ADAM ENGST 17 September 2025

In his review of macOS 26 Tahoe at Ars Technica, Andrew Cunningham writes:

One other tweak to the install process is the default behavior for Apple’s FileVault disk encryption. If you sign in to an Apple account as part of setting up macOS, FileVault now turns on automatically, and also automatically uses your Apple Account for recovery in the event something goes wrong. …

But if you decline to sign in with an Apple Account during setup, just creating a local account, the macOS installer offers FileVault encryption, generating a recovery key that you can write down and store elsewhere, but it’s possible to skip FileVault entirely.

It’s frustrating when Apple makes setup choices for us during installation, but in this case, the security benefits are worthwhile. While Macs with Apple Silicon or Intel-based Macs with a T2 security chip already hardware-encrypt their drives, FileVault adds boot protection that prevents unauthorized access to data on the drive even if someone has physical access to your Mac. There’s no noticeable performance hit from this encryption.

The only slight downside of enabling FileVault crops up if you lose your login password. That could happen with a long-unused Mac, for someone experiencing cognitive decline, or if there is corruption in the recovery partition where FileVault stores its password data. In these cases, the Recovery Key offers an alternative login credential. Without the login password or Recovery Key, you cannot log in to your Mac (which is also true when FileVault is disabled), and your data stays encrypted (with FileVault off, the Mac’s hardware key alone would be enough to decrypt the data).

In other words, turning off FileVault makes it more likely that a firm like DriveSavers could recover your data if you lose access to your password and have no backups. However, it also makes it easier for a hostile government agency to access your data without permission or your knowledge, something that’s less confined to the realm of thrillers than it used to be. I recommend that everyone use FileVault, but if you’re uncomfortable with extra protection from hostile governments, you can always turn it off in System Settings > Privacy & Security > FileVault.

Another new aspect of FileVault setup in macOS 26 is that Apple no longer allows you to store your Recovery Key in your iCloud account, as Glenn Fleishman explains at Six Colors. Apple likely made this change to prevent a hostile government from forcing the company to reveal a user’s Recovery Key. However, macOS 26 now automatically stores the Recovery Key in Passwords instead of showing it only once during setup, and you can still save it in another password manager or print it, as you prefer. One interesting quirk—FileVault recovery keys automatically stored in Passwords in macOS 26 sync to other devices running OS 26, but not to those running older operating system versions, which could complicate recovery.