Generate Apple Id Recovery Key

admin

These advanced steps are for system administrators and others who are familiar with the command line.

  1. Generate Apple Id Recovery Key Download
  2. Apple Id Generate New Recovery Key
  3. My Apple Id
  4. Apple Password Recovery Key
  5. Apple Id Generate Password

Create a FileVault master keychain

  1. Open the Terminal app on your Mac, then enter this command:
  2. When prompted, enter the master password for the new keychain, then enter it again when prompted to retype. Terminal doesn't show the password as you type.
  3. A key pair is generated, and a file named FileVaultMaster.keychain is saved to your desktop. Copy this file to a secure location, such an encrypted disk image on an external drive. This secure copy is the private recovery key that can unlock the startup disk of any Mac set up to use the FileVault master keychain. It is not for distribution.

Sep 05, 2014  How to generate a new iCloud recovery key. Go to appleid.apple.com from any web browser. Click on Manage your Apple ID. Sign in with your Apple ID on the next screen in order to continue. Choose one of the methods to verify your identity. Enter the verification code that was sent to one of your trusted devices or by text message in order to. Here’s how to get a new Apple recovery key if you’ve lost yours. The good news is as long as you’re not locked out of your Apple ID, it’s easy to generate a new key for safe keeping. Oct 18, 2017  If you are using two-factor authentication on your Apple ID, then you may have came across something called ‘App-Specific Password’. The App-Specific Password is a special single-use password that you can generate for your Apple ID, and use to securely sign into third-party apps. Here Are Key Takeaways. Apple drops Recovery Key in new two-factor authentication for El Capitan and iOS 9 Apple said at WWDC it would build a more integrated and comprehensive two-factor security system into its next OS. Among other changes, the Recovery Key option that has tripped up users in the past, and led in some cases to users having to abandon an Apple ID as permanently unavailable, has been removed, an Apple spokesperson confirmed. With the new system, Apple customer support will work through a detailed recovery process with users who lose. Apple drops Recovery Key in new two-factor authentication for El Capitan and iOS 9 Apple said at WWDC it would build a more integrated and comprehensive two-factor security system into its.

In the next section, you will update the FileVaultMaster.keychain file that is still on your desktop. You can then deploy that keychain to Mac computers in your institution.

Remove the private key from the master keychain

After creating the FileVault master keychain, follow these steps to prepare a copy of it for deployment:

  1. Double-click the FileVaultMaster.keychain file on your desktop. The Keychain Access app opens.
  2. In the Keychain Access sidebar, select FileVaultMaster. If you see more than two items listed on the right, select another keychain in the sidebar, then select FileVaultMaster again to refresh the list.
  3. If the FileVaultMaster keychain is locked, click in the upper-left corner of Keychain Access, then enter the master password you created.
  4. From the two items shown on the right, select the one identified as ”private key” in the Kind column:
  5. Delete the private key: Choose Edit > Delete from the menu bar, enter the keychain master password, then click Delete when asked to confirm.
  6. Quit Keychain Access.

Now that the master keychain on your desktop no longer contains the private key, it's ready for deployment.

Deploy the updated master keychain on each Mac

After removing the private key from the keychain, follow these steps on each Mac that you want to be able to unlock with your private key.

Generate Apple Id Recovery Key Download

  1. Put a copy of the updated FileVaultMaster.keychain file in the /Library/Keychains/ folder.
  2. Open the Terminal app and enter both of the following commands. These commands make sure that the file's permissions are set to -rw-r--r-- and the file is owned by root and assigned to the group named wheel.
  3. If FileVault is already turned on, enter this command in Terminal:
  4. If FileVault is turned off, open Security & Privacy preferences and turn on FileVault. You should see a message that a recovery key has been set by your company, school, or institution. Click Continue.

This completes the process. If a user forgets their macOS user account password and can't log in to their Mac, you can use the private key to unlock their disk.

Use the private key to unlock a user's startup disk

Recovery

If a user forgot their account password and can't log in to their Mac, you can use the private recovery key to unlock their startup disk and access its FileVault-encrypted data.

  1. On the client Mac, start up from macOS Recovery by holding Command-R during startup.
  2. If you don't know the name (such as Macintosh HD) and format of the startup disk, open Disk Utility from the macOS Utilities window, then check the information Disk Utility shows for that volume on the right. If you see ”CoreStorage Logical Volume Group” instead of ”APFS Volume” or ”Mac OS Extended,” the format is Mac OS Extended. You will need this information in a later step. Quit Disk Utility when done.
  3. Connect the external drive that contains the private recovery key.
  4. From the menu bar in macOS Recovery, choose Utilities > Terminal.
  5. If you stored the private recovery key in an encrypted disk image, use the following command in Terminal to mount that image. Replace /path with the path to the disk image, including the .dmg filename extension:
    Example for a disk image named PrivateKey.dmg on a volume named ThumbDrive:
    hdiutil attach /Volumes/ThumbDrive/PrivateKey.dmg
  6. Use the following command to unlock the FileVault master keychain. Replace /path with the path to FileVaultMaster.keychain on the external drive. In this step and all remaining steps, if the keychain is stored in an encrypted disk image, remember to include the name of that image in the path.
    Example for a volume named ThumbDrive:
    security unlock-keychain /Volumes/ThumbDrive/FileVaultMaster.keychain
  7. Enter the master password to unlock the startup disk. If the password is accepted, the command prompt returns.

