Some encrypted backups display username as [Update Needed] when booting

[jmsgwd]

Quote:

Originally Posted by dnanian

I don't know if it will do that.

From my experience it DOES do that - but only on some of my drives, not others.

That is, some of my drives exhibit the desired behaviour (boot first into the FileVault unlock prompt, followed by the OS X login screen), while others go straight to the OS X login screen with "[Update Needed]".

Why this happens I'm still trying to figure out. I'll do some further investigation and report back.

Quote:

Originally Posted by dnanian

my suggestion would be to use a stronger passphrase as your password.

This is not an option since my Mac is used by multiple users, and I've already maxed out on the password complexity that the other users are willing/capable to accept.

The reality is that OS X passwords that are used multiple times a day - including every time you switch users - can NEVER realistically be as strong as the kind of passphrases you can consider using for FileVault-encrypting a drive that is used only for backup.

This is because the latter only need to be used in a backup test or restore scenario - so they can be ultra-strong, long, randomly-generated passphrases such as "%JHgTil#=qH1j.d6.Ak8t`3C" - which you can store in your credential vault and forget about. Believe me, you wouldn't want to type these in every day!

If your backup drives are taken outside your home, transported, and stored in various locations, I think it is quite a legitimate requirement (for some users) that the backup drives are only decryptable with a very strong passphrase, and NOT with the (necessarily weaker) OS X passwords.

[dnanian]

OK - if it does do that, then I'd suggest trying what I said. If you can set the source to prompt the way you want, the destination will too: but I'd create the recovery volume as well, as I indicated in the previous reply.

[jmsgwd]

Quote:

Originally Posted by dnanian

If you can set the source to prompt the way you want, the destination will too

Just to be clear, I am not trying to get the destination and source to prompt the same way.

The source (system drive) was set up to use FileVault in the normal way, by going to System Preferences > Security & Privacy > FileVault > Turn On FileVault. This means it can be booted up using the password of any of the OS X accounts alone. This is perfectly acceptable to me since the Mac does not leave my house (in fact it's a requirement, because the Mac may need rebooting at any time by another user when I'm not there).

However, the destination (backup drive) is set up a different way: by going to Disk Utility > Erase > Format: Mac OS Extended (Journaled, Encrypted) > Erase, entering a super-strong, random passphrase, and then using SuperDuper to clone using "Erase then Copy" (although subsequent backups can use Smart Update).

Following this, I want the backup drive to require the super-strong, random passphrase in order boot up - before it prompts for any OS X account logins - whereas the system drive should only requires the OS X account logins.

So, I am actually trying to get the destination and source to prompt differently. And it makes sense that they do prompt differently, because they were set up differently.

However I have just made a discovery!

I just tried re-building a backup drive from scratch, exactly as described above, and then I tried booting from it. As before, it booted first to an OS X login screen with just 2 users, one called "[Update Needed]" and the other "Guest".

However, this time I tried selecting the "[Update Needed]" user, and then entering the super-strong, random passphrase that I'd originally used to encrypt the drive in Disk Utility, and it worked! More specifically, a progress bar appeared for quite a while (presumably that's when it was decrypting the drive), and then a spontaneous reboot, then I selected "[Update Needed]" again and then entering the super-strong, random passphrase a second time, and then a different OS X login screen appeared, this time with all my usual OS X accounts - and I was finally able to login to OS X on the backup drive normally.

Based on this experience, it seems to me that the "[Update Needed]" is just OS X's way of saying, I have boot drive encrypted with a password that is not associated with any username, so I'll prompt for it, but I don't know the username so I'll display it as "[Update Needed]". The reason the password is not associated with any username is because it's the one I typed in to Disk Utility to format the partition.

I still don't know why (I think) some of my drives had the "Enter a password to unlock the disk ... [Unlock / Cancel]" prompt instead.

But now I think that OS X login screen with the "[Update Needed]" user is actually achieving exactly the same thing as the "Enter a password to unlock the disk ... [Unlock / Cancel]" prompt, just in a different way.

So now I'm happy that it is basically behaving as I want.

[dnanian]

I don't know why either, but I'm glad it worked for you!