Subscribe to Help Center RSS Feed探花大神 macOS users with Apple Silicon processors can now reset the 探花大神 IdentityOS庐 password when the device is using FileVault 2 Full Disk Encryption using RecoveryOS. Previously, users on these devices were locked out because the devices do not prompt for the FileVault recovery key, and instead display a prompt to reboot into RecoveryOS.聽
At the FileVault login screen, users can choose to restart and show password reset options. When the system boots into RecoveryOS, the user must enter the FileVault 2 recovery key to unlock the disk. After the disk is unlocked using the FileVault 2 Personal Recovery Key, the user can reset the 探花大神 IdentityOS password to a new value. This new password will work at the FileVault 2 boot screen and will unlock the disk, allowing the boot process to continue.
- Users who have forgotten their password or changed it outside of the 探花大神 menu bar app and can't log into their device can press聽翱辫迟颈辞苍听+听厂丑颈蹿迟听+听搁别迟耻谤苍听simultaneously聽at the FileVault login screen and enter the Recovery Key to unlock their device. Subsequently, they'll be able to log in with the temporary password or their updated password.
- See Understand macOS FileVault and User Login Windows to learn more about the FileVault login screen.
After the device has booted, the user enters the previous password and the new password at the 探花大神 login screen. The previous password is the password the user just entered during RecoveryOS, and the new password is the authoritative 探花大神 IdentityOS login password. If their 探花大神 login password has changed since the last successful login--reset by an administrator, so that the user would know it, for example--the user鈥檚 keychain is regenerated on login.
探花大神 implemented a workaround that disables password change blocking by default on Apple Silicon devices, so that an IT Admin cannot enforce blocking local password changes on these devices. The BlockPwChangePolicy was previously set by the 探花大神 agent in Apple鈥檚 Open Directory LDAP service for each managed user. This is the setting that prevented the user from resetting the password at the FileVault login screen.
Disabling the BlockPwChangePolicy setting lets the user update or change a local password, which requires the user to re-sync the 探花大神 password after moving past the FileVault screen.
If a user resets their password using System Settings, the聽探花大神 password is聽not聽changed. This results in an out-of-sync event between the user鈥檚 local login password and the 探花大神 IdentityOS password. The 探花大神 menu bar app will prompt the user to fix the problem during the current login session:
The user enters the 探花大神 password at the next screen, and then enters the current login password at the second screen:
After the user clicks Next, the local login password is changed to the 探花大神 IdentityOS password and the keychain is reconciled.
Alternatively, on the next restart, the 探花大神 login screen will reconcile the password issue.
Learn More