Recover a Password Using the FileVault Recovery Key

This article outlines how to use the recovery key to decrypt the macOS partition. This is helpful with account lockouts when FileVault is enabled.



This workflow is only supported on Intel-based Macs. M1 does not support this recovery method. For M1 workflow, see Resolve Lockouts on Apple Silicon Macs.

Retrieving the Recovery Key

To retrieve the recovery key:

  1. Log in to the JumpCloud Admin Portal:
  2. Go to DEVICE MANAGEMENT > Devices
  3. Under Devices, select the relevant device.
  4. Select the Details tab, then click view key.

Decrypting the Disk with the Recovery Key

Network connectivity doesn't start until the disk has been decrypted. A hardwired network connection may be required to connect to the internet after decrypting FileVault, as Apple doesn't provide a way to connect to a wireless network at the login screen.

To decrypt the disk using the recovery key:

  1. Start the device.
  2. Select the user. 
  3. In the Enter Password field, select ? on the right-hand side.
  4. Click …reset it using your Recovery Key. This will not reset your password.​​​​​
  5. Enter the recovery key. Hyphens are automatically applied.
  1. Press Enter.
    1. The hard disk will now decrypt and network connectivity will be restored.
    2. Depending on the OS version, you will either be shown a password prompt for the user or show all active users.

User Authentication

To authenticate the user:

  1. Wait for the JumpCloud agent to check in. This happens in near real-time, but could take a few minutes.
  2. Enter the user’s current JumpCloud password to log in.
    1. If the password has changed, you will be prompted to enter the Old Password and Current Password to complete the sync.
  3. The user is logged into their account.

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case