Mac 911: Air­port prob­lems, how to find your Fil­e­vault re­cov­ery key, and much more

So­lu­tions to your most vex­ing Mac prob­lems.

Macworld (USA) - - Contents - BY GLENN FLEISHMAN

Prob­lems with an Ap­ple Air­port? It could be a hard­ware fail­ure

Hard­ware fails in very dif­fer­ent ways. Some­times, it’s cat­a­strophic and abrupt, and you hear ter­ri­ble sounds com­ing from in­side your hard drive. Other times, it’s sub­tle, and a fail­ing com­po­nent or sys­tem causes hard­ware to limp along, throw­ing out er­rors you can’t trou­bleshoot, be­cause they aren’t con­sis­tent. I spent months with one of these prob­lems in early 2015 ( go.mac­

How­ever, it’s much clearer re­solv­ing is­sues with Ap­ple’s seem­ingly now-re­tired line of Air­port and Time Cap­sule base sta­tions. Ap­ple hasn’t com­mented on the record as to whether the prod­ucts will ever be up­dated, and the most re­cent ver­sions re­main on sale. But it’s been years since the last hard­ware im­prove­ments, and re­ports in­di­cate the Air­port prod­uct team

( go.mac­ was dis­banded.

Ap­ple’s base sta­tions un­for­tu­nately had a long his­tory of not hav­ing a, uh, long his­tory. For a long time, de­spite their high cost rel­a­tive to com­peti­tors with sim­i­lar gen­eral fea­tures, I rec­om­mended Mac and IOS users pur­chase Ap­ple Wi-fi routers, be­cause of the bet­ter in­te­gra­tion and sup­port, in­clud­ing a na­tive con­fig­u­ra­tion tool—air­port Util­ity.

How­ever, Ap­ple’s Wi-fi hard­ware has a long-term rep­u­ta­tion for not hav­ing the same stay­ing power as most of its other gear, of­ten be­cause of fail­ing power-sup­ply com­po­nents. This was par­tic­u­larly galling as these de­vices have no mov­ing parts, ex­cept for the hard drives in Time Cap­sule models. I’ve lost track of how many I’ve gone through in about 18 years, but I’ve had sub­stan­tially fewer Macs fail in that pe­riod than Ap­ple base sta­tions. (I’ve run Wi-fi routers from other com­pa­nies some­times in par­al­lel or in­stead, and I’ve had al­most none of those fail un­der sim­i­lar con­di­tions, but I’ve owned many fewer of them.)

Be­cause peo­ple have shifted to buy routers from other com­pa­nies, we’ve got­ten fewer and fewer queries about quirks with Ap­ple’s ac­cess points, but they still come in ev­ery week or two, and the lat­est from Mac­world reader Ian is typ­i­cal. He has both an Air­port Ex­treme and some of the less-ex­pen­sive Air­port Ex­press ex­ten­ders on his net­work. Air­port Util­ity shows all the Ap­ple base sta­tions, but he can get the Ex­press models to open up their con­fig­u­ra­tion in Air­port Util­ity. Click­ing Edit for the Air­port Ex­treme re­sults in noth­ing.

I’ve had the same re­port from other read­ers, and ex­pe­ri­enced some­thing sim­i­lar a few years ago with the lat­est­gen­er­a­tion Air­port Ex­treme. It would lock

I’ve lost track of how many I’ve gone through in about 18 years, but I’ve had sub­stan­tially fewer Macs fail in that pe­riod than Ap­ple base sta­tions.

up in weird cir­cum­stances, some­times in­clud­ing when try­ing to use the printer at­tached via its USB port. Even­tu­ally, I re­placed it with a Tp-link router, which has given me no grief af­ter years (so far).

I sug­gested to Ian that the hard­ware was prob­a­bly fail­ing, since this matched my and other peo­ple’s ex­pe­ri­ence. He be­lieved it was out of war­ranty, but I sug­gested he check a lit­tle-known an­gle that Ap­ple of­fers for ex­tended war­ranty sup­port. If you pur­chase an Ap­ple­care war­ranty for a Mac, not only is the Mac

cov­ered for three years from its ini­tial date of pur­chase, but any Air­port base sta­tion bought up to two years be­fore that point is also cov­ered through that three year pe­riod. You could wind up with a to­tal of five years of war­ranty cov­er­age.

