How to cope with a FileVault recovery key disappearing while you write it down - Macworld

FileVault is an extraordinary bit of macOS technology. Introduced years ago, it encrypts the entire contents of your startup volume so that when the data is at rest—when your Mac is powered down—the drive is effectively full of garbage nonsense to anyone who doesn’t possess either the password to an account authorized to log in via FileVault or the special recovery key set when you turn FileVault on.

When you use the Security & Privacy preference pane’s FileVault tab to enable this encryption, macOS prompts you with two choices:

• Allow my iCloud account to unlock my disk

• Create a recovery key and do not use my iCloud account

Apple

In both cases, a recovery key is set. However, if you use iCloud to store your key, you never see it, and Apple manages the recovery process. All you need is your iCloud password and, if you turned on two-factor authentication, a trusted device or access to a trusted phone number. But this introduces risk, as someone who obtained your computer and discovered your password could potentially unlock the drive, too.

I prefer the second choice, as it provides entirely “local” control. No secret is stored remotely. You only face a problem if you forget the passwords to all macOS accounts approved for FileVault-based cold start (from a shutdown state) logins and you lose your recovery key. (I have heard of cases in which account information becomes corrupted, though, and the recovery key is the only way to start up a Mac.)

No record of recovery key

What happens if, while you’re trying to write down the recovery key, it disappears from the screen? While this seems unlikely it happened to one reader, who doesn’t believe they clicked a button or otherwise caused the key message to dismiss. They wrote in to ask how they could recover the recovery key?

Unfortunately, there’s no method to retrieve the key once it’s been displayed and dismissed. The recovery key is generated and passed through a strong one-way encryption process; only the result is used to further protect the keys used in FileVault encryption. The recovery key is displayed once. When you dismiss the dialog, macOS tosses this original version of it forever. (Entering the precise original recovery key, which is fed through the same one-way process, unlocks the data that it protects.)

If you weren’t able to write the key down before it disappeared from view, you have to disable FileVault encryption and re-enable it to generate a new recovery key:

[ Further reading: Learn more about macOS Catalina ]

1. In the Security & Privacy system preference pane, click the FileVault tab.

2. Click the lock icon at the lower-left corner and enter an account name and password with administrative access.

3. Click the Turn Off FileVault button.

4. Confirm you want to disable FileVault by clicking Restart & Turn Off Encryption.

5. Your Mac now restarts. After you log back in using an account with FileVault permission, macOS begins decrypting the entire contents of the drive. This can take quite a while.

6. When decryption is complete, you can return to the FileVault tab and click Turn On FileVault.

7. At the Recovery Key prompt, choose the “Create a recovery key” option and write the key down. You might even quickly take a picture of it as a backup. (But be sure to delete that photo and then permanently delete it from the Recently Deleted album to avoid any chance of someone gaining access to it.)

8. Restart again and FileVault begins the slow process of encrypting the startup volume once more.

This Mac 911 article is in response to a question submitted by Macworld reader Michael.

Ask Mac 911

We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com including screen captures as appropriate, and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.

Let's block ads! (Why?)

"Key" - Google News
January 07, 2020 at 08:15PM
https://ift.tt/39OM9Ww

How to cope with a FileVault recovery key disappearing while you write it down - Macworld
"Key" - Google News
https://ift.tt/2YqNJZt
Shoes Man Tutorial
Pos News Update
Meme Update
Korean Entertainment News
Japan News Update