FixPedia
macOSHigh

FileVault Key Recovery on macOS: A Complete Guide

This guide explains how to regain access to an encrypted macOS disk (FileVault) if the recovery key is lost. You'll learn where to find the key, how to reset it via Apple ID, or create a new one using Terminal.

Updated at February 16, 2026
15-30 min
Medium
FixPedia Team
Применимо к:macOS High Sierra (10.13) and laterMacBook, iMac, Mac mini with FileVault enabled

Introduction / Why This Is Needed

FileVault is macOS's built-in full-disk encryption feature. It protects your data if your Mac is lost or stolen. However, the Recovery Key is your primary "backup escape route" if you forget your user password or cannot log in.

Losing the key means complete loss of access to data on the encrypted disk. This guide will help you:

  • Find an existing key (if it was saved).
  • Reset the key via your Apple ID.
  • Create a new key using administrative privileges.
  • As a last resort — disable encryption, losing the data.

Requirements / Preparation

Before you begin, ensure:

  1. You have access to another administrator account on this Mac (if possible).
  2. You know the Apple ID that was used on this Mac (especially if the "Save key in iCloud" option was selected when enabling FileVault).
  3. You have an internet connection (for authentication via Apple ID).
  4. macOS High Sierra (10.13) or newer is installed on the Mac.
  5. If the key was printed, locate that paper.

Step 1: Check if the Key is Saved in iCloud or on Paper

Most often, the key is automatically linked to your Apple ID. Try logging in with another administrator. If successful, you can reset the key from System Settings.

If you have a physical printout or a file with the key (usually a 24- or 20-character string of letters and numbers), use it to unlock the disk on the password entry screen.

Step 2: Reset the Key via Apple ID at Boot

If, after restarting, you see a question mark (?) icon or "Reset Password" text on the password entry screen, the key was saved in iCloud.

  1. Click the ? icon or the "Reset Password" button.
  2. In the field that appears, enter the Apple ID and password that were used on this Mac.
  3. If two-factor authentication is enabled, the system will request a verification code sent to your trusted device (iPhone) or via SMS.
  4. After successful authentication, the system will prompt you to create a new user password and, optionally, a new Recovery Key. Write down the new key in a safe place!

⚠️ Important: This method only works if the "Save key in iCloud" option was selected when FileVault was initially enabled. If the key was not saved in the cloud, this step will not work.

Step 3: Creating a New Key via Terminal (If You Have System Access)

If you can log in as another administrator, you can generate a new key without data loss.

  1. Open the Terminal app (/Applications/Utilities/Terminal.app).
  2. Enter the command: 
    sudo fdesetup authrestart
  3. The system will prompt for the password of the administrator account you are logged in with.
  4. After entering the password, the Mac will automatically restart.
  5. After the restart, the next time you log in, the new Recovery Key associated with the account that executed the command will be used.

💡 Tip: To immediately obtain and see the new key, run the command sudo fdesetup -printrecoverykey before restarting. It will print the current (old) key to the console. After authrestart, the key will change.

Step 4: Disabling FileVault (If Recovery Is Impossible)

Attention! This method will destroy all data on the disk. Use it only if the data is unimportant or you have a current backup.

  1. Shut down your Mac.
  2. Turn it on and immediately hold down Cmd (⌘) + R until the Apple logo appears. This boots you into Recovery Mode.
  3. From the "Utilities" menu, select "Disk Utility".
  4. In the left sidebar, select the main volume (usually named Macintosh HD or similar).
  5. Click "Erase".
  6. Crucially: Choose the APFS format (or Mac OS Extended for older systems) and enable the "Security Options" (to overwrite data) if you want to make recovery as difficult as possible.
  7. After erasing, close Disk Utility.
  8. In the "macOS Utilities" window, select "Reinstall macOS" and follow the instructions.

Verifying the Result

  • Successful recovery: You can log in with the new password, and the disk unlocks automatically. Your files are intact.
  • Reset via iCloud: After restarting, you created a new key and recorded it.
  • FileVault disabled: The Mac boots as a fresh system, without encryption and without old data.

Possible Issues

ProblemSolution
No "Reset Password" button or ? icon on the screenThe key was not saved in iCloud. Try Step 3 (access via another admin) or Step 4 (full erase).
sudo fdesetup authrestart command failsEnsure you are logged in with an administrator account. Also, verify that FileVault is actually active (sudo fdesetup status).
Two-factor authentication failsEnsure you have access to the trusted device (iPhone) or phone number associated with the Apple ID. You may need to generate an app-specific password at appleid.apple.com.
System still asks for the old key after authrestartThe command should have restarted the Mac. If you ran it without a restart occurring, the key did not update. Run the command again and wait for the automatic restart.

Final Recommendations

After successfully recovering or resetting the key, immediately create a new secure backup:

  1. Write down the new Recovery Key on paper and store it in a safe.
  2. Save it in a password manager (e.g., 1Password, Bitwarden).
  3. Consider storing the key in iCloud (System Settings → Apple ID → iCloud → FileVault Recovery Key options) if you trust the security of your account.

Prevention: Only enable FileVault if you understand the responsibility of key management. Regularly verify that the key is accessible (System Settings → Security & Privacy → FileVault).

F.A.Q.

Can data be recovered without a FileVault key?
Where does macOS store the FileVault recovery key?
What to do if two-factor authentication is requested when resetting the key?
Can FileVault be disabled if you have neither password nor key?

Hints

Check if you have the key in iCloud or on paper
Reset the key via Apple ID (if the key is in iCloud)
Create a new recovery key via Terminal
Disable FileVault (last resort)

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community