You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Harridu
Harridu Author
User level: Level 1
10 points

How can I change my passphrase to the encrypted MacBook Pro boot volume?

How can I change my passphrase to the encrypted boot volume to keep it in sync with my network-wide account?


[Re-Titled by Moderator]

MacBook Pro 13″, macOS 13.2

Posted on Jan 25, 2023 12:42 AM

Reply
Question marked as Top-ranking reply
User profile for user: Harridu
Harridu Author
User level: Level 1
10 points

Posted on Jan 28, 2023 4:41 AM

Using a second administrative account with the permission to unlock the boot volume I could remove my user ID from FileVault and add it again:

% sudo fdesetup remove -user harri
% sudo fdesetup add -usertoadd harri
Enter the user name: administrator
Enter the password for user 'administrator':
Enter the password for the added user 'harri':

On the second step I could set the new passphrase.


Found it on https://community.jamf.com/t5/jamf-pro/adding-user-to-filevault-using-fdesetup-and-recovery-key/m-p/209230

View in context

Similar questions

5 replies
Question marked as Top-ranking reply
User profile for user: Harridu
Harridu Author
User level: Level 1
10 points

Jan 28, 2023 4:41 AM in response to Harridu

Using a second administrative account with the permission to unlock the boot volume I could remove my user ID from FileVault and add it again:

% sudo fdesetup remove -user harri
% sudo fdesetup add -usertoadd harri
Enter the user name: administrator
Enter the password for user 'administrator':
Enter the password for the added user 'harri':

On the second step I could set the new passphrase.


Found it on https://community.jamf.com/t5/jamf-pro/adding-user-to-filevault-using-fdesetup-and-recovery-key/m-p/209230

Reply
User profile for user: bryanr14
bryanr14
User level: Community Specialist

Jan 26, 2023 2:24 PM in response to Harridu

Hello Harridu,


Thank you for reaching out in Apple Support Communities. Are you referring to changing the recovery key or resetting the password for an encrypted startup disk on your Mac? If so, here are the steps on how to accomplish this:


Change your recovery key or reset your password
To change the recovery key used to encrypt your startup disk, first turn off FileVault, which requires your account password. You can then turn it on again to generate a new key and disable all older keys.

If you forget your account password or it doesn't work, you might be able to reset your password.

This information is outlined in this helpful article: Use FileVault to encrypt your Mac startup disk - Apple Support


If that doesn't help and we misunderstood, please provide the community additional details. This way the community can gain a better understanding to provide you the best support.


Kind regards.

Reply
User profile for user: mingoslkd
mingoslkd
User level: Community Specialist

Jan 27, 2023 1:37 PM in response to Harridu

Hi Harridu,


Thanks for some clarification. It sounds like you'd like the FireVault password on your MacBook Air to sync with the newer FireVault password which is on a different device, your MacBook Pro.


FireVault passwords do not 'sync' between devices, unless you set them up to use your iCloud password, as shown here: Encrypt Mac data with FileVault - Apple Support

To set up FileVault, you must be an administrator. When you turn on FileVault, you choose how you want to unlock your startup disk if you ever forget your password:
• iCloud account and password: This choice is convenient if you use iCloud or plan to set it up—you don’t need to keep track of a separate recovery key.

If so, then we'd advise to contact Apple Support, so they can take a look at why the changed iCloud password isn't working to decrypt the MacBook Air also.

Apple Support


Take care!


Reply
User profile for user: Harridu
Harridu Author
User level: Level 1
10 points

Jan 27, 2023 9:29 AM in response to bryanr14

Neither would I like to change the recovery key, nor did I forgot my password. The problem on my Macbook Air is, I have to enter my old password to decrypt the boot volume, and later my new password to login.


On the Macbook Pro M1 there is only one login prompt at boot time. It accepts the new password to decrypt the boot volume and logs me in right away, without asking again. I had used this Macbook to change the password on my network account.


So how can I keep the passphrase to decrypt the boot volumes and the login password of my network-wide account in sync for #Macs > 1?

Reply
User profile for user: Harridu
Harridu Author
User level: Level 1
10 points

Jan 27, 2023 10:29 PM in response to mingoslkd

As written before, I haven't forgotten my passwords. I did not use my icloud account to setup FileVault, either. Both Macs were initially set up by my colleagues from the IT department, including FileVault for the boot volume. Nor did I change my icloud login password to run into this problem in first place. My account is managed in Active Directory and cached on the Macbooks, AFAIK.


As you noted, the FileVault passphrase is not synced between devices. As my Macbook Air shows, the Filevault passphrase is not bound to the login password. And since I could change both (network-wide password and locally managed Filevault passphrase) on the Macbook Pro somehow, there must be some way to change this passphrase after login, without touching my network password.


So how can I change my passphrase for the boot volume in Filevault?

Reply

How can I change my passphrase to the encrypted MacBook Pro boot volume?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up