X

How to change an encrypted volume's password in OS X

While encrypting and decrypting a volume can be done on the fly, the option for changing its password is a bit hidden.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
See full bio
Topher Kessler
2 min read

With data security being an all-too-common concern, the options for encrypting data in OS X are welcome additions that are quite easy to implement. While you can store files in an encrypted disk image, you can also use FileVault to encrypt your boot drive. Furthermore, you can encrypt or decrypt any secondary volume by right-clicking it and choosing the option to do so, or by using the Terminal.

Changing passwords in Disk Utility
Selecting "Change Password" from the File menu will show the standard new password prompt. Screenshot by Topher Kessler/CNET

These features are convenient, but if you wish to change the password for an encrypted drive, you will find that this feature is not available along with the options for encrypting. You can change a password by first decrypting the volume and then encrypting it again, but this will take a while for drives with large numbers of files on them.

Changing a password for an encrypted volume can be done without having to wait for it to decrypt and then encrypt again. This can be done in two ways:

  1. Disk Utility
    Open the Disk Utility program in the Applications > Utilities folder, and then select your encrypted volume in the sidebar. Then go to the File menu and choose "Change Password," and you should be presented with a standard new password prompt that requests that you enter the old password and then the new password twice, and provide an optional password hint.
    Changing encryption passwords in the Terminal
    Using the Terminal, be sure the UUID is the one for the Logical Volume (underlined in blue). Click the image for a larger view. Screenshot by Topher Kessler/CNET
  2. The Terminal
    As with most disk management operations, changing the encrypted disk's password can also be done using Terminal commands, for if you only have access to a system via SSH or Single User mode. To do this, first open the Terminal and get a listing of the encrypted disk devices by running the following command:

    diskutil cs list


    The output of this command will look like a hierarchical tree that shows the physical drives involved, the logical volume family created from these drives, and then the logical volumes themselves that are on these drives. Each of these items will have a corresponding UUID associated with it. Locate the UUID next to the "Logical Volume" (not the Logical Volume Group) for the encrypted drive. You can use the mouse to highlight it and then press Command-C to copy it, and then use it in place of "UUID" in the following command (all on one line):

    diskutil cs passwd UUID -oldpassphrase OLDPASS -newpassphrase NEWPASS


    When this command is executed, the volume will now have the new passphrase.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

Computing Guides

Laptops
Desktops & Monitors
Computer Accessories
Photography
Tablets & E-Readers
3D Printers
Computing Coupons