Mac 911: Airport problems, how to find your Filevault recovery key, and much more
Solutions to your most vexing Mac problems.
Problems with an Apple Airport? It could be a hardware failure
Hardware fails in very different ways. Sometimes, it’s catastrophic and abrupt, and you hear terrible sounds coming from inside your hard drive. Other times, it’s subtle, and a failing component or system causes hardware to limp along, throwing out errors you can’t troubleshoot, because they aren’t consistent. I spent months with one of these problems in early 2015 ( go.macworld.com/evbr).
However, it’s much clearer resolving issues with Apple’s seemingly now-retired line of Airport and Time Capsule base stations. Apple hasn’t commented on the record as to whether the products will ever be updated, and the most recent versions remain on sale. But it’s been years since the last hardware improvements, and reports indicate the Airport product team
( go.macworld.com/appt) was disbanded.
Apple’s base stations unfortunately had a long history of not having a, uh, long history. For a long time, despite their high cost relative to competitors with similar general features, I recommended Mac and IOS users purchase Apple Wi-fi routers, because of the better integration and support, including a native configuration tool—airport Utility.
However, Apple’s Wi-fi hardware has a long-term reputation for not having the same staying power as most of its other gear, often because of failing power-supply components. This was particularly galling as these devices have no moving parts, except for the hard drives in Time Capsule models. I’ve lost track of how many I’ve gone through in about 18 years, but I’ve had substantially fewer Macs fail in that period than Apple base stations. (I’ve run Wi-fi routers from other companies sometimes in parallel or instead, and I’ve had almost none of those fail under similar conditions, but I’ve owned many fewer of them.)
Because people have shifted to buy routers from other companies, we’ve gotten fewer and fewer queries about quirks with Apple’s access points, but they still come in every week or two, and the latest from Macworld reader Ian is typical. He has both an Airport Extreme and some of the less-expensive Airport Express extenders on his network. Airport Utility shows all the Apple base stations, but he can get the Express models to open up their configuration in Airport Utility. Clicking Edit for the Airport Extreme results in nothing.
I’ve had the same report from other readers, and experienced something similar a few years ago with the latestgeneration Airport Extreme. It would lock
I’ve lost track of how many I’ve gone through in about 18 years, but I’ve had substantially fewer Macs fail in that period than Apple base stations.
up in weird circumstances, sometimes including when trying to use the printer attached via its USB port. Eventually, I replaced it with a Tp-link router, which has given me no grief after years (so far).
I suggested to Ian that the hardware was probably failing, since this matched my and other people’s experience. He believed it was out of warranty, but I suggested he check a little-known angle that Apple offers for extended warranty support. If you purchase an Applecare warranty for a Mac, not only is the Mac
covered for three years from its initial date of purchase, but any Airport base station bought up to two years before that point is also covered through that three year period. You could wind up with a total of five years of warranty coverage.
Ian followed up to let me know that while he didn’t have a qualifying warranty, he had previously reported problems to Apple while his router remained under warranty, and the company agreed to replace it at no charge. His new Airport Extreme isn’t showing any of the problems the old one did. I’ve written quite a bit about the not-quiteso-new Apple File System (APFS) format ( go.macworld.com/afls) that Apple adopted for both IOS and—with macos 10.13 High Sierra—for SSDS that are a Mac’s boot volume. While questions have largely tapered off in recent weeks after a spate of issues with Time Machine, APFS, and external drives ( go.macworld.com/dctm), people are clearly still wrestling with some of the details.
Macworld reader Andrew wrote in asking about reformatting his High Sierra system, and wanting to choose HFS+ (Mac OS Extended, Journaled). However, after booting into macos Recovery ( go. macworld.com/mosr), the Disk Utility app only offers up APFS options. Why is that?
MACOS Recovery is in sync with High Sierra, and Apple converts a boot SSD volume into APFS when you install High Sierra. While that was optional during High Sierra’s public beta period, it became mandatory and unavoidable on release. As a result, even trying to erase a boot SSD volume only presents APFS options.
It’s possible you could force HFS+ on a boot SSD with High Sierra with some Terminal monkeying around, but I can’t see that would end well, and I’m not sure it offers any advantages. It’s too risky to recommend.
However, if you’re trying to downgrade to Sierra or an earlier version of macos, I would create a bootable installer ( go. macworld.com/btin) of that version of macos, start up your Mac from it, and then use Disk Utility within Sierra or earlier to reformat the SSD with HFS+.
