Its hard thing to discover that a loved one is incapacitated or passed away, and the Mac or Macs they left behind cant be unlocked to retrieve photos, important financial or legal information, or any of their digital traces. If the main account or any administrative user password is unavailable, a newer Mac may be completely unrecoverable.
Many times, a person who experiences dementia may have already appointed or had appointed someone with the legal right to access their devices; someone who may know they were facing death or who had planned ahead with a will may have left their gear explicitly to someone, or appointed an executor who has rights. (This is not legal advice, by the way; consult an attorney with any questions about the legality of accessing such hardware.)
But the right or need to access a Mac doesnt mean one has the ability, and Apple has designed its systems to prevent its own ability to break through strong protections.
The T2 Security Chip found in newer Macs (see the list of Mac models here) brought iPhone- and iPad-style security and encryption to macOS, including Touch ID on laptops. The Macs startup volume is automatically encrypted at rest, separate from the long-running FileVault technology in macOS. (See How FileVault and the T2 Security Chip work together in newer Macs for more details.)
The T2 chip on a Mac automatically encrypts the startup drive as a way to improve security dramaticallyincluding rendering a drives contents unreadable if a device were lost or stolen. Without a fingerprint on a Touch ID-equipped Mac (for a computer thats running, logged in, and in the right circumstances) or a password for any Mac, even without FileVault enabled, the contents of the Macs drive could be permanently unavailable.
If the Mac in question is one of the above models, skip to Strategies to work around not having the password, later in this article.
If it doesnt have a T2 chip, you can try the following; if not, read on for what wont work, and then strategies to try without the password.
You may be able to mount a Mac as a volume on another Mac without a password using Target Disk Modeas long as FileVault wasnt enabled. You may not know if was, so you can try the following if both Macs have a FireWire (older models) or Thunderbolt 2 or 3 port:
Connect the computers.
Restart or startup the Mac you want to mount on the other while holding down the T key.
If it works, a volume icon appears on the other Mac.
If you receive a prompt to enter a password, then either FileVault is enabled or theres a T2 chip on the computeror even both.
However, if you dont have another Mac to try this with or they dont have compatible ports, you can also set up an external, bootable macOS drive with a version of macOS new enough to start up the computer in question and not too new for an older Mac. (Consult the Macs model to check on which system releases work with it.)
Heres how to boot from an external drive:
With a macOS startup volume installed on an external drive, plug it into the Mac you want to start up.
Either restart the Mac or start it up, holding down the Option key as it powers up.
A roughly formatted display showing available startup drives should appear. Click or use a keyboard to select and boot from that drive.
The internal drive shows up as a volume after macOS starts up.
If you cant start up from an external drive because youre prompted for a password or blocked in another fashion, or macOS prompts you for a password to mount the internal drive (as above), youre stuck.
In nearly every scenario involving either a Mac with a T2 chip, FileVault enabled, or both, you have to have an administrative accounts password, often the main or only account on a Mac:
With FileVault turned on with any Mac, a password has to be entered at startup to even start macOS running. Otherwise its startup volume remains unavailable.
With the T2 chip and no FileVault, a Mac will boot to the startup screen, but unless you had the password, even though the drives contents are available to a user, youd have to break into macOS to gain access to files. Because the T2 chip restricts starting up with an external drive without making a specific administrative change that requires a password, you wont even be able to boot off an external driveand youd need an account password after that to mount the drive when started up externally, in any case.
You might consider removing the hard drive as one strategy. But Macs of the last few years have drives that cant easily be removed or are impossible to remove at all. Even if you could mount a drive on another device, if FileVault is enabled or its a mac with a T2 chip, its impossible to decrypt the drives contents.
The Startup Security Manger on T2-equipped Macs prevents staring up from an external drive without changing settingswhich requires a password.
Dont give up yet, however.
Several strategies can help, some of them absurdly low tech:
Check for sticky notes, password books, or other places someone may have written down their password. This is surprisingly common, yet often overlooked. (The best hackers in movies always make a joke about it when asked what sophisticated cracking tool they will use: they just find the sticky note.)
Did the person ever give you a password as a backup in case they lost or forgot theirs? Check your messages, password manager, or notes.
Look for local backups. While startup drives may be encrypted via FileVault or the T2 chip, Time Machine and other backups typically arent, unless someone takes an extra step to encrypt the volume. (If they did that, they might also have taken steps to allow someone else to gain access later if they couldnt.) Look for a drive directly connected to the computer, to another computer on the network, or a Time Capsule, Apples discontinued networked Time Machine backup option.
Look for online backups. A person may be using a cloud-based backup storage system, like Backblaze or Carbonite, and you may be able to find the password for that if you cant find their Mac accounts password. Check credit-card bills to see if theyre using such a service.
Check iCloud. Again, you might be able to find or figure out their iCloud login, and retrieve photos and synced files from iCloud.
Look for other sync services. Dropbox, Google Drive, OneDrive, and other options can sync the contents of folders or nearly an entire drive from a computer to cloud-based storage.
Preparation always helps, too. If youre reading this column prospectivelybefore a problem has cropped upsee How to prepare your digital assets in case of death for advice on setting up yourself or helping someone else be set up for access when they cant provide a password.
This Mac 911 article is in response to a question submitted by Macworld reader Janvier.
Weve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, were always looking for new problems to solve! Email yours to mac911@macworld.com including screen captures as appropriate, and whether you want your full name used. Not every question will be answered, we dont reply to email, and we cannot provide direct troubleshooting advice.
Read the original:
How to recover data from a Mac with T2 or FileVault encryption and without a password - Macworld
