Hi
I have encrypted my hard disk using the Full Disk Encryption option of FileVault 2.
While I think it works great, the one thing I don't like is the fact that the login screen displays the user names rather than two fields, one for user name and the other for password.
Does anyone know how to change this setting?
Thank you.
-John
Mac OS X (10.4.7)
Aloha,
old thread, but maybe it still can help.
If you want the described behaviour disable your local user for Filevault authorisation:
In Terminal:
sudo fdesetup remove -user usernameNow you have at boot time to enter the disk password first and then the macOS login.
HTH
Cheers
Marcel
Hi,
I don't think this is related to FileVault per se.
Go to System Preferences > Users & Groups > Login Options and select the radio button for 'Display login window as: Name and password'.
Hope this helps.
Andrew
@Andrew, how do you get it work? have you tried the said System Preferences option?
I tried that but the preboot FileVault2 login screen still stays at "list of users"..
My memory could fail, though.
Thanks
Ivan.
I do have the same problem , I have activated filevault (after migrating to Lion)
and now I do have a list of users on my login screen (and yes my configuration is set to have name and password requested fr login NOT a list of user)
Seems to be a bug to me ...
Any help ?
Hi,
Sorry ivwang - I hadn't tried it when I posted; only knew how it should work...
I just tried it in Lion too and it's not working as it used to in SL - looks like a bug and I've seen some other threads on this saything the same thing. Hopefully it'll get fixed soon.
Andrew
I am having the same trouble...
I did try and delete the login plist but that has no effect. I have reported the bug to apple and I suggest you all do the same. The more people that are effected that quicker it will get attention.
This isn't a bug. This is the way FileVault-2's EFI boot authentication UI is built. When your Mac first starts up, EFI-boot takes over to decide what to do. It either continues to bring up the system to the typical OSX login screen, which is managed by OSX's system preferences, or it starts a special EFI pre-boot where it displays the FV2 unlock screen with the icons of designated OSX accounts approved to unlock the disk. Once you log on, the EFI unlock sequence carries forth your credentials, performing a single signon. This is fine for some people but not for others, including me. I added a PolicyBanner that still comes up during the signon process but it come up too late. I have submitted a UI request (not as a bug) to be able to either edit the EFI boot screen (look at /usr/standalone/i386/EfiLoginUI directory, none are editable using normal applications) or ask that a feature is included, probably in the FV system preference pane, to add a custom banner. I didn't include the request to allow just the name and password fields but that's something I'd also like to see. One problem with this account display method has to do with people trying accounts that aren't authorized to unlock the specific computer. I haven't tried using an incorrect password more than 3 times yet to see what happens. I also haven't tried a FV2-encrypted Mac bound to Active Directory (or Open Directory for that matter) to see how it functions with network accounts. FV2 is nice in that it is full disk encryption (FDE) at the block level but that also brings about a whole lot of changes to users used to using the file-level encryption of FileVault-1.
I do understand now why when I do exit from my session I do have the login screen with name/password (as setup in the preferences). It was a bit confusing to meto have this name/password login screen (when exiting from my session) and not at boot time.
Hope we will have at some point the possibility to configure the EFI login window to have name/password to login
Please let us know
Thanks
Peter:
Thanks for the great explanation! I was getting so frustrated with this that I was just about to start digging around at the boot level to see what I could find. Again, thanks for saving me the time and effort!
Now that I understand the issue I will resubmit my report as a feature request as well. I figure the more voices the more likely we will get this fixed.
Anyway, as a security professional myself I don't particularly like "security threw obscurity" but as a level of it, I do feel it can help. Just like policy banners and good multi character type passwords, we add encryption so if our computers are stolen (especially laptops) we know (well believe) that the likelihood someone will get to our data is small. After all isn't that what we are trying to protect here?!?!
Hey everyone
Had the exact same issue and the culprit was the 'Enable Users' option under SystemPref/Security&Privacy/Filevault.
You will always get the 'Disk Password Protected' option only if you refrain from enabling users under filevault.
Personally, I prefer to always work in shell when configuring my MBA as Lion's GUI is still buggy as of 10.7.2 >> To encrypt, run
1. diskutil list
2. Identify your disk location under /dev/disk0 - in my case:
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *240.1 GB disk0
1: EFI 209.7 MB disk0s1
2: Apple_HFS SSD 239.7 GB disk0s2
3: Apple_Boot Boot OS X 134.2 MB disk0s3
3. then run
sudo diskutil cs convert disk0s2 -passphrase yoursecretpassphrase
4. reboot 😉
Cheers
W
@Wiss - I think your solution is excellent while Apple sort these issues out. One question though, how do you obtain the recovery key when encrypting via this method?
Macbook Air, MAC OS X (10.7.3)
This IS a bug. If the user sets Display Login Window as: NAME AND PASSWORD and NOT LIST OF USERS, that preference should be used whether file vault is turned on or off.
I need name and password and I chose name and password but the EFI preboot disregarded what I chose and decided to use List of Users instead of what was selected.
That is why this IS a bug. Please fix.
It has been written up in bug reporter and quite a few folks have asked for this.
Please please please fix this
This is most decidedly a bug.
According to the KB article here: http://support.apple.com/kb/HT4790?viewlocale=en_US&locale=en_US
it says:
List of users at the Login Window?
Filevault 2 will show a blank text field for both username and password. For security purposes Filevault 2 will not show a list of users.
I think this needs to be fixed.
interesting discussion, i have the same problem and also thought it must be
filevault 2's fault, maybe it is...buuut whhyyy....
in my case i still had the login screen with the name and password field after startup WITH filevault 2,
it changed to the same behavior (user swithing with name and password field / startup with user-list/ icons and pw-field after startup) since i downgraded the the user-account i did the setup with from a admin to a standard account!
now i can't change it in the sys.-pref. / users and groups / login options either (just like your discription) - even not as admin, but i don't know if this allready wasn't possible with the admin account i did the the system setup with (the now downgraded)
this makes it even more strange to me
any ideas?
Change Filevault 2 Login Screen Options - Encrypted Disk
