UPDATE: 05/16/19 – 10.14.5 Update fixes this issue
As noted above this issue is now fixed in macOS 10.14.5. You can read on if you are interested in how this all went down.
I have been testing the new password fixes/changes in macOS Mojave 10.14.4. You can see the changes in the “What’s new in the updates for macOS Mojave” support document. What I found was, the 10.14.4 Update breaks local account password reset when using the FileVault Recovery Key.
I wrote about how Apple fixed mobile password syncing issues on how 10.14.4 fixes Mobile Account Password syncing issues in 10.14.0-10.14.3. This was a huge win for Active Directory Users. We finally have a functioning password change system in place. I found this problem while testing these new fixes. Instructions for this procedure are listed in this Apple Support Document.
Let’s confirm this on 10.14.3 and 10.14.4
I setup a fresh 10.14.4 (18E226) system, created a local account and then enabled FileVault. I then performed the following test.
- Boot system – Select user
- Click the ? Button so I can enter the recovery key.
- The system will now boot to the login window
- You will see the username filled in with your username with the password reset window.
- Type in a brand new password and then hit “Reset Password”
- The window thinks for a second then shakes you off.
- The password is not changed.
Performing the same test on 10.14.3 (18D109) worked as designed. After clicking “Reset Password” the system accepts the new password then logs you in.
Workaround: resetpassword in Recovery
Good thing is, the resetpassword application in the recovery partition still works.
1st way to reset your password. Boot to Recovery
Boot your Mac holding Command R to boot the Mac into the Recovery Partition. Once in click Utilities from the Menu Bar then select Terminal. Once in type in resetpassword, then follow the instructions.
Note: If you have a T2 Mac, this option requires that you have a SecureToken Admin on the system to access the Terminal.app.
2nd way to reset your password, the FV2 Screen.
You can trigger the 2nd way at the FV2 login window.
- Wait up to a minute at the login screen, until you see a message saying that you can use the power button on your Mac to shut down and start up again in Recovery OS. If you don’t see this message, FileVault isn’t on.
- Press and hold the power button until your Mac turns off.
- Press the power button again to turn on your Mac.
- When the Reset Password window appears, follow the onscreen instructions to create a new password.
If you would like to follow Apple’s instructions on how to reset local account passwords you can visit this Apple Support Article.
“Radar or it didn’t happen”
This was a really great quote from Jason Broccardo @zoocoup. Filing bugs and tickets is a really important task for MacAdmins. Apple rates issues by the number of reports/tickets they get for each issue. If this feature is important to you please do the following.
File this issue as a bug to bugreport.apple.com
Then open up an Open Radar on openradar.appspot.com. This will help with tracking and you can let others know about the issue. (This site is not affiliated with Apple Inc.)
File an Apple Care Enterprise ticket if you have an account. https://www.apple.com/support/enterprise/
You can also dupe the radar that I submitted. https://openradar.appspot.com/50005199
A similar problem shows up for password recovery in version 10.14.6
It allows password resetting but the reset password does not work.
This is devastating as the only solution seem to be returning to the previous version 10.14.5
Paul,
Could you tell me the steps you took to test and what BuildVersion of 10.14.6 you are testing on? I attempted to reproduce this on 18G84 and password reset worked ok for me. LMK
what about Macs with T2 chips? this seems to be a problem…
Hello greenman,
You will find unique challenges if you have Macs with the T2 Chip. In this situation when it comes to broken Local Account password resets with the Personal Recovery Key in 10.14.4 it affects both T2 and Non T2 machines.