Ian fol­lowed up to let me know that while he didn’t have a qual­i­fy­ing war­ranty, he had pre­vi­ously re­ported prob­lems to Ap­ple while his router re­mained un­der war­ranty, and the com­pany agreed to re­place it at no charge. His new Air­port Ex­treme isn’t show­ing any of the prob­lems the old one did. I’ve writ­ten quite a bit about the not-quiteso-new Ap­ple File Sys­tem (APFS) for­mat ( go.mac­ that Ap­ple adopted for both IOS and—with macos 10.13 High Sierra—for SSDS that are a Mac’s boot vol­ume. While ques­tions have largely ta­pered off in re­cent weeks af­ter a spate of is­sues with Time Ma­chine, APFS, and ex­ter­nal drives ( go.mac­, peo­ple are clearly still wrestling with some of the de­tails.

Mac­world reader An­drew wrote in ask­ing about re­for­mat­ting his High Sierra sys­tem, and want­ing to choose HFS+ (Mac OS Ex­tended, Jour­naled). How­ever, af­ter boot­ing into macos Re­cov­ery ( go. mac­, the Disk Util­ity app only of­fers up APFS op­tions. Why is that?

MACOS Re­cov­ery is in sync with High Sierra, and Ap­ple con­verts a boot SSD vol­ume into APFS when you in­stall High Sierra. While that was op­tional dur­ing High Sierra’s pub­lic beta pe­riod, it be­came manda­tory and un­avoid­able on re­lease. As a re­sult, even try­ing to erase a boot SSD vol­ume only presents APFS op­tions.

It’s pos­si­ble you could force HFS+ on a boot SSD with High Sierra with some Ter­mi­nal mon­key­ing around, but I can’t see that would end well, and I’m not sure it of­fers any ad­van­tages. It’s too risky to rec­om­mend.

How­ever, if you’re try­ing to down­grade to Sierra or an ear­lier ver­sion of macos, I would cre­ate a bootable in­staller ( go. mac­ of that ver­sion of macos, start up your Mac from it, and then use Disk Util­ity within Sierra or ear­lier to re­for­mat the SSD with HFS+.

Then you can in­stall pre­vi­ous ver­sions of macos on that Mac.

How to find your Fil­e­vault re­cov­ery key in macos

The Fil­e­vault op­tion in macos is a fan­tas­tic way to en­hance the se­cu­rity of your data at rest. It’s full-disk en­cryp­tion (FDE), mean­ing that your en­tire startup vol­ume is locked away when macos is shut down (not just sleep­ing) us­ing strong en­cryp­tion. With­out the pass­word that un­locks an ac­count on your Mac that’s au­tho­rized to log in with Fil­e­vault, there’s no ef­fec­tive way to bring that com­puter to life.

That’s a prob­lem, how­ever, if you for­get the pass­word to all the au­tho­rized ac­count or, in some cases I’ve re­ceived a few emails about, some­thing goes wrong and the Re­cov­ery Disk—used both for “cold start” lo­gins to macos and to di­ag­nose prob­lems on your startup vol­ume— de­mands a lo­gin that doesn’t work.

In those cases, the re­cov­ery key set at the time you turned on Fil­e­vault on your Mac can do the trick. But if enough time has passed, you might have for­got­ten where you stashed the key or how to re­trieve it. Mac­world reader Elaina falls into that camp. She can’t find the key, and she re­mem­bers us­ing the icloud op­tion to store it, but has ex­am­ined icloud Drive and can’t find it. She hasn’t yet been in a sit­u­a­tion where she needs it, but she’s con­cerned that you could wind up locked out and not be able to ob­tain the re­cov­ery key.

This is a prob­lem with se­cu­rity op­tions on sys­tems reli­able enough that you don’t have to work with them reg­u­larly to re­fresh your mem­ory. (And it’s why Ap­ple shifted IOS two years ago to re­quire that you en­ter your passphrase ev­ery six days ( go. mac­, even if you have Touch ID en­abled.)

When you first set up Fil­e­vault in the Se­cu­rity & Pri­vacy sys­tem pref­er­ence pane in the Fil­e­vault tab, one of the steps asks you whether you want to use your icloud ac­count as a way to un­lock your disk and

re­set your macos ac­count pass­word if you can’t find your re­cov­ery key.

