11 Replies Latest reply: Apr 8, 2008 4:22 AM by SMH74
Doug Eldred Level 4 Level 4 (3,270 points)
After migrating successfully to Leopard on a new MacBook, in setting up the one FileVault account I use I find that I no longer remember the master password for FileVault. That's not an immediate problem, since I can create and remember the individual account's password, obviously, but it leaves me without a safety net.

So, how can one reset (or remove and then set) the FileVault master password? I find instructions for dealing with an Admin password, but so far not for FileVault.

Doug

MacBook 2.2 GHz, Mini Core Duo 1.66, iPod touch / G2 Nano, Mac OS X (10.5)
  • pardthemonster Level 4 Level 4 (1,140 points)
    As stated on the FileVault preference pane, "*WARNING: Your files will be encrypted using your login password. If you forget your login password and you don't know the master password, your data will be lost.*"

    Your out of luck man. If it were any other way, FileVault wouldn't be as protective of users' files as it is.
  • biovizier Level 5 Level 5 (7,925 points)
    First, turn off "FileVault" on any and all accounts created while the current "master password" has been in effect. This may take some time, and requires sufficient free space on the hard drive.

    The "master password" is associated with the "FileVaultMaster.keychain" and "FileVaultMaster.cer" in the computer's main "/Library/Keychains" folder. If these files are removed, the system will think that a "master password" has not been set. It might be a good idea to keep the files backed up somewhere if you happen to have any backups of old "FileVault" sparse images somewhere, in case you need to get in to them and happen to remember the old "master password" at some point.

    Anyway, after removing those files, it should be possible to set a new "master password" from the "Security" pref pane. If "FileVault" is subsequently turned on, the disk images will be created, incorporating the new "master password".

    Just to emphasize, the key is that any existing disk images will not be associated with the new password so that is why it is important to turn off "FileVault" for any pre-existing "FileVault" accounts, then to turn it back on only after the new password is in place.

    The above applied to Panther and Tiger, but I should mention that I haven't tested it personally under Leopard.
  • Doug Eldred Level 4 Level 4 (3,270 points)
    Thanks, I'll give that a try. I was sure the master password had to exist somewhere, and that removing that manually would let me start over.

    Doug
  • Doug Eldred Level 4 Level 4 (3,270 points)
    As long as I remember the ACCOUNT password, I'm hardly out of luck. The master password is just a safety net in case I do manage to forget the account password.

    Doug
  • Doug Eldred Level 4 Level 4 (3,270 points)
    Removing the /Library/Keychain keychain and .cer file worked. Based on other sources it's possible that the .cer file didn't have to be deleted, but it seemed reasonable, and both files were recreated when I created a new master password.
  • Thomas B. Robison Level 1 Level 1 (20 points)
    This post has helped me out in the same way. I had originally set a Master Password, thought I had recorded it correctly only to find out that it didn't work.

    Thankfully I don't use FileVault. I was able to remove the keychain files to restore the Master Password to it's original "none set" mode.

    Thanks!!

    Tom
  • questor2008 Level 1 Level 1 (0 points)
    I tried what you describe here, so that I could use the notebook in "sage" (a fine piece of symbolic math openware). In sage, after trying to use its "notebook()" command, it asked for my FileVaultMaster keychain password, but it didn't accept it.

    Do I need to restart before the new password I created takes affect? DO I need to turn FileVault on? Until now, I've totally ignored FileVault (I'm the only user on this machine), and I am only dealing with this to get past sage's needs.

    Thanks.

    questor
  • markhimself Level 1 Level 1 (0 points)
    Sorry to bring up/hijack an old thread, but i'm having a similar problem and have been unable to solve it. I accidently set a master password, not exactly knowing what it does, and now cannot un-set that password.

    In Library/Keychains, the only thing there is login.keychain. Should I delete this, and will it fix the problem? And will it cause any others?
  • biovizier Level 5 Level 5 (7,925 points)
    Actually, if you see the "login.keychain", you are probably looking in your account's "home" folder's "~/Library/Keychains" folder. I suspect you will not want to delete your "login.keychain" file since it will contain passwords that you have saved.

    The master password related files are located in the boot drive's main "/Library/Keychains" folder, i.e. by default, "Macintosh HD/Library/Keychains/".
  • markhimself Level 1 Level 1 (0 points)
    Got it! Thank you.
  • SMH74 Level 1 Level 1 (0 points)
    Jus wanted to let you know.

    Works with Leopard too.