FileVault should not have an institutional recovery key
FileVault has an institutional recovery key: Your full-disk encryption can be recovered with a recovery key. An institutional recovery key is normally created by a central company computer management system. If your Mac is not part of such a system and you don’t have created the recovery key on your own, then change it. If this Mac is a company, school .. Mac, then don’t change it. There might be compliance reasons why this is configured.
Create a personal recovery key and remove the institutional recovery key.
How to fix it
macOS 10.11 – 14
- open terminal.app
- Enter and press return:
sudo fdesetup removerecovery -institutional
- Enter the administrator password
- Create a personal Recovery key
PLEASE READ THE FOLLOWING TIP AND DISCLAIMER!
Keep in mind: not every security and privacy setting is suitable for everyone. Enhancing the security can lead in losing functionality and/or comfort.
Before making changes, please backup your Mac! Do not make too many change at once. After changing your Mac, check if your normal usage of your Mac has changed in a way which fits to you. Are your really willing to loose some functionality and/or comfort?
Most important is, that you learn and understand what are the advantages and disadvantages of the security settings and that you are aware about the capabilities and risks of your Mac configuration.
To skip this result message from your next security scan, you can deactivate this check. FAQ: How to deactivate a check.
CHECK RESULTS BY SIMPLEUMCHECK DO NOT COVER ALL ASPECTS OF POSSIBLE SECURITY CHECKS OR MAYBE INCORRECT OR INCOMPLETE. THE RESULTS ARE ONLY CLUES FOR RECOMMENDATIONS TO IMPROVE SECURITY AND PRIVACY ON THE MAC.
The use of SimpleumCheck, the checks and FAQ articles are provided under the SimpleumCheck End User License Agreement (EULA).