Filevault Causing Login Problems on an M1 Mac with Monterey

While logged into the user account that is having trouble try going into the Security & Privacy System Preferences. On the General tab click the "Change Password" button. You can use your current password if you want.

With some of our organization's Filevaulted Macs with multiple user accounts I have discovered that the user account login password become disassociated from the Filevault password if the password of that account is changed (I'm assuming it was a bug from changing a user account password using the User & Groups System Preferences). I can log into that user account by first entering the old password which was used with Filevault, then once it boots to the actual user login screen I can use the correct new password for that user account. By changing the password as I have described here, macOS recombines the Filevault password and the user account password so only one password is needed for the user account. I've never had it affect the ability of any of the other user account from logging in, but you should definitely verify each user can log in after a system restart.

I highly recommend you have a good backup of this computer and each user account before doing anything just to be safe.

You should always have frequent & regular backups.

1. Power on the computer that has been previously FileVaulted.

2. Log into the Mac with an Administrator account to unlock the FileVaulted computer.

3. Have the Administrator log off the computer, so the computer is at the login window, asking for a user name and password. Have the additional user(s) log onto the computer they need access to.

4. Once the user is logged in, open System Preferences. 

5. Click the Security & Privacy panel.

6. Click on the FileVault tab to access the FileVault settings. 

7. Click on the padlock to allow changes to be made to the FileVault settings.

8. Click on the “Enable Users” button.

9. You will see which additional network user accounts that you can enable to log into the computer and unlock the hard drive during login.

10. Click on the Enable User button next to the user you want to allow access to. That user will be prompted to enter their login password. Click OK to accept the entered password.

11. Look for a green checkmark next to the user's name, which means they can unlock FV at login automatically.

Try entering your password multiple times and even try using an external keyboard. I have had to repeatedly enter the password to unlock some of our organization's Macs. It drives me crazy to find out the first password I attempted to use actually works five minutes later after trying dozens of other possible passwords. There is something with macOS in general that doesn't always recognize the correct password. I am sure I am typing the password correctly as I will re-enter it several times.

To further complicate matters the 2018+ Macs use a secure enclave and security chip to handle authentication. I've personally experienced a few bugs with the T2 implementation on some of our organization's Macs. It would not surprise me to find that a new Mac could become "confused" if you created a user account on first using your new Mac and later migrating a user account from your old Mac (or a backup). I think if you perform a clean install of macOS and migrate from your old Mac without first creating a new user account on the laptop you will be fine. Just be sure to transfer any files from the new user account to external media so you don't lose anything important. Personally I would go even further than a clean install and instead reset the firmware on the M1 Mac which will reset the security enclave as well as performing a clean install.

Revive or restore a Mac with Apple silicon using Apple Configurator 2 - Apple Support

I resolved my very similar problem when I realised that I had two language keyboards set up, and the system was using one to set the password and the other to check the password. It is not easy to see (especially on a big screen using dark mode) that that the language change is signalled. Once the change was made the problem disappeared.

What can sometimes happen is that the user login password can become separated from the Filevault password which tends to happen if a user account password is changed. Usually at the first login screen you may need to enter the old password to unlock Filevault, then at the second login prompt enter the latest password. This is what you are seeing when logging into the other user account, then logging out and into the other user account.

After disabling Filevault and re-enabling Filevault it should have re-associated each user account & Filevault password. The Filevault pane of System Preferences should have an option to make sure any user not associated with Filevault to be associated so that they can unlock Filevault when logging in, but this is not always shown on the Filevault pane for some reason. You may need to delete the Filevault preference file while Filevault is disabled (I'm not sure where this file is stored) so when you re-enable Filevault it may associate all users properly. I'm not certain how the passwords for Filevault are now stored on the 2018+ Macs with the T2 security chip or the M1 Macs. Are all the user accounts "admin" accounts or is the account a standard user account?

Try booting into Recovery Mode to make sure you can authenticate with each admin user. I know that the T2 security chip can cause weird behavior with authentication, but I'm not certain of an easy way around these issues except to "Restore" the T2 or M1 firmware which wipes out the security enclave, destroys all data on the SSD and reinstalls macOS through Internet Recovery.

Revive or restore a Mac with Apple silicon using Apple Configurator 2 - Apple Support

Edit: Make sure to have a good backup before attempting any changes in case something goes wrong as you may become locked out of your Mac which may require you to perform a clean install or a "Restore" of the firmware (a more extreme version of a clean install as it also resets the security enclave).

CharPatton1 wrote:

Two even said, "just run your computer without FileVault since it works just fine that way" (my employer's IT department would have a cow about that). Two of them escalated to more senior engineers, but the knowledgeable folks haven't responded yet. COVID seems to be impacting us all :(

FYI, with a 2018+ Mac all your data is encrypted automatically using hardware encryption provided by the T2 security chip or the M1 Mac's secure enclave. Filevault on a 2018+ Mac just adds yet another layer of protection by requiring a password to unlock the Filevault.

I can tell you from personal experience that there are some bugs with the implementation of the T2 security chip where I have had problems authenticating while booted into Recovery Mode. I ended up "restoring" the T2 firmware just to be safe. It is possible the M1 Macs may have similar issues.

I'm wondering if there is some kind of migration bug if Filevault is active on the old Mac and you are migrating to an M1 Mac (or perhaps any 2018+ Mac). While Migration Assistant is nice, I have had times where I had to manually migrate my data, settings, and apps to a new Mac. Perhaps this is one of those times. Or maybe you could temporarily disable Filevault on the older Mac before trying to migrate to the new Mac. Keep in mind unless the engineers can reproduce the issue or figure out what is happening on your new Mac, this may take a while to get resolved (if ever depending on how common the error is).

1) Unless you used an incorrect username, then I don't know why it failed. Perhaps this is related to the problem you had with the migration of the user account.

2) I don't know where the Filevault preference file is located or where some of the authentication information is stored on 2017 and earlier Macs. With a 2018+ T2 Mac and probably with the M1 Macs, some of the security/authentication settings are stored in the secure enclave chip.

3) Unless you want to attempt to fix the issues on the old Mac and try another migration, then the best option is to create a new user account and manually transfer your data and settings to the new Mac. Transferring the general data from the Desktop, Documents, Downloads folders is easy enough, but the more difficult part of this process is transferring photos, music, videos, and app settings since these may not be easy straight up transfers. Another option is to use a Time Machine backup from your old Mac to migrate the user account(s) to the new Mac. Maybe migrating the user accounts from a Time Machine backup may not have the same issues as migrating directly from the old Mac. I don't know if there is any difference since I've never used Time Machine. It all depends on how much time you want to invest in experimentation.

Perhaps another contributor will be able to provide a better answer with more specific detailed instructions since I'm not a macOS software expert. My Macs have very simple configurations that I will manually recreate if I cannot figure out where all the settings files are stored for each app.

I am interested to see this as it is very similar to one I have. After migrating from a similar age MacBook Pro withMigration assistance, I have a weird problem of two user accounts popping up (one from old computer and one from new although I didn’t intend or want two. System starts by saying password is wrong (it is right). The two accounts problem appears during new password creation and restart/sign in. In any case the new passwords are always wrong.

The Senior Apple support engineer has never seen the problem and says I need to do migration all over again from factory settings. I have asked for escalation to developers to understand the basic cause.

Thanks very much HWTech. First, it is in a funny way good to see others with the weird problem, to not be alone. And then you give some good ideas, which I will follow/try, including the external keyboard. Thanks.