FileVault 2 - Encrypted Question

Discussion in 'OS X El Capitan (10.11)' started by ghsNick, May 23, 2016.

  1. ghsNick macrumors 68020

    ghsNick

    Joined:
    May 25, 2010
    #1
    Hi All -

    I just encrypted my iMac with FileVault 2 and I noticed something that looked weird. I never noticed my old computer saying "A recovery key has been set."

    Can anyone else confirm this is normal with a screenshot or theirs?

    Thanks!
     

    Attached Files:

  2. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #2
    Normal as on mine, I can't remember if that was by selection in the FV setup process though.

    You don't get a screenshot though, I'm not bothered proving it to you...
     
  3. MRxROBOT macrumors 6502

    MRxROBOT

    Joined:
    Apr 14, 2016
    Location:
    1011100110
    #3
    It is normal. Judging from your screenshot, you elected to allow your iCloud account to unlock your disk.

    [​IMG]
     
  4. ghsNick, May 24, 2016
    Last edited: May 24, 2016

    ghsNick thread starter macrumors 68020

    ghsNick

    Joined:
    May 25, 2010
    #4
    C'mon lol. Yeah, I don't remember the last line about the recovery key on my old iMac but as long as that's normal.

    Looking at the screenshot above it says unlock with iCloud or get a recovery key. Can you see why I'm confused? Because I chose iCloud but it also says a recovery key has been set.
     
  5. MRxROBOT macrumors 6502

    MRxROBOT

    Joined:
    Apr 14, 2016
    Location:
    1011100110
    #5
    If you don't want recovery access, it's best to boot into disk utility and encrypt from there.
     
  6. ghsNick thread starter macrumors 68020

    ghsNick

    Joined:
    May 25, 2010
    #6
    I want Recovery Access - I'm just confused. Is it normal to say Recovery Key set if I chose iCloud as my Recover method?
     
  7. MRxROBOT macrumors 6502

    MRxROBOT

    Joined:
    Apr 14, 2016
    Location:
    1011100110
    #7
    Yes, It's completely normal as you are in fact storing your recovery key with iCloud.
     
  8. NoBoMac macrumors 6502a

    Joined:
    Jul 1, 2014
    #8
    Have not turned on FileVault on a computer since 2012 (13?), so, have not tried the iCloud method.

    But it appears that, yes, iCloud recovery is on. Says can recover via that route, per the dialog.

    Think the dialog box is a little misleading. What is going on, from what I've seen on Apple's support site, there still is a recovery key that is generated for the drive, just that it is stored in iCloud. So, instead of you manually entering the recovery key, FileVault sign-on process extracts it from iCloud.

    In the old days, worked similar in that you had the option for Apple to store the recovery key for you, but, you provided three security questions, that Apple said they only stored the questions for, not the replies. They then took the answers and melded them together to create a key to encrypt the recovery key. If you forgot the EXACT answers when you tried to recover, one was out of luck on getting that recovery key back.

    This method is a little less secure, imo (if someone has access to your machine and knows your iCloud password [or provide a subpoena to Apple]), but easier for people to make their device a fair bit more secure (read: someone steals your device, this secures your data) and recover when something goes wrong.

    ADD: if some concern, can always decrypt the drive and re-encrypt it, to doubly check that you did select iCloud option.
     
  9. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #9
    Just as another data point, I intentionally told it NOT to store the recovery key on iCloud, and you can see how mine looks different than yours.

    It appears both methods are creating a recovery key, just yours is stored in iCloud and mine is not.

    Screen Shot 2016-05-24 at 9.23.36 AM.png
     
  10. ghsNick thread starter macrumors 68020

    ghsNick

    Joined:
    May 25, 2010
    #10
    Thanks guys - that makes sense that a recovery code has been created but it's stored in iCloud and can only be unlocked win that password.

    I encrypted my old iMac and never remembered seeing that last line mentioning a recovery key has been set. That's why I was trying to see if anyone else who used iCloud also had that listed.

    Thanks
     
  11. bookemdano macrumors member

    Joined:
    Jul 29, 2011
    #11
    Well not to throw hot water on this theory but on my 2011 MBA running 10.11.5 I elected to store my recovery key in iCloud but my FileVault tab in Security and Privacy Preferences does not show the "A recovery key has been set." verbiage (see screenshot). So I'm not sure what causes that line to show up.
     

    Attached Files:

  12. Erdbeertorte macrumors demi-goddess

    Joined:
    May 20, 2015
    #12
    @bookemdano

    Do you have Two Factor Athentification enabled? And the iCloud Keychain? Maybe it has something to do with one of those.

    Could be the 2FA had to enabled before turning on FileVault. Someone mentioned the key was the answer to the security questions what you don't need anymore with enabled 2FA. So it might generate another key instead. But I don't know.

    I have 2FA and iCloud Keychain enabled and see that line on my Late 2011 MBP and on my Late 2015 iMac. Can't remember if it had been there before because FileVault was disabled for a while and and I re-enabled it a few days ago.


    Screen Shot 2016-05-25 at 22.58.27.png
     
  13. ghsNick thread starter macrumors 68020

    ghsNick

    Joined:
    May 25, 2010
    #13
    On my old computer I didn't have 2FA enabled and I didn't see the recovery key line.

    On my new iMac 2FA was enabled (actually, 2 Step Verification) and it looks like yours.
     

Share This Page