FileVault-enabled MacBook asking for old password after resetting via 'resetpassword' in recovery mode

codedil wrote:

Hi @Barney-15E ,

I am not sure what's your intentions here but you are definetly not helping. Please try to ignore if you don't / can't understand the issue that one is trying to highlight let alone the pain or the difficulty one had to go through. Thank you.

I understand it completely. You don’t. I’m not sure why. It has been explained over and over. Since “resetpassword” doesn’t have any authorization mechanism in place, resetting the password that way will not change the FireVault password nor will it unlock the keychain of that user. Both of those would be a security failure of epic proportions.

If you enabled FireVault without creating a recovery key or tying it to your Apple Account, there is no way to recover the password. Again, being able to recover a password implies the security of the host is weak if not insecure. A secure system should never record your password. It should create a hash and record that. You cannot derive the original information from a hash.

If you did not enable FileVault and you can manage to reset your password to one it recognizes, that will likely decrypt the drive. If you can no longer enter Recovery to try to reset the password again, there is nothing else to do. Your data is hopelessly locked away.

If your Mac is from prior to 2018, then the data is not encrypted unless you enable FileVault.

You want magic to happen. The magic you seek was a backup, or a Recovery key, or linking your FileVault password to your Apple Account. You failed to prepare for disaster in every way.

codedil wrote:

I see you don’t have any ideas on how Apple could have prevented you from getting here without reducing security. What is it you propose Apple do going forward ?

Exactly @Barney-15E , that is kind of what we have been trying to highlight. I have been proposing it should have warned/stopped user , it's in the best position know if user is entering a flow where there is no way out.

And what were you going to do when it told you there was no way to recover that data and you would have to erase and start over? That’s about the only warning they could give you. If that’s what you want tell Apple again we can do nothing about it.

There is no solution to losing your FileVault password without establishing the recovery procedures offered when it is enabled.

What you were asking for already exists, but you failed to do that. There is nothing that’s going to change your situation regardless of what warnings they provide to you.

But no matter what we propose the big dissapointment here is, seems Apple just not providing a way where someone from Apple can acknowledge the issue/proposal - it could be either accepted, rejected after they evaluate but the fact that it's so hard to reach the technical team or get a written reply from Apple team is dissapointing to say the least.

There is really no way to contact the “technical team“ at Apple. Occasionally, if you provide feedback to which they want more information, someone will contact you and ask more questions or get clarification, but that won’t be the technical team.

You may believe that Apple should work in a different way, but they seem to be making a lot of money doing it the way they do it right now. They have worked that way for over 40 years now.

codedil wrote:

FileVault was enabled and FindMyMac was not enabled.  

It appears that you have forgotten your FileVault password. This is much more serious than forgetting a user login password, for which there are various solutions.

Apple's documentation warns about this and offers two methods to protect against a user forgetting their FileVault password: Protect data on your Mac with FileVault - Apple Support

See especially the sections I put in BOLD below:

Protect data on your Mac with FileVault

If you have a Mac with Apple silicon or an Apple T2 Security Chip, your data is encrypted automatically. Turning on FileVault provides an extra layer of security by keeping someone from decrypting or getting access to your data without entering your login password. If you use a Mac that doesn’t have Apple silicon or the T2 chip, you need to turn on FileVault to encrypt your data.

To set up FileVault, you must be an administrator. When you turn on FileVault, you choose how you want to unlock your startup disk if you ever forget your password:

• • iCloud account and password: This choice is convenient if you use iCloud or plan to set it up—you don’t need to keep track of a separate recovery key.
  • Recovery key: The key is a string of letters and numbers that’s created for you—keep a copy of the key somewhere other than your encrypted startup disk. If you write the key down, be sure to exactly copy the letters and numbers shown. Then keep the key somewhere safe that you’ll remember—but not in the same physical location as your Mac, where it can be discovered. If your Mac is at a business or school, your institution can also set a recovery key to unlock it.
  • WARNING: Don’t forget your recovery key. If you turn on FileVault and then forget your login password and can’t reset it, and you also forget your recovery key, you won’t be able to log in, and your files and settings will be lost forever.

Apple is very serious about the above, when they say "lost forever" they do mean that, hence they provide two ways to prevent this from happening. I am surmising you did not set up either of those two options to mitigate a forgotten password. The third option of course is maintaining complete and redundant backups of all files (I think you indicated you do not have a backup either).

I will not lecture you here, but as an engineer I do know when to recognize that something is physically impossible. Decrypting a FileVault protected solid state drive is, I believe physically impossible, not just for the user or for Apple, but also for any number of government agencies that specialize in such things.

