Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Why do I need to set things up again and get a new FileVault code after every OS software update?

U

umbilical

macrumors 65816
Original poster
May 3, 2008
1,328
362
FL, USA
Why do I need a new FileVault recovery key after every software update?

After each software update, I am prompted to set up certain features, such as FileVault, as if it's the first time I'm installing the system.

This process gives me a new FileVault recovery key, which is frustrating. I don't recall needing to go through these setup steps repeatedly after software updates in previous versions of macOS.
 
BrianBaughn said:
When I found out, here on the forums, that the macOS volume on my Apple Silicon Mac is encrypted anyway…I turned FileVault off.
Click to expand...

Without FileVault, there's nothing stopping someone from booting into macOS recovery and resetting your password to access your account.
 
  • Like
Reactions: JonaM and iStorm
umbilical said:
Why do I need a new FileVault recovery key after every software update?

After each software update, I am prompted to set up certain features, such as FileVault, as if it's the first time I'm installing the system.

This process gives me a new FileVault recovery key, which is frustrating. I don't recall needing to go through these setup steps repeatedly after software updates in previous versions of macOS.
Click to expand...
Stranger even, one of my machine has the same 'phenomenon', but the other updates without it.
Both Silicon, both updated to 14.7, both encrypted.
;JOOP!
 
BrianBaughn said:
When I found out, here on the forums, that the macOS volume on my Apple Silicon Mac is encrypted anyway…I turned FileVault off.

Which Mac do you have?
Click to expand...
This essentially means your data is not protected any more as the encryption key is now available to anyone who gets access to the computer as they can boot into recovery mode and get in...
 
JonaM said:
This essentially means your data is not protected any more as the encryption key is now available to anyone who gets access to the computer as they can boot into recovery mode and get in...
Click to expand...
I had the impression if FileVault was disabled AND FindMy was disabled (i.e. activation lock), the resetpassword command in Terminal from Recovery can be used to reset user passwords... of course, with both disabled, the internal storage can be reformatted by Disk Utility in Recovery. Mac gone for good.

If FileVault is disabled and FindMy is enabled, you will be prompted for Apple ID (iCloud) account info by the resetpassword command in Recovery because activation lock needs to be disabled before passwords can be changed from Recovery.

Truth? I've never had to reset a password via Recovery under these scenarios in the real world.
 
umbilical said:
Why do I need a new FileVault recovery key after every software update?
Click to expand...

It's unexplained AFAIK, but seems to affect the same machines (mine and yours, for example) each time they're updated -- beginning with 14.3.1(?).

In any event, you might want to try validating the new Recovery Key that was generated for you. In some cases users have found that their existing keys remain valid, while the new ones they've been given during an update actually aren't.
 
kitKAC said:
Without FileVault, there's nothing stopping someone from booting into macOS recovery and resetting your password to access your account.
Click to expand...
In recovery, you don't have access to the file system without an admin password, so it's not as bad as you make it out. You also cannot change user passwords.

Use macOS Recovery on a Mac with Apple silicon

Learn how to use macOS Recovery on a Mac with Apple silicon.
support.apple.com
 
umbilical said:
Why do I need a new FileVault recovery key after every software update?
Click to expand...
Read this! You might not need a new recovery key, and if you are presented with one, you should check to make sure it works. The old recovery key might still be the one to keep.

eclecticlight.co

What to do when offered a new FileVault Recovery Key

You’ve just updated to 14.4 or 14.4.1 and are prompted to set up a new Recovery Key for FileVault. What do you do next, and how should you check the key?
eclecticlight.co eclecticlight.co
 
  • Like
Reactions: frou
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back