Mojave & Filevault

Discussion in 'macOS Mojave (10.14)' started by Tsimonj, Oct 5, 2018.

  1. Tsimonj macrumors newbie

    Joined:
    Oct 5, 2018
    #1
    I formatted my hard disk as APFS encrypted, then installed Mojave.
    When I did this with High Sierra I was asked for BOTH the disk password and then my login.
    Under Mojave my User login now 'automatically' unlocks the disk (no separate disk password is requested).
    For added security I WANT to be asked for both the Disk password and the user login.
    I assume the disk password is 'stored somewhere in my keychain.
    How do I remove the 'stored' disk unlock password from my account so that I have to use both passwords to unlock my computer?
     
  2. archvile macrumors 6502

    archvile

    Joined:
    Oct 27, 2007
    #2
    I did the same thing, unfortunately it seems FileVault takes over unlocking the disk with your user account once you log in the first time. However, this level of security is fine with me as encryption is encryption and having a 2nd password is redundant if your login password is strong enough.

    Maybe try searching through keychain to see if it is storing the disk password somewhere?

    Also something most people forget - make sure you have enabled a Firmware password in recovery. Otherwise your levels of security are pretty much useless.
     
  3. posguy99 macrumors 6502a

    Joined:
    Nov 3, 2004
    #3
    Pointing out that not having a firmware password doesn't magically unlock the FileVault volume. All it prevents is someone erasing the FileVault volume and reinstalling the OS. Hardly "useless" security, as having FV or not doesn't stop someone from stealing the device from me, so my data is what matters. Not what they might or might not be able to physically do with the hardware afterwards...
     
  4. archvile macrumors 6502

    archvile

    Joined:
    Oct 27, 2007
    #4
    I never said it had anything to do with FileVault specifically. I was referring more to if your computer gets stolen, of course your data would be secured, but the thief could simply wipe the OS (or do a PRAM reset, which for some inexplicable reason still disables Find my Mac) and continue to use it. They won't be able to do either of these with a Firmware password enabled. I was just throwing that out there because I don't think most people use it, as to most people it's "just another password to remember."
     
  5. tkermit macrumors 68040

    tkermit

    Joined:
    Feb 20, 2004
    #5
    Have a look at the man page for fdesetup.

    Code:
    sudo fdesetup remove -user <username>
    should work:


     

Share This Page

4 October 5, 2018