According to Apple's [documentation on Filevault 2] (https://support.apple.com/en-us/HT4790) (emphasis added by me)
Changing your recovery key
In the Security & Privacy system preference, under the FileVault tab, click "Turn Off FileVault" to disable FileVault. After FileVault is off, FileVault will begin to decrypt your drive. Once decryption is complete, you can click the "Turn On FileVault" button. Doing this allows you to enable unlock-capable users. You're also provided with a new recovery key and have the option of sending this new key to Apple. The old key sent to Apple will not be able to unlock your newly-encrypted disk
. If you need to retrieve your recovery key from Apple, only the new one will be retrieved based on the Serial Number and Record Number displayed in the login window.
I think that this might be your answer.
Which would be more secure?
The answer to this can only be determined by you
What you have to do is find the balance between usability and security and that balance can only be determined by what you are comfortable with.
It's not so much where you store your passwords/recovery keys/etc. but how you store them. There are many levels of encryption that you could employ from a basic AES-256 to using Steganography to embed triple encrypted salted and hashed keys.
The more complex you make it, the more secure; the cost being the more inconvenient it becomes to access your data. Likewise, the corollary is also true, the less complex the security, the less secure but the payback is easier access to your data.
So, what you have to do is a simple risk assesment:
- The value of the data to you (i.e. what's it worth to you?)
- The importance of the data (can you live without it?)
- The cost of the data (how much did/would it cost you to (re)create?)
- How accessible do you need it (every day, every year, once in a lifetime?)
Granted, this is a very abridged version, but should suffice for this scenario.
Use the answers to the question to see what makes the most sense keeping in mind that the moment you place the data on someone else's servers (meaning the cloud) you inherently introduce risk into the equation.
Ahh...but with that last statement, you might be thinking "I should store it offline." That's a possibility, but then you introduce the issue of losing your data should you misplace the device (i.e. USB flash) that you placed it on.
What do I do?
My critical stuff is on a USB that is disguised as an innocent looking object. It's backed up to another USB that is placed in a safe in an undisclosed location.
My "not so critical stuff" is encrypted, then put on a cloud provider for ease of access.
But, that's what works for me. YMMV
Best Answer
Yes, it is correct to assume that macOS handles the recovery key internally and securely. There's no need for you to write something down.
In case you need to do recovery because you have forgotten your login password, you can use your iCloud account to unlock FileVault. Just make sure you can remember your iCloud login details!
When you choose to use iCloud as your recovery mechanism, the settings will still show that a recovery key has been setup - so that's perfectly normal! There's no option in the settings to display the recovery key to you.