Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Peppard
Peppard Author
User level: Level 1
0 points

Different FileVault password

Hello everybody!


On my 5-year-old MacBook Pro, when Lion came out, I activated FileVault to encrypt my whole drive. Later I updated my system to Mountain Lion and then to Mavericks. I am used to following: When I start my MacBook, I have to enter my (strong) password to decrypt my drive. Then the system boots and I have to enter my (simple) login/admin password, which is different from the one to decrypt the drive. I only have one account on my notebook.


Recently I bought a new MacBook Pro Retina (with preinstalled Mavericks). I decided not to use my entire Time Machine backup but only to copy my most used files in order to have a new, clean system on my new MacBook Retina. Before copying any files I wanted to activate FileVault. But now to my problem: After activating FileVault I realized that the password to decrypt the drive is the same as my admin password. But I would like to have the same behavior as on my old MacBook with two different passwords. How can I achieve this? I hope somebody can help me and that the answer is not: that doesn't work anymore...

MacBook Pro with Retina display, OS X Mavericks (10.9.4)

Posted on Jul 19, 2014 8:33 AM

Reply
7 replies
User profile for user: harryw86
harryw86
User level: Level 1
4 points

Sep 22, 2017 6:08 PM in response to Peppard

Your (forced) convoluted method still works - I just used it in Sierra (thanks!)


This is a good workaround if you need to achieve this end result, but don't want to wipe your system and start afresh.


For those who do want to setup their system afresh there is a simple method (which I've always used) - when setting up OS X afresh, use disk utility (just prior to installation of OS X) to format your disk as Journalled encrypted. This allows you to set a 'strong' password for pre-boot unlocking of the disk. Next, you install OS X and as part and parcel of this you get to set an administrator password which you can make as 'weak' as you desire.


I had to use your method after my usual method as I noted on the filevault page something like 'some users cannot unlock this disk' even though I'm the only user... Curiosity got the better of me and I clicked the associated buttons only to find on my next reboot that not ignoring that little phrase caused my username to be added to the pre-boot unlock page alongside the usual disk unlock bit, which meant that I could unlock the disk with either the weak password or the strong password..... Great. Fortunately a quick Google/DuckDuckGo brought me here and I've avoided having to wipe a system. Hence the thanks!


It's so much more straightforward with Windows - you have your 'strong' Bitlocker password or pin for the pre-boot unlock, and you have your standard 'weak'/less strong Windows login (or whatever other method of the vast array you can use to login these days) for when the system has booted. There's no confusion and no ability to accidentally set them as the same or create any other muddled situation requiring a workaround like what we've had to do. Why can't Apple get something so basic right? Hopefully they don't hamstring us by patching this workaround!

Reply
User profile for user: Peppard
Peppard Author
User level: Level 1
0 points

Jul 19, 2014 11:03 PM in response to Linc Davis

I don't think I did something special. But I had FileVault activated ever since Lion.


So, now I did as you said: I encrypted my drive with FileFault with my personal account, let's call it user1. Then after that, I have created another user (standard account, not admin) with a strong password for the sole purpose of unlocking the volume (as you explained in your post above), let's call this user2. With the command "sudo fdesetup remove -user user1" I ensured, that only user2 could decrypt my MacBook in the pre-boot authentication screen (i.e. the command "sudo fdesetup list" then only listed user2). So far so good. But then at the login screen, user1 and user2 were listed. But I found that quite ugly, as I never would use user2 to login. So I decided to delete user2. Now by typing "sudo fdesetup list" into the terminal, nothing is listed anymore. I restarted my machine and to my great joy I can still only login with the strong password from user2 at the pre-boot authentication screen. But the best: user1 is then the only user listed at the login screen. This perfectly mimics the behavior I wanted.

I don't know if this is a proper solution, but for me it works fine. I hope one understands what I mean, English is not my native language.

Reply

Different FileVault password

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up