User profile for user: tomcraft
tomcraft Author
User level: Level 1
5 points

Interaction between "Allow iCloud to unlock FileVault" and "Allow user to reset password using Apple ID" options

I had activated FileVault with recovery key on my Mac. As a result, activating the option "Allow user to reset password using Apple ID" under "Users and Groups" had virtually no effect: Even with this option activated, the Mac continued to offer only one password recovery function, namely via FileVault recovery key.


Now I have newly activated "Allow iCloud to unlock FileVault". I expected that the option "Allow user to reset password using Apple ID" would now be automatically activated under "Users and groups", but this is not the case. I don't understand this, because in practice there is no separate FileVault password, but after entering the user password the FileVault decryption is started automatically; i.e. a FileVault recovery using iCloud should practically also result in an iCloud recovery of the user password.


Can someone please tell me what the interaction of these two options is, or what happens in practice if "Allow iCloud to unlock FileVault" is activated but not "Allow user to reset password using Apple ID"?

iMac

Posted on Jan 29, 2023 6:59 AM

Reply

Similar questions

3 replies
User profile for user: tomcraft
tomcraft Author
User level: Level 1
5 points

Jan 29, 2023 11:48 AM in response to Randall_2023

No it doesn’t.


If the option "Allow iCloud to unlock FileVault" is activated, the option "Allow user to reset password using Apple ID" should not be available according to the Apple help article below. In reality, however, this is not the case in MacOS Ventura. Looks like a bug. Would be cool if Apple could patch this, security things like this should actually work flawlessly. It is also unclear whether the setting of the option "Allow user to reset password using Apple ID" has any effect at all in this constellation.


Change User settings on Mac - Apple Support (MT)


„Allow user to reset password using Apple ID:

Allow a user to change their password for this Mac at login by entering their Apple ID and password.

To use this option, the user must have set up iCloud on this Mac. However, this option isn’t available if FileVault is turned on and set to allow the user to reset their password at startup using their Apple ID.“



Reply
User profile for user: tomcraft
tomcraft Author
User level: Level 1
5 points

Jan 30, 2023 1:50 AM in response to tomcraft

This is either a bug or the description in Apple Help is wrong. It would be great if someone from Apple could make a statement here (also regarding the point whether "Allow user to reset password using Apple ID" should be enabled or not, under the circumstance that "Allow iCloud to unlock FileVault" is enabled, to ensure proper functioning and regaining access to the Mac in case of forgotten system password).


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Interaction between "Allow iCloud to unlock FileVault" and "Allow user to reset password using Apple ID" options

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up