You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
Hi
I have encrypted my hard disk using the Full Disk Encryption option of FileVault 2.
While I think it works great, the one thing I don't like is the fact that the login screen displays the user names rather than two fields, one for user name and the other for password.
Does anyone know how to change this setting?
Thank you.
-John
Mac OS X (10.4.7)
Any update on this. 10.8.2 still does not have "list name and password"
Maybe some one has a way to make it work. Apples own documentation says that this is they way it should be!
I'm having this issue too; thought it would be sorted out by now (10.8.2).
Has anyone contacted an official Apple support channel (Genius Bar, Phone tech support, etc.)?
Just found this and tried and it works!! 🙂
ETA.... Upon a complete shutdown and started up again, it's still showing me the accounts that are encrypted 😟
Looks like the article has changed. Unless I'm over looking something, that part is no longer in the article.
scooper4711 wrote:
This is most decidedly a bug.
According to the KB article here: http://support.apple.com/kb/HT4790?viewlocale=en_US&locale=en_US
it says:
List of users at the Login Window?
Filevault 2 will show a blank text field for both username and password. For security purposes Filevault 2 will not show a list of users.
I think this needs to be fixed.
Yup. They've updated the article. Quite a bit, actually.
I did find one interesting tidbit:
"Please note that Recovery HD must be present on your computer's startup volume to use FileVault 2"
This tells me that when FileVault is active, you boot off the recovery partition, unlock the encrypted partition, then login is passed along to the booting of the encrypted partition.
So...if we could figure out how to boot to the recovery partition *and* bring up System Preferences then we could possibly change the login window to userid & password.
Failing that, I think you can open the Terminal in the recovery partition, so if we could find the command to change the login window we should be able to do it command-line.
I don't have time to mess with this today, but perhaps someone else could and report findings back here.
Scooper,
Please let us know if you find anything.
I was even thinking about running some type of script that runs in the backgroud if you reboot. It woudl run the auth restart and would return to the log in screen instead of pre boot.
This would not help for a power on from off of course.
Also I am trying to figure out if at the pre boot they set up any kind of a lockout feature. For example how many times can you type in a wrong password?
up
Hi all,
in this thread, there appears to be a common misunderstanding.
sjva wrote:
This IS a bug. If the user sets Display Login Window as: NAME AND PASSWORD and NOT LIST OF USERS, that preference should be used whether file vault is turned on or off.
as an example, this quote refers to the Login Window, and the settings in the System Preferences regarding the Login Window. The Login Window has a distinct meaning - it is the window that appears when one is logging into an OS X system without FileVault encryption. This is the login window to which we've all been accustomed for many iterations of the OS.
As Peter describes, when using FIleVault2, the user is at an EFI boot authentication screen. This is most definitely not the Login Window, and therefore not controlled by settings entered in the System Preferences regarding the Login Window.
Using terminology confusing these two independent authorization methods confuses this issue. There are some similar aspects of these two authorization methods, however, we should all recognize that they are different and independent methods.
I too agree with the thrust of most of the comments which appear in this thread. Simply stated, I want a similar level of configuration control for the EFI boot authentication screen as we have for the Login Window. In fact, this is a policy requirement at my institution...
So, I'll keep tuned to the progress made in this and similar minded threads.
cheers,
Roy
Sorry Roy but I desagree with your comments. I have the same problem and it is a serious one. The fact that encrypting my HD now shows the list of users of my MBP which includes my name and picture and worst yet, the name and picture of my daughters (which use this MBP) is an unacceptable security breach. Now this info is available to EVERYBODY that just turns on the MBP, so whoever steals my computer now has a picture of my daughters an their names (This is more than serious if you loose your computer in a kidnapping prone country).
If this bug (a nice word for this big issue) is related to EFI vs normal login screen is irrelevant. Whoever at apple implemented this did a very lousy job on QC. If the EFI boot authentication can get the list of users, surely can get the login preferences. I really don't mind how apple should solve this (all through EFI or all through OSX) but FV2 is a bad thing until this is solved.
My understanding is that until you shutdown or restart, the disk image is decrypted while you work. So loggin in and then out to get to the normal login screen leaves you with no accounts visible but no encrypted disk ...
thanks to all for your help on this and look forward to any news
CC
PS: In my Mac Pro I can't even encrypt now as I have a stripped RAID set ... I was lot better with previous FV
I had similar problem (http://superuser.com/a/693492/284781) and for me it was crucial to delete some EFI login cached files like described here https://derflounder.wordpress.com/2013/06/19/enabling-filevault-2-pre-boot-login -screen-functions-from-the-command-line/
i.e.
rm/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/*.efires
(actually I moved them to some backup location).
Author of the article says:
in addition to running the defaults commands, you also need to remove certain cache filenames ending in .efires from /System/Library/Caches/com.apple.corestorage/EFILoginLocalizations. Clearing the filename.efires cache files forces the system to update the FileVault 2 pre-boot login screen.
In console you may check login properties like this:
defaults read /Library/Preferences/com.apple.loginwindow
Then do shutdown and turn it on, you should get login page as configured.
So under OS X.9.2 (Mavericks), the feature "Name and password" is still missing...
=> The only way seems to go "https://bugreport.apple.com" and to write: "Dear Apple, I want to have to enter my 'Name and password' even when FileVault is turn On !!"
CU.
While I believe revealing privileged entry points is a severe security risk, the risk you point out is just as severe. It advertises Personally Identifiable Information on the screen simply by having the machine turned on. Something else I've noticed is that you can change the pictures in System Preferences under Users but it will not change the EFI login copy of the pictures without decrypting and re-encrypting the startup drive.
And as far as advertising an entry point, that would be like displaying your bank account number and asking for a password to use it. The username, just like the bank account number in this example reveals too much information to someone who shouldn't have the information in the first place. A hacker no longer has to guess what a username AND password are. They only have to guess the password to a known username.
Change Filevault 2 Login Screen Options - Encrypted Disk