This is why I do not use FileVault for my personal Macs. I also have at least 4 backups stored in various different secure locations.

My employer requires FileVault on all its Macs. But these are also "managed" Macs and the employer maintains its own "key" for each and every one of its Macs because employees do these things like forget their FileVault passwords.

I think what everyone is trying to tell you here (including Apple itself) is that without one of those two "forgot FileVault password" options, there is actually no known way for anyone to mitigate this.

Usually when a disaster like this happens, the user does eventually recover some of their files through:

• cloud storage (do you have Photos in iCloud, Messages in iCloud ...)
• emails and text messages sent to others with attachments, e.g. photos, videos ... these can be recovered from those others
• other copies made to external media or other cloud services (Dropbox ...)
• files, photos, videos on your iPhone or other cell phone, or other devices (tablets, even Apple Watch ...)

I would encourage you to explore the above to see what can be recovered.

Apple silicon M1 has Secure Enclave (analogous to the Apple T2 security chip), and storage is always encrypted.

You can control that encryption with your own password via FileVault, or can use the default setup.

Volume encryption with FileVault in macOS - Apple Support

Here? Erase it, and restore your backup: FileVault recovery options - Apple Support

codedil wrote:

Until now I was little uncertain/skeptical that if it had asked me for it and had i enabled it. But now that there is confirmation, I am mostly certain that i wouldn't have enabled it explicitly. Now that makes me question again - what is this 'Activate Mac' screen that i am seeing/stuck with ? What's the guarantee that i will not be presented with this say if i choose to go ahead with the erase mac option ?

I doubt you can erase your Mac due to that "Activate Mac" screen. Are you not seeing that as you boot into Recovery Mode?

I think you will need to perform a DFU Firmware Restore which will reset the security enclave chip, system firmware, and internal SSD (destroying all data on the internal SSD) as well as pushing a clean copy of macOS onto the internal SSD (M-series Macs only......Intel Macs you will need to then reinstall macOS through Internet Recovery Mode). You can first try a DFU Firmware Revive which resets the security enclave chip and system firmware....it should leave the data on the internal SSD intact as long as the process completes successfully.

Unfortunately the DFU Firmware Restore requires access to another Mac currently running macOS 15.x Sequoia (once macOS 26 Tahoe is released, then a Mac running Tahoe will be required). The instructions must be followed exactly in order to put the "broken" Mac into DFU Mode.

If the DFU Firmware Restore fails to apply or does not fix the problem, then most likely there is a hardware issue with the Logic Board on your laptop.

Firstly, there is still no clarity why I have ended up here - is it because of the filevault ? is it because of something else ? ( to repeat what i did : all i did was to follow the 'resetpassword' instructions in recovery mode because i wasn't getting the reset options in login window )

There are multiple things that could cause an issue like this....no I'm not sure exactly what those things could be. If the OS has an issue....usually with the admin user account, or an issue with the security enclave chip, then you may encounter this issue. With the Intel Macs with the T2 security chip, I have seen multiple instances where it was impossible to authenticate to the T2 security enclave chip even though macOS itself was still able to boot normally.

You have to keep in mind that the security enclave chip is the heart of the 2018+ Macs. The security enclave chip has ties to all a lot of the hardware to make it extremely difficult for any nefarious people to access the data on your Mac. This does have the downside of making things more difficult for the regular user as well and it also makes it more likely that something will go wrong. If the security information within the security enclave becomes corrupt or damaged, then it can become impossible to authenticate. This is also complicated by requiring at least one macOS admin user account being active & accessible.

You think the "resetpassword" caused the problem. Perhaps the login issue which required you to reset the password is actually where the problem began, but you just didn't know it at the time thinking you had forgotten the password. If there was an actual issue with logging into your macOS user account during a normal boot, then that same issue may be why you are encountering the "Activate Mac" screen because something went wrong with the macOS admin user account and/or the security enclave chip.

FYI, it is nearly impossible to figure out what went wrong. Partly due to the enhanced privacy & security features of these 2018+ Macs, and partly due to macOS itself which does not lend itself to troubleshooting these types of issues.....plus Apple doesn't really provide enough low level details on the whole security enclave implementation & authentication.

You may want to consider keeping a second macOS admin user account on your system.

And make sure you always have frequent and regular backups since there is usually no way to recover data from the internal SSD of the recent Macs due to all of the hardware, software, and security changes even if a professional data recovery service is used.

I still feel this defenitely needs some digging or at least an explanation from Apple side. But i am just not able to find a way how to do that. No way to appraoch them. It's frustrating.

You will not get such an explanation. Apple does not like communicating with users, plus there really is no way to know what happened here. The best you will get are the contributors' best guesses about what may have occurred here.

