Resetting an Account Password Using an Alternate Authorized Account

You can use this method to access encrypted data if more than one account is authorized to unlock the drive.

1. Restart the target computer.

2. When prompted with the FileVault pre-boot screen, enter credentials for a secondary authorized account.

3. Make sure that you are logged in as an administrator.

4. Open System Preferences and click Users & Groups.

5. If needed, click the lock and enter your password to make changes.

6. Select the primary account in the sidebar and click the Reset Password button.

7. Enter a new password, and then enter it again to verify it. Then, click the Reset Password button.

You can now recover data by restarting the computer and entering credentials for the user’s account when prompted with the FileVault pre-boot screen.

Decrypting a Drive Using an Alternate Authorized Account

You can use this method to access encrypted data if more than one account is authorized to unlock the drive.

1. Restart the target computer while pressing Command + R.
   This boots the computer to the “Recovery HD” partition.

2. Open Disk Utility.

3. From the menu bar, choose File > Unlock “Macintosh HD” or File > Turn Off Encryption.

4. Enter the password for the alternate authorized account.

The system begins to decrypt the drive. The computer can be used normally during decryption.

To view the decryption status, open System Preferences and click Security & Privacy. Then, click the FileVault tab.

After the drive is decrypted, you can recover data using the command line.

Decrypting a Drive Using the Recovery Key

Use this method to access encrypted data if only one account is authorized to unlock the drive.

Note: If you used an institutional recovery key with the private key, and you no longer have the keychain, you need to download the RecoveryKey.p12 file from the JSS and convert it to a .keychain file. For instructions, see the following Knowledge Base article:
Converting a RecoveryKey.p12 File to a FileVaultMaster.keychain File

1. Restart the target computer while pressing Command + R.
   This boots the computer to the “Recovery HD” partition.

2. Open Terminal.

3. Unlock the recovery key by executing a command similar to the following:

   security unlock-keychain <path to the secure copy of the 
   FileVaultMaster.keychain file>

4. Locate the Logical Volume UUID of the encrypted disk by executing:

   diskutil cs list

5. Unlock the encrypted drive with the Logical Volume UUID and recovery key by executing a command similar to the following:

   diskutil cs unlockVolume <UUID> -recoveryKeychain <path to the secure copy of the FileVaultMaster.keychain file>

6. Turn off encryption by executing a command similar to the following:

   diskutil cs revert <UUID> -recoveryKeychain <path to the secure copy of the FileVaultMaster.keychain file>

After the drive is decrypted, you can reset the account password using the Reset Password utility and recover data by simply logging in to the user’s account. Or, you can recover data using the command line.

1. Restart the target computer while pressing Command + R.
   This boots the computer to the “Recovery HD” partition.

2. Open Terminal and launch the Reset Password utility by executing:

   resetpassword

3. Use the Reset Password utility to reset the account’s password.

4. Restart the computer and log in using the new password.