FileVault on macOS Tahoe Uses iCloud Keychain to Store Its Recovery Key
13 hours ago
- #macOS
- #Encryption
- #Security
- macOS 26 Tahoe updates FileVault to use iCloud Keychain for storing the Recovery Key.
- FileVault now requires users to manage their Recovery Key more responsibly, with the key being permanently accessible and stored in the Passwords app.
- Previous methods of storing the Recovery Key included writing it down or using iCloud escrow, which lacked strong security.
- Apple's new approach enhances security by using end-to-end encryption via iCloud Keychain.
- Users can now view their Recovery Key at any time without needing to toggle FileVault off and on.
- The Recovery Key can be accessed from other devices if iCloud Keychain is enabled.
- FileVault on Apple silicon Macs encrypts the startup volume by default, with encryption being mandatory and non-disabled.
- The boot process with FileVault enabled presents a login-like screen to authenticate before unlocking the encrypted volume.
- Apple's shift reflects a focus on heightened security and privacy in response to increasing data exfiltration threats.