I enabled FileVault 2 on my Mac, and I remember that it gave me a recovery key. When will I use this recovery key?
MacOS – When will I use the FileVault 2 recovery key
filevaultmacosSecurity
Related Question
- FileVault2: how to use the recovery key when asked for a “Disk Password”
- MacOS – How to update the FileVault 2 recovery key stored in iCloud
- MacOS – Filevault 2 enabled with recovery key linked to Apple ID, can I get the key
- MacOS – Disable user’s ability to change FileVault recovery key
- ICloud – Which FileVault 2 recovery option is more secure – storing the recovery key in iCloud, or saving it somewhere yourself
- Using recovery key on erased FileVault encrypted SSD
- Password reset with Filevault recovery key not working
- macOS FileVault Security – How Does FileVault Generate the Key?
Best Answer
You will need the recovery key to decrypt the volume if you lose your password or, in the unlikely event that the encryption key associated with the password becomes corrupt. If you elected not to allow Apple to store the recovery key, keep a copy (or several) in a safe place other than your computer.
Recovery Keys can also be used by System Administrators to mount volumes for maintenance or recovery. (The Admin doesn't need access to an account password). It is possible to encrypt a FileVault volume using a master key.
Apple's Best Practices for Deploying FileVault 2 white paper provides more information about the inner-workings.