Filevault and default account

Discussion in 'macOS' started by dpo, Dec 16, 2014.

  1. dpo macrumors member

    Joined:
    Nov 18, 2008
    #1
    I've read before that the overall strength of Filevault encryption is to some extent dependent on the complexity of password you use. So I tend to use a pretty robust password when I'm encrypting a drive.

    Whenever I did this in the past I tended to have a few user accounts, but this time 'round I did a fresh install of Yosemite and just had an admin account. I notice that the admin/default account, if there is only one (which I set up with a simpler password) automatically has rights to unlock Filevault at boot time.

    Does anyone have a (hopefully learned) view on whether this compromises FileVault security?
     
  2. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #2
    FileVault only unlocks, when the password for the default admin account is provided. It is possible to set up a different password for FileVault versus the default Apple ID password. However, that requires setting up FileVault after install.

    A weak FileVault password (whether tied to Apple ID or not) does put the information stored on the HD at risk, in my opinion. In light of that, I chose to stay with a 25 character password for my Mac.
     
  3. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #3
    I don't think so. I think the encryption process and the password are two separate things. The latter only allowing you access to the encrypted volume, the former actually doing the encryption.

    It seems silly for apple to release a product that if you use a simple password, it would negate the encryption complexity.
     

Share This Page