How to Use FileVault Without a Secure Token
What is FileVault?
FileVault is Apple's disk encryption app first added in Mac OS X 10.3 and all newer version. It executes immediate encryption with volumes on Macs. The original FileVault was introduced with Mac OS X Panther but it was frankly bad. FileVault 2, first released with Mac OS X Lion, was a significant improvement. Beginning with macOS 10.13 (High Sierra), the user must have a so-called Secure Token to enable FileVault.
I lost my Secure Token and I can't enable FileVault. What do I do?
Before we get started you need to check that FileVault still can't be enabled. A friend's iMac was similarly missing a secure token, and FileVault just couldn't be enabled. However, several months have passed since then and now it's available again. Perhaps one of the numerous Mojave updates has taken care of that issue.
Rich Trouton posted an inventive solution at his Der Flounderfor website. Unlike before, you can now reset the password for all existing accounts through a Terminal command initiated in macOS Recovery. This is a big deal because previously you'd have to basically erase everything on the drive to enable Apple’s full-disk encryption if it wasn't working. Trouton's method is not hard to execute and it far less destructive than the so-called nuclear option.
How to enable FileVault by resetting the passwords for all existing accounts.
- First, you must restart your Mac and press down Command-R to open up the macOS Recovery.
- Find the Utilities menu and press "Terminal".
- Enter the command "resetFileVaultpassword" and select "Return".
- You'll see the Reset Password dialog box, set a new password for every macOS account on the computer. Note: you can reuse your current password if you wish to.
- Once you're done changing the password(s), you should press "Restart" if you're using a single account or "Next" if you have multiple accounts on your Mac computer.
- After your macOS boots, enter the "Security & Privacy" preference panel and select the FileVault tab.
- Press on the lock at the lower-left corner of the panel and type your administrative password.
- Click the "Turn On FileVault" button.
Your FileVault encryption will be fully enabled after following the steps above.