Why do I need to set things up again and get a new FileVault code after every OS software update?

[umbilical]

Why do I need a new FileVault recovery key after every software update?

After each software update, I am prompted to set up certain features, such as FileVault, as if it's the first time I'm installing the system.

This process gives me a new FileVault recovery key, which is frustrating. I don't recall needing to go through these setup steps repeatedly after software updates in previous versions of macOS.

 

[BrianBaughn]

When I found out, here on the forums, that the macOS volume on my Apple Silicon Mac is encrypted anyway…I turned FileVault off.

Which Mac do you have?

 

[kitKAC]

When I found out, here on the forums, that the macOS volume on my Apple Silicon Mac is encrypted anyway…I turned FileVault off.

Without FileVault, there's nothing stopping someone from booting into macOS recovery and resetting your password to access your account.

 

[Sciuriware]

Why do I need a new FileVault recovery key after every software update?

After each software update, I am prompted to set up certain features, such as FileVault, as if it's the first time I'm installing the system.

This process gives me a new FileVault recovery key, which is frustrating. I don't recall needing to go through these setup steps repeatedly after software updates in previous versions of macOS.

Stranger even, one of my machine has the same 'phenomenon', but the other updates without it.
Both Silicon, both updated to 14.7, both encrypted.
;JOOP!

 

[JonaM]

When I found out, here on the forums, that the macOS volume on my Apple Silicon Mac is encrypted anyway…I turned FileVault off.

Which Mac do you have?

This essentially means your data is not protected any more as the encryption key is now available to anyone who gets access to the computer as they can boot into recovery mode and get in...

 

[Bigwaff]

This essentially means your data is not protected any more as the encryption key is now available to anyone who gets access to the computer as they can boot into recovery mode and get in...

I had the impression if FileVault was disabled AND FindMy was disabled (i.e. activation lock), the resetpassword command in Terminal from Recovery can be used to reset user passwords... of course, with both disabled, the internal storage can be reformatted by Disk Utility in Recovery. Mac gone for good.

If FileVault is disabled and FindMy is enabled, you will be prompted for Apple ID (iCloud) account info by the resetpassword command in Recovery because activation lock needs to be disabled before passwords can be changed from Recovery.

Truth? I've never had to reset a password via Recovery under these scenarios in the real world.

 

[Apathist]

Why do I need a new FileVault recovery key after every software update?

It's unexplained AFAIK, but seems to affect the same machines (mine and yours, for example) each time they're updated -- beginning with 14.3.1(?).

In any event, you might want to try validating the new Recovery Key that was generated for you. In some cases users have found that their existing keys remain valid, while the new ones they've been given during an update actually aren't.

 

[chabig]

Without FileVault, there's nothing stopping someone from booting into macOS recovery and resetting your password to access your account.

In recovery, you don't have access to the file system without an admin password, so it's not as bad as you make it out. You also cannot change user passwords.

Use macOS Recovery on a Mac with Apple silicon

Learn how to use macOS Recovery on a Mac with Apple silicon.

support.apple.com

 

[chabig]

Why do I need a new FileVault recovery key after every software update?

Read this! You might not need a new recovery key, and if you are presented with one, you should check to make sure it works. The old recovery key might still be the one to keep.

What to do when offered a new FileVault Recovery Key

You’ve just updated to 14.4 or 14.4.1 and are prompted to set up a new Recovery Key for FileVault. What do you do next, and how should you check the key?

eclecticlight.co