Continue as described below, based on how the user's startup disk is formatted.

APFS

If the startup disk is formatted for APFS, complete these additional steps:

  1. Enter the following command to unlock the encrypted startup disk. Replace 'name' with the name of the startup volume, and replace /path with the path to FileVaultMaster.keychain on the external drive or disk image:
    Example for a startup volume named Macintosh HD and a recovery-key volume named ThumbDrive:
    diskutil ap unlockVolume 'Macintosh HD' -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain
  2. Enter the master password to unlock the keychain and mount the startup disk.
  3. Use command-line tools such as ditto to back up the data on the disk, or quit Terminal and use Disk Utility.

Mac OS Extended (HFS Plus)

If the startup disk is formatted for Mac OS Extended, complete these additional steps:

  1. Enter this command to get a list of drives and CoreStorage volumes:
  2. Select the UUID that appears after “Logical Volume,” then copy it for use in a later step.
    Example: +-> Logical Volume 2F227AED-1398-42F8-804D-882199ABA66B
  3. Use the following command to unlock the encrypted startup disk. Replace UUID with the UUID you copied in the previous step, and replace /path with the path to FileVaultMaster.keychain on the external drive or disk image:
    Example for a recovery-key volume named ThumbDrive:
    diskutil cs unlockVolume 2F227AED-1398-42F8-804D-882199ABA66B -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain
  4. Enter the master password to unlock the keychain and mount the startup disk.
  5. Use command-line tools such as ditto to back up the data on the disk. Or quit Terminal and use Disk Utility. Or use the following command to decrypt the unlocked disk and start up from it.
    Example for a recovery-key volume named ThumbDrive:
    diskutil cs decryptVolume 2F227AED-1398-42F8-804D-882199ABA66B -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain

Whenever you sign in with your Apple ID on a new device or browser, you'll confirm your identity with your password plus a six-digit verification code. There are a few ways you can get a verification code. You can use the code displayed on your trusted device, get a text or phone call, or generate a code from your trusted device.

If you use iOS 11.3 or later on your iPhone, you might not need to enter a verification code. In some cases, your trusted phone number can be automatically verified in the background on your iPhone. /generate-aes-256-encryption-key-onlin.html. It’s one less thing to do, and your account is still protected with two-factor authentication.

Use the code displayed on your trusted device

If you have a trusted device running iOS 9 and later, OS X El Capitan and later, iPadOS 13 and later, or watchOS 6 and later, the verification code is displayed automatically on your trusted devices.

  1. Sign in with your Apple ID and password on a new device or browser.
  2. Look for a sign in notification on any of your trusted devices.
  3. Tap Allow to receive your verification code.
  4. Enter the verification code on your other device to complete sign in.

Apple Id Generate New Recovery Key

Get a text or phone call

If you don’t have a trusted device handy, you can have a verification code sent to your trusted phone number as a text message or phone call.

  1. Click Didn't get a verification code on the sign in screen.
  2. Choose to have the code sent to your trusted phone number.
  3. You'll get a text message or phone call from Apple with your verification code.
  4. Enter the code on your other device to complete sign in.

Get a code from Settings on your trusted device

If you can’t receive a verification code on your trusted devices automatically, you can get one from Settings, even if your device is offline.

From your iPhone, iPad, or iPod touch:

In iOS 10.3 or later:

Generate
  1. Go to Settings > [your name].
  2. Tap Password & Security > Get Verification Code.

In iOS 10.3 or later, if your device is offline:

  1. Go to Settings > [your name].
  2. Tap Password & Security.
  3. A message says 'Account Details Unavailable.' Tap Get Verification Code.

My Apple Id

In iOS 10.2 or earlier:

  1. Go to Settings > iCloud.
  2. Tap your Apple ID username.
  3. If your device is offline, tap Get Verification Code. If your device is online, tap Password & Security > Get Verification Code.

From your Mac:

  1. Go to Apple menu  > System Preferences, then click Apple ID.
  2. Click Password & Security > Get Verification Code.

Apple Password Recovery Key

If you still can't sign in

Apple Id Generate Password

If you can’t sign in, reset your password, or receive verification codes, you can request account recovery to regain access to your account. Account recovery might take a few days or longer, depending on the specific account information you can provide to verify your identity.