If you choose icloud, the re­cov­ery key isn’t stored loosely in icloud Drive or as a file, but it’s tied into be­hind-the-scenes ac­count in­for­ma­tion that Ap­ple main­tains. It’s fully en­crypted in such a way that even Ap­ple doesn’t have ac­cess to the un­en­crypted re­cov­ery key data, but Ap­ple can de­liver the en­crypted re­cov­ery key to your Mac if you need to re­set your pass­word. You never see the re­cov­ery key nor have to en­ter it in this con­fig­u­ra­tion. (The process is a lit­tle in­volved: Ap­ple de­scribes it in the sec­tion “Re­set us­ing the Re­set Pass­word as­sis­tant (Fil­e­vault must be on)” in this sup­port doc­u­ment ( go. mac­

If you choose the other path, where Fil­e­vault gen­er­ates a re­cov­ery key and dis­plays it, you need to make sure and write it down or en­ter it elec­tron­i­cally, and store it se­curely in such a way that you’ll have ac­cess even when your Mac can’t be booted. I use 1Pass­word’s se­cure notes for this pur­pose, but any method of stor­age that’s reli­able, se­cure, and ac­ces­si­ble will work.

A good strat­egy would be to set a quar­terly re­minder to look for your re­cov­ery key (and other im­por­tant pass­words and keys you have to store in the same place). If you can’t find it, dis­able Fil­e­vault in macos and re-en­able it. This will take a while, as the en­tire drive is de­crypted and then re-en­crypted, but macos gen­er­ates an en­tirely new re­cov­ery key, which you can then more care­fully note again.

With each of the above sit­u­a­tions, if you can’t log into icloud or you lose the re­cov­ery key, your Mac’s files are ir­re­triev­able for­ever, as I wrote about last year ( go.mac­

How to re­cover an icloud ac­count when a fac­tor for two-fac­tor au­then­ti­ca­tion goes miss­ing

Two-fac­tor au­then­ti­ca­tion (2FA) is highly rec­om­mend with your Ap­ple ID, es­pe­cially for icloud or itunes and App Store pur­chases, but there’s one draw­back: you need ac­cess to a sec­ond fac­tor, or you might wind up los­ing ev­ery­thing as­so­ci­ated with your ac­count.

Nor­mally, this shouldn’t be a prob­lem. The sec­ond fac­tor for Ap­ple’s sys­tem is al­ways at least one Mac or one IOS de­vice plus a phone num­ber (one that re­ceives ei­ther text mes­sages or voice calls, so a land­line is an op­tion). It would seem an un­likely sce­nario in which you lost all of that at once.

You can also add other phone num­bers as back­ups, which is what my wife and I have done with each other’s cell num­bers. Even if we lost ac­cess to our de­vices and

our own num­bers, we could still log in. (Tele­phone num­bers can be re­as­signed, and hack­ers some­times so­cially en­gi­neer or oth­er­wise shift them for iden­tity theft or worse pur­poses.) But it hap­pened to Mac­world reader Edgar, who writes in about his prob­lems af­ter switch­ing away from the iphone to a dif­fer­ent plat­form:

I need to get into my icloud ac­count to ac­cess pho­tos, notes, con­tacts, etc. but had two-fac­tor au­then­ti­ca­tion en­abled. I’m be­ing prompted to en­ter the code when I lo­gin on­line but the phone lines have been switched, so I don’t have ac­cess to the 2FA code on iphone.

He may be in a pickle, although hav­ing the pass­word to his ac­count should help. Ap­ple of­fers a semi­au­to­mated ac­coun­tre­cov­ery process ( go. mac­ that hinges on how much in­for­ma­tion you can pro­vide. The more in­for­ma­tion, the faster the process goes. Hu­man be­ings are in­volved to make it dif­fi­cult or im­pos­si­ble to au­to­mate the re­cov­ery for ma­li­cious ends, but Ap­ple also may de­cide it can’t ver­ify your iden­tity well enough, even if you own the ac­count, to give you ac­cess back. ■

You can opt to store your re­cov­ery key as part of your icloud ac­count for pass­word re­sets.

A Mac­world reader can’t get the HFS+ op­tion to ap­pear, but that’s by de­sign.

You can set up two-fac­tor au­then­ti­ca­tion for icloud.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.