How to change an encrypted volume’s password in OS X

How to change an encrypted volume’s password in OS X

While encrypting and decrypting a volume can be done on the fly, the option for changing its password is a bit hidden.

With data security being an all-too-common concern, the options for
encrypting data in OS X are welcome additions that are quite easy to
implement. While you can store files in an encrypted disk image, you can
also use FileVault to encrypt your boot drive. Furthermore, you can encrypt or decrypt any secondary volume by right-clicking it and choosing the option to do so, or by using the Terminal.

Changing passwords in Disk UtilityThese features are convenient, but if you wish to change the password
for an encrypted drive, you will find that this feature is not
available along with the options for encrypting. You can change a
password by first decrypting the volume and then encrypting it again,
but this will take a while for drives with large numbers of files on
them.

Changing a password for an encrypted volume can be done without
having to wait for it to decrypt and then encrypt again. This can be
done in two ways:

  1. Disk Utility
    Open the Disk Utility program in the Applications > Utilities folder,
    and then select your encrypted volume in the sidebar. Then go to the
    File menu and choose “Change Password,” and you should be presented with
    a standard new password prompt that requests that you enter the old
    password and then the new password twice, and provide an optional
    password hint.

    Using the Terminal, be sure the UUID is the one for the Logical Volume (underlined in blue). 
  2. The Terminal
    As with most disk management operations, changing the encrypted disk’s
    password can also be done using Terminal commands, for if you only have
    access to a system via SSH or Single User mode. To do this, first open
    the Terminal and get a listing of the encrypted disk devices by running
    the following command:

    Changing encryption passwords in the Terminaldiskutil
    cs list

    The output of this command will look like a hierarchical tree that
    shows the physical drives involved, the logical volume family created
    from these drives, and then the logical volumes themselves that are on
    these drives. Each of these items will have a corresponding UUID
    associated with it. Locate the UUID next to the “Logical Volume” (not
    the Logical Volume Group) for the encrypted drive. You can use the mouse
    to highlight it and then press Command-C to copy it, and then use it in
    place of “UUID” in the following command (all on one line):

    diskutil cs passwd UUID -oldpassphrase OLDPASS -newpassphrase NEWPASS

    When this command is executed, the volume will now have the new passphrase.

Tags:

Add a Comment