Then you can install previous versions of macos on that Mac.
How to find your Filevault recovery key in macos
The Filevault option in macos is a fantastic way to enhance the security of your data at rest. It’s full-disk encryption (FDE), meaning that your entire startup volume is locked away when macos is shut down (not just sleeping) using strong encryption. Without the password that unlocks an account on your Mac that’s authorized to log in with Filevault, there’s no effective way to bring that computer to life.
That’s a problem, however, if you forget the password to all the authorized account or, in some cases I’ve received a few emails about, something goes wrong and the Recovery Disk—used both for “cold start” logins to macos and to diagnose problems on your startup volume— demands a login that doesn’t work.
In those cases, the recovery key set at the time you turned on Filevault on your Mac can do the trick. But if enough time has passed, you might have forgotten where you stashed the key or how to retrieve it. Macworld reader Elaina falls into that camp. She can’t find the key, and she remembers using the icloud option to store it, but has examined icloud Drive and can’t find it. She hasn’t yet been in a situation where she needs it, but she’s concerned that you could wind up locked out and not be able to obtain the recovery key.
This is a problem with security options on systems reliable enough that you don’t have to work with them regularly to refresh your memory. (And it’s why Apple shifted IOS two years ago to require that you enter your passphrase every six days ( go. macworld.com/pc6d), even if you have Touch ID enabled.)
When you first set up Filevault in the Security & Privacy system preference pane in the Filevault tab, one of the steps asks you whether you want to use your icloud account as a way to unlock your disk and
reset your macos account password if you can’t find your recovery key.
If you choose icloud, the recovery key isn’t stored loosely in icloud Drive or as a file, but it’s tied into behind-the-scenes account information that Apple maintains. It’s fully encrypted in such a way that even Apple doesn’t have access to the unencrypted recovery key data, but Apple can deliver the encrypted recovery key to your Mac if you need to reset your password. You never see the recovery key nor have to enter it in this configuration. (The process is a little involved: Apple describes it in the section “Reset using the Reset Password assistant (Filevault must be on)” in this support document ( go. macworld.com/rsps).)
If you choose the other path, where Filevault generates a recovery key and displays it, you need to make sure and write it down or enter it electronically, and store it securely in such a way that you’ll have access even when your Mac can’t be booted. I use 1Password’s secure notes for this purpose, but any method of storage that’s reliable, secure, and accessible will work.
A good strategy would be to set a quarterly reminder to look for your recovery key (and other important passwords and keys you have to store in the same place). If you can’t find it, disable Filevault in macos and re-enable it. This will take a while, as the entire drive is decrypted and then re-encrypted, but macos generates an entirely new recovery key, which you can then more carefully note again.
With each of the above situations, if you can’t log into icloud or you lose the recovery key, your Mac’s files are irretrievable forever, as I wrote about last year ( go.macworld.com/rcfv).
How to recover an icloud account when a factor for two-factor authentication goes missing
Two-factor authentication (2FA) is highly recommend with your Apple ID, especially for icloud or itunes and App Store purchases, but there’s one drawback: you need access to a second factor, or you might wind up losing everything associated with your account.
Normally, this shouldn’t be a problem. The second factor for Apple’s system is always at least one Mac or one IOS device plus a phone number (one that receives either text messages or voice calls, so a landline is an option). It would seem an unlikely scenario in which you lost all of that at once.
You can also add other phone numbers as backups, which is what my wife and I have done with each other’s cell numbers. Even if we lost access to our devices and
our own numbers, we could still log in. (Telephone numbers can be reassigned, and hackers sometimes socially engineer or otherwise shift them for identity theft or worse purposes.) But it happened to Macworld reader Edgar, who writes in about his problems after switching away from the iphone to a different platform:
I need to get into my icloud account to access photos, notes, contacts, etc. but had two-factor authentication enabled. I’m being prompted to enter the code when I login online but the phone lines have been switched, so I don’t have access to the 2FA code on iphone.
He may be in a pickle, although having the password to his account should help. Apple offers a semiautomated accountrecovery process ( go. macworld.com/rcid) that hinges on how much information you can provide. The more information, the faster the process goes. Human beings are involved to make it difficult or impossible to automate the recovery for malicious ends, but Apple also may decide it can’t verify your identity well enough, even if you own the account, to give you access back. ■
You can opt to store your recovery key as part of your icloud account for password resets.
A Macworld reader can’t get the HFS+ option to appear, but that’s by design.
You can set up two-factor authentication for icloud.