The best you can do is leave product feedback here (hard to say if this is a hardware issue or a software issue....may be a bit of both):

Product Feedback - Apple

And contacting Apple corporate to let them know about your experience with this incident and your dissatisfaction:

Contact - How to Contact Us - Apple

I have been asking these from official Apple Support , but they are just book readers or process followers not doing anything apart from suggesting that only option is to erase and proceed.

That's the way they are... little more than Support document readers and regurgitators. We can do that on our own. In rare cases, you can escalate a concern to a more engaged representative, but they're even more put upon.

By default, the FileVault encryption password is set to your login password, but there is no requirement for them to remain the same. Arguably, that adds a layer of defense, but it also adds a layer of inconvenience that you don't want.

Resetting a login password through the Recovery Terminal command "resetpassword" remains for older Macs and is less than ideal for the reasons you described. The "right" way to do it is to follow these more recent instructions: If you forgot your Mac login password - Apple Support

If they appear, "Use the reset options in the login window" will synchronize the FV password. The reason that document describes if you see this or if you see that is due to the many hardware differences and as many macOS versions it needs to incorporate.

Given your present circumstance I think what you need to do is turn off FileVault, thereby removing its encryption password, followed by turning it on again.

Turn off FileVault on Mac - Apple Support

Protect data on your Mac with FileVault - Apple Support

That assumes you have no Time Machine backup to restore, and you didn't indicate that possibility. If you have that TM backup, restoring it would be ideal.

Restore your Mac from a backup - Apple Support

Back up your files with Time Machine on Mac - Apple Support

Then, reset the password "the right way".

codedil wrote:

i have tried the 'resetpassword' option through the terminal in recovery mode

FileVault was enabled and FindMyMac was not enabled.  

My compalin is, it let me reset it and after i restarted the mac it's asking for the old password.

[Re-Titled by Moderator]

Original Title: Macbook let me reset my password, but asking for the old password after restarting

The 'resetpassword' is for Admin password

The filevault password is different or can be differnt then admin password...

do you have FileVault Recovery Key?

verify FileVault status from Terminal.app copy and paste:

fdesetup status

verify if FileVault Recovery Key current

From the Terminal.app copy and paste;

sudo fdesetup validaterecovery

“Enter the current recovery key:” type or paste in the Recovery Key and press ENTER\Return key to continue

(note: your psswd will not echo on screen type it in anyway, use the enter\return key to proceed.)

if you forgot Admin password—

If you forgot your Mac login password

https://support.apple.com/en-us/HT202860

Reset your Mac login password - Apple Support

Mac User Guide - Apple Support

If you can't reset your Mac login password

https://support.apple.com/en-us/HT212190

a Firmware password is something again different...if you set one.

If you forgot your firmware password

If you can't remember your firmware password, schedule an in-person service appointment with an Apple Store or Apple Authorized Service Provider ( Find Locations )

Bring your Mac to the appointment, and bring your original receipt or invoice as proof of purchase.

As for (1) consider it done. Many of this site's participants have knowledge that exceeds that of any Apple Support representative. Decades worth.

To their credit, Apple knows it.

Apple isn't holding anything back. The Support documentation is all-inclusive. There is no benefit for them to omit anything that could help you out of your situation. They are motivated to make it unnecessary for you to call their AI-bots, and so they devote a lot of effort to address everything that can be addressed in their online support and documentation. If that fails they make this site available, and here you are. It's working.

2: I won't dissuade you from contacting Apple again and insisting. Their AI-powered assistants will be exceedingly patient kind and polite as they explain to you that which you already know.

What I'm not certain of is how much you will have to pay them to do that. Maybe nothing. It's your time though, so go ahead.

3: Apple doesn't have your data. They're not interested in it. Only you can decide on its value, and if it's important then they offer Time Machine. It's been included with macOS for decades, and it's free. All you need to do is use it.

I am stuck on this 'Activate Mac' screen. Let me share a screenshot so that you will get an idea -

That’s not related to FileVault. It needs a password for an account on that Mac in order to continue.

If that doesn’t accept your new password, I would try resetting the password again. I have no idea how futile that will be.

Resetting with ‘resetpassword’ won’t reset the FileVault password as that would render FileVault completely useless. The whole point of FileVault is to prevent anyone from getting the data without the password.

No one, including Apple, has any ability to retrieve decrypt or otherwise recover FileVault encrypted data, despite concerted efforts and overt threats from various law enforcement agencies and governments around the world that would very much prefer otherwise.

FV encrypted data are utterly useless to anyone without its encryption password.