| ▲ | Tell HN: FileVault does not protect Wi-Fi passwords on macOS 26 | |
| 3 points by turbidimeter 8 hours ago | 1 comments | ||
I was confused why the Wi-Fi symbol lights up when I boot my Mac, before I enter the password. I tested this, far away from my Wi-Fi network, and it doesn't light up then. Apple's support pages say "Unlock FileVault using SSH: On a Mac with Apple silicon with macOS 26 or later, FileVault can be unlocked over SSH after a restart if Remote Login is turned on and a network connection is available." and "Network connectivity for FileVault is necessary to unlock FileVault using SSH and in certain configurations using FileVaultPolicy with Platform Single Sign-on." [1][2] So that means the Wi-Fi password will be stored outside of the FileVault'ed volume then. (Where?) Cool, but even "Remote Login" is off for me (no SSO/MDM either) and it still connects to Wi-Fi. I never opted in to Wi-Fi passwords being silently removed from FileVault protection. Sure, they might "SecureEnclave" that thing or whatever but it's not the same thing. It's similar to the iCloud Password Sync auto-enable issue I had with iOS 17 [3]. The security model gets changed without the user's consent. It's not clear what is stored where. They just decide something is okay to auto-change after the user made a choice in the past. I don't think I'm overreacting. It's a seemingly little thing, but it shows how they can (and do) just make moves like that. | ||
| ▲ | lapcat 7 hours ago | parent [-] | |
The Wi-Fi password is stored in NVRAM. This has been true for many years, nothing new to macOS 26. | ||