Home > FileVault 2, Mac administration, Mac OS X > Stopping your Mac from booting to the FileVault 2 Reset Password wizard

Stopping your Mac from booting to the FileVault 2 Reset Password wizard

When a FileVault 2-encrypted Mac sits for more than a minute with an account selected at the FileVault 2 pre-boot login screen, a message like the one below should appear:

If you’re having a problem entering your password, press and hold the power button on your Mac to shut it down. Then press it again to start it up in the Recovery OS.

Screen shot 2015 01 15 at 1 40 50 pm

If the instructions are followed, the Mac will boot from the Mac’s recovery partition on the next startup and go into a FileVault 2 Reset Password wizard.

Screen Shot 2015 05 27 at 7 58 05 AM

In the Reset Password wizard, there are currently three options available.

  1. I forgot my password
  2. My password doesn’t work when logging in
  3. My keyboard isn’t working when typing my password to login

However, if you don’t want or need to use the Reset Password wizard, there’s not an obvious way to get back to the FileVault 2 pre-boot login screen. There’s no visible way to quit, and rebooting the Mac using the power button will return you to the Reset Password wizard.

Thanks to research by the folks in the ##osx-server IRC room, it looks like there’s a relatively straightforward way to reset the boot process:

  1. While booted to the initial Reset Password wizard screen, press and hold the power button on your Mac to shut it down
  2. Reset NVRAM
  3. Once the NVRAM reset procedure has been completed, let the Mac boot.

At that point, you should be taken to the FileVault 2 pre-boot login screen instead of the Reset Password wizard.

Screen Shot 2015 05 27 at 8 05 49 AM

Credit to arrose in the ##osx-server IRC room for figuring this out.

Update 5-28-2015: As elvisizer mentioned in the comments, there is also the option of revealing the hidden menu at the top of the screen and using the Startup Disk preferences to select your hard drive and reboot back to FileVault 2 pre-boot login screen. Since this is easier to show rather than explain, I’ve made a short video of the process.

Note: The password used to unlock the drive in the Startup Disk preferences can be the password of any account that appears on the Mac’s FileVault 2 pre-boot login screen. If you can log in at the pre-boot login screen, you should be able to enter your password to unlock.

  1. May 27, 2015 at 2:02 pm

    NVRAM reset is what I’ve been doing to get around this with my end users. I wish there was a way to turn this feature off for mobile accounts… -_-

  2. elvisizer
    May 27, 2015 at 2:22 pm

    You can get out of this from the reset password wizard’s GUI, too. The reset password application is running in full screen mode. Mouse up to the top of the screen, and the menu bar will appear. Click on the Apple menu, click ‘choose startup disk’, and you’ll get the Recovery HD-style startup disk control panel. Choose your normal startup disk, give it your password, and click restart and the mac will boot normally again.

  3. May 27, 2015 at 5:06 pm

    Is there a way to prevent the reset password option? It seems like a very easy way to subvert the purpose of file vault. Example being I lose laptop, someone boots into reset password for admin, or any account, reboot and they have access to an unencrypted hard drive.

    • May 27, 2015 at 5:35 pm


      You would need to already have the password of an account which is authorized to unlock the drive before you could reset any account’s password using the Reset Password wizard.

      Without the encryption being unlocked first, there’s no access to the OS, account information or anything else on the encrypted boot drive.

      If you want more information on how the Reset Password wizard works, I have a post available here:


  4. Andreas
    May 27, 2015 at 9:42 pm

    Macs do not have Wizards.
    Macs have Assistants.
    Wizards and their evil Magic are for Windows …

  5. August 11, 2015 at 4:31 pm

    thank you for this, this actually saved me twice today!

  6. Walter
    October 30, 2015 at 5:55 pm

    Anyone figure out a way to disable this completely? We use directory accounts so the password reset is useless. Secondly, we do not want our users decrypting their hard drives! Seems like a really ridiculous option to have available.

  7. Anna
    May 19, 2016 at 2:08 pm

    Thank you! You saved my day.

  8. September 9, 2016 at 2:17 pm

    Boom! Boss 16,500 kilometres away and I got him fixed in under five minutes!

  9. Andy May
    October 5, 2016 at 6:14 pm

    Thanks! has anyone found a way of blocking this ?
    In testing i just used a non admin active directory user account to reset the password for the local admin account, not good….

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: