FileVault keys can’t be escrowed in iCloud anymore

If you’ve enabled FileVault before macOS 26 Tahoe and used the option to escrow your key in iCloud, as of 26.4, you’ll be forced to migrate to a new, better, more secure method. Jason Snell just noted this update in his post about refreshed security. I wrote last September about how Tahoe shifted to storing the last-ditch account Recovery Key in Passwords starting with macOS 26.

In that column, I explained, “Your previous choices are preserved. If you wrote the key down or used iCloud escrow, this remains in place.” This is no longer the case! That article remains accurate and provides all the background and insight you need on using FileVault and the role of the Recovery Key.

However, when faced with the upgrade, you may appreciate a few tips and some advice.

You may not need FileVault

FileVault is not necessary for everyone. Apple encourages it, but enabling FileVault increases the odds that you might be locked out of your Mac forever should something go wrong. What is that something? If I could predict that, I wouldn’t be any richer, but you’d all be happier, as would Apple.

FileVault keys can’t be escrowed in iCloud anymore

Other newsrooms on this story

Related reading

FileVault on macOS Tahoe uses iCloud Keychain to store its Recovery Key

macOS 26.4 ha alzato (in silenzio) le barriere contro il social engineering.…

2.8 Billion Credentials Stolen As Password Attacks Surge

The UK’s war on Apple encryption is back

I Refused to Use Passkeys Until Apple Added This Feature to Its Passwords App

Apple’s macOS 26 Tahoe has new Liquid Glass look, customizable folders, and more