FileVault is a wonderful instrument to shield your Mac’s drive when it’s shut down. When FileVault is lively, somebody powering up your machine can not achieve entry by any means to the encrypted information on your startup quantity with out figuring out the password of one in all your accounts.
(FileVault additionally allows full-disk encryption on Intel Macs with out a T2 Security Chip. All T2-equipped Macs beginning in 2017 and all M1 Apple silicon Macs have FDE at all times enabled.)
When you activate FileVault, macOS prompts you a couple of crucial backup aspect, the FileVault Recovery key. You can select to retailer it in escrow and securely by way of iCloud. Then you simply want your iCloud account, password, and second-factor (like a trusted system) to regain entry when you ever end up locked out of your Mac, the place an account password ceases to work.
But you may as well decide to monitor the Recovery Key your self, as I describe in this column from 2018. However, a reader requested a query that may outcome when you disable and re-enable FileVault—which takes simply seconds with a T2-equipped or M1 Mac—or migrate to a brand new Mac. This may depart you with a number of Recovery Keys you’ve famous over time.
If you haven’t rigorously tracked your Recovery Key, you might wind up being uncertain which is correct for your present Mac and FileVault encryption setup. There’s happily a straightforward method to check.
- Launch Applications > Utilities > Terminal.
- Type precisely the comply with and press return:
sudo fdesetup validaterecovery - The
sudocommand warns you in regards to the risks of this “superuser” mode if it’s the primary time you’ve used. Enter your password (you should be utilizing an administrator account), and press Return. - At the “Enter the current recovery key:” immediate sort or paste within the Recovery Key and press Return.
You will see true if the Recovery Key the present key; false if not. If you get the latter and also you typed quite than pasted in your Recovery, contemplate you might need mistyped it and check out once more.
If you didn’t enter the important thing in precisely the format that they’re offered in, the app will notice “Error: not a valid recovery key.” Try re-entering.
If none of your keys show legitimate, you need to instantly disable and re-enable FileVault, following the instructions in this column below the heading, “No record of Recovery Key.”
FileVault controls are situated in System Preferences > Security & Privacy, below the FileVault tab.
But you want to use the Terminal to check the validity of your FileVault Recovery Key.
Apple
This Mac 911 article is in response to a query submitted by Macworld reader Austé.
Ask Mac 911
We’ve compiled a listing of the questions we get requested most ceaselessly together with solutions and hyperlinks to columns: read our super FAQ to see if your query is roofed. If not, we’re at all times in search of new issues to remedy! Email yours to mac911@macworld.com together with display screen captures as acceptable, and whether or not you need your full title used. Not each query shall be answered, we don’t reply to e-mail, and we can not present direct troubleshooting recommendation.
