Mac Account Lockout Requiring Recovery Key

If you encounter an issue where a user changed their password recently and they cannot login to their Mac then do the following actions:

  • Log in with administrator account
  • Open the Terminal application (click the magnifying glass in the top right and type in terminal).
    • Remove the account first from Filevault using this command:
      • ​​​​​​​sudo fdesetup remove -user <USERNAME>
      • Type in the administrator password
  • Log out and log back in as admin.  You might be able to skip down to the deprecated commands below, without logging out.
    • Open System Preferences > Privacy & Security > scroll down to "Filevault"
    • Click Enable Users... > put in the Administrator password > Have the user put in their password > Click ok.

Restart and have the user try to log in again - TWICE, to make sure they can log in on their own.


  • Re-add the account using this command:
  • sudo fdesetup add -usertoadd <USERNAME>
    • Hit enter, and type the following for the prompts:
      • Enter the user name: administrator
      • Enter the password for user 'administrator': <ADMINISTRATOR PASSWORD>
      • Enter the password for the added user  <User PASSWORD>
  • Restart the computer and have the user try to login again.


Print Article


Article ID: 158035
Tue 3/26/24 11:12 AM
Thu 5/23/24 10:11 AM