mackedout
Level 1 (4 points)
Mac OS X

Q: Filevault2 allows unauthorized user to log in

My Macbook Air (early 2015) has Filevault activated. I am sole user of this machine.  At the time I set up FV, I named several users who were authorized to unlock. and noted the recovery key from FV.

 

 

At the time, one of the users was Admin; I later changed it to a Standard account.  It was my main working acct. After that acct began having probs (tho not immeddiately after the account-type change) which seemed to be specific to it alone, I created a second account.  Let's call them Smith and Smith2, respectively.

 

 

I made Smith2 a Standard acct also and gave it same password as Smith.  Smith2 was not added to users authorized to unlockk the Mac as I don't know how to to do that pr wheter it can be done at all.  My plan was to transfer everything from Smith to Smith2.  I hadn't thought about Filevault until today.

 

 

I just realized that Smith2, a user not authorized to unlock the Mac, can simply log in as if encryption was not enabled.  Wondering if it might be because the password was one authorized to FV, I changed Smith2's password.  Made no difference.

 

 

In SysPrefs Security tab, it states Filevault is turned on.  Today, working in Recovery mode (in Disk Utility relating to an external drive, when I was ready to restart, I selected the MacHD and was required to enter a password to unlock it, before it would restart in MacHD.  So parts of the operating system behaves as if encryption is enabled.

 

 

But for Smith2 to just breeze right in means the encryption is not doing its job!

 

 

I can, of course, try turning off encryption and then turning it back on again.  But this is really troublesome.  Thought I'd post here for your thoughts --- maybe there's a bigger issue which needs to be addressed?

 

 

 

 

Macbook Air (early 2015),Yosemite 10.10.5 kept updated.

Posted on Jul 31, 2016 9:13 PM

by etresoft,Solvedanswer
etresoft etresoft
Level 7 (29,081 points)
A:

Hello mackedout,

FileVault automatically enables new accounts to unlock the disk. See Use FileVault to encrypt the startup disk on your Mac - Apple Support. You have to use the command-line fdesetup tool to remove a user's authorization to unlock the disk.

Posted on Aug 1, 2016 9:23 AM

Close
mackedout

Q: Filevault2 allows unauthorized user to log in

  • All replies
  • Helpful answers

  • by Esquared,

    Esquared Esquared Aug 1, 2016 12:55 AM in response to mackedout
    Level 6 (8,410 points)
    Mac OS X
    Aug 1, 2016 12:55 AM in response to mackedout

    Let me get this straight: Smith2 isn't authorized to unlock FV, but can login and acces the Mac directly after a reboot (without any other accounts logged in)?

  • by BobHarris,

    BobHarris BobHarris Aug 1, 2016 5:52 AM in response to mackedout
    Level 6 (19,282 points)
    Mac OS X
    Aug 1, 2016 5:52 AM in response to mackedout

    The account used to unlock at boot time was authorized, and that unlocked the disk for the operating system, and ALL accounts.  Once unlocked all users are allowed to login.

     

    The list of authorized users counts when first booting the system.  That means smith2 cannot boot the system, but once the admin boots the system smith2 can login.

     

    If you do not want smith2 to login, then disable or delete their account, or setup parental controls to limit their login.  FileVault is intended to keep people from reading your disk if it is shutdown, or has been removed from your Mac.  If your Mac is up and running, the operating system has the key and can access the disk for all accounts.

  • by etresoft,Solvedanswer

    etresoft etresoft Aug 1, 2016 9:23 AM in response to mackedout
    Level 7 (29,081 points)
    Aug 1, 2016 9:23 AM in response to mackedout

    Hello mackedout,

    FileVault automatically enables new accounts to unlock the disk. See Use FileVault to encrypt the startup disk on your Mac - Apple Support. You have to use the command-line fdesetup tool to remove a user's authorization to unlock the disk.

  • by mackedout,

    mackedout mackedout Aug 1, 2016 5:27 PM in response to etresoft
    Level 1 (4 points)
    Mac OS X
    Aug 1, 2016 5:27 PM in response to etresoft

    Esquared and BobHarris, thank you!

    I owe everyone one an apology for not being more clear. I definitely *should* have stated plainly that when the Mac has been powered completely off, and then later powered up again, Smith2 could simply enter login passwor and unlock the device -- OS fires up into that account even tho no other users in sight.

     

    Since I hadn't authorized the Smith2 user to have login pw-unlock privilege, I didn't think that should be happening.  I feared FV was not working as it should.

     

    Entresoft's post reveals the problem is not FV, but my ignorance.  I flat did not know new accounts (such as Smith2) are automatically given FV authorization to unlock with their login password.

     

    Entresoft, as foolish as I feel, I sure appreciate the info. It's a relief.  The Mac can be mystifying to this mere mortal.  I don't need the removal tool right now, but am definitely glad to know that it exists should need arise.

     

    You guys are great!  I am grateful to have a place to ask for a helping hand with the Mac -- and get it!