What to Do If You Forgot Your FileVault Recovery Key for Mac
If you know you have enabled FileVault on your Mac, but you have forgotten the recovery key, you might feel a little panicked. For most users, you can easily recover from this situation; you can generate a new one.
In this article, we’ll tell you a little about FileVault, the FileVault recovery key, when you might need to use the recovery key and what to do if you have forgotten it.
What FileVault does on your Mac
FileVault is used to encrypt your startup disk with XTS-AES-128 encryption and uses a 256-bit key. This helps keep your data safe. Having your disk encrypted makes it very difficult for unauthorized users to access the information on the disk.
When FileVault is enabled, the disk will not complete the startup process until a user has entered their login password.
Where to find the FileVault recovery key
The recovery key is generated when you enable FileVault. The idea is that you will write it down somewhere safe in case you need it in the future. You can’t find it on your Mac (unless you saved it in a file somewhere). It is also not saved in iCloud anywhere. When you enabled FileVault, you chose to allow either your iCloud account or a recovery key as a way to recover disk access in case you forgot your Mac user password.
If you have lost your recovery key but can log in to your Mac user account, you can generate a new recovery key.
How to use a FileVault recovery key
You shouldn’t have to use your FileVault recovery key; it is used to recover your data if you forget your Mac user login password. So long as you know your user password, you won’t need to use the recovery key.
If you have forgotten your Mac user password
You can use the FileVault recovery key to regain access to your Mac and its data. If you have forgotten your Mac login password, you can use your Apple ID and password or your FileVault recovery key to reset your login password. For more on how this works, see If you forgot your Mac login password.
What to do if you forgot your recovery key
If you chose to use iCloud when you set up FileVault, you don’t have a recovery key. In this case, you can use your iCloud account to recover access to the data on your Mac.
If you chose to create a recovery key but have since forgotten it, you can turn off FileVault and then turn it on again to create a new key. For this, you will need your user login password.
How to turn off FileVault
macOS Ventura or later
- Open the Apple menu from the top menu bar and select System Settings.
- In System Settings, click on Privacy & Security in the left sidebar.
- Scroll down to find FileVault under the Security section.
- Click on Turn Off. Click Turn Off Encryption.
- The decryption process can take a while. You can still use your Mac during this time.
macOS Monterey or earlier
- Open the Apple menu from the top menu bar and select System Preferences.
- In System Preferences, click on Security & Privacy in the left sidebar.
- Click on the FileVault tab, then click the lock and enter your (admin) password.
- Click on Turn Off FileVault. Click Turn Off Encryption.
- The decryption process can take a while. You can still use your Mac during this time.
After you decrypt your disk, you can re-enable FileVault.
How to enable FileVault
Know that you will need either your user password or the recovery key to access your data. If you forget both, your data may be lost. You also have the choice to use your iCloud account instead of a recovery key.
macOS Ventura or later
- Open the Apple menu from the top menu bar and select System Settings.
- In System Settings, click on Privacy & Security in the left sidebar.
- Scroll down to find FileVault under the Security section.
- Click on Turn On. See below for more on the choice between using your iCloud account or using a recovery key in the event you forget your user password.
- The encryption process can take a long time, and once the process begins, you can’t turn it off until it is finished. You can still use your Mac during the process.
macOS Monterey or earlier
- Open the Apple menu from the top menu bar and select System Preferences.
- In System Preferences, click on Security & Privacy in the left sidebar.
- Click on the FileVault tab, then click the lock and enter your (admin) password.
- Click on Turn On FileVault. See below for more on the choice between using your iCloud account or using a recovery key in the event you forget your user password.
- The encryption process can take a long time, and once the process begins, you can’t turn it off until it is finished. You can still use your Mac during the process.
When FileVault is enabled, it is enabled for all user accounts on your Mac.
Choose iCloud account and password or recovery key
When you set up FileVault, you are given a choice between:
- iCloud account and password: If you choose this option, you won’t get a recovery key. You will just use your iCloud account information to recover access if you forget your Mac user password.
- Recovery key: If you don’t use iCloud, you can choose to get a recovery key. You will only need this recovery key if you forget your Mac user password. You will need to write this key down or copy it and keep it on another device.
Related articles