" user.
 
That's not an account. It's your login to unlock your FileVault drive.
If you don't need that extra layer of security, turn off File Vault:
System Preferences/Security & Privacy pane.
Click File Vault, then click Turn Off File Vault.
 
I get that it's not an account and I like the extra level of security, but I don't like that thing floating over there never being used again. Do you know how to disable or remove it?
 
It's part of File Vault.
It's also something that you do, in fact, use, but it is NOT a user account.
As I said, it's provided by File Vault, and is used for that purpose. It's not really "a thing floating over there never being used"
You do use it, every time you log in to unlock the drive.
You can remove it by turning off File Vault.

I found out that you get the "Disk Password" user when you do a format/install of macOS, and File Vault is enabled by default. It is there because there was no admin account yet, at the time the system was first installed.
I THINK you can remove that account icon by turning off File Vault, then turning File Vault back on. File Vault would then only unlock from your primary user, and doesn't appear on the opening Login screen.
Here's an Apple Discussion thread, which also shows a terminal command that you can use to remove the Disk Password from the login screen.
It's possible that you may need to turn off SIP to successfully do that change, but you could try the command first to see if that works while SIP is still enabled. Otherwise, you might need to disable SIP to complete that little login mod.
You should re-enable SIP after you are successful with removing the Disk Password user.
 
Is it safe to remove this "user"?

If yes, how?

Yes. But you've got to use the terminal command "fdesetup". It lets you add and remove users to the authorized access list to unlock the disk. It will also let you remove a non-user associated disk password so it doesn't show up in the login window. I have successfully used it in the pass to remove a non-user password. It's much nicer than going through the grueling (painful!) task of unencrypting and re-encrypting your disk, which could take days or weeks depending on the size of your data.

Unfortunately I haven't used the command in awhile, actually since I upgraded to High Sierra last year. And would need to re-research the exact use of fdesetup to give you the instructions. If no one jumps in with the syntax, I should be able to get back soon when I get a chance to refresh myself with the command.
 
  • Like
Reactions: DeltaMac
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.