macOS Transition - Logging Into Your Mac

At the Login Window

For logging into your Mac, the login window will ultimately look the same and be ready for you to enter your username and password, ie - your eServices information. There is no longer any option for password hints, though accounts created from Active Directory never had them previously, so this is a change that will largely be unnoticed.

All campus owned non-lab computers will be encrypted with Apple’s FileVault 2 disk encryption. When you log into your assigned computer for the first time, your user account will be granted what is called a Secure Token. This is what allows for your user account to decrypt the computer after a reboot or other startup. If the Mac is going to be used by multiple users, you will want to inform ITS during the transition to ensure that all users are granted a Secure Token and are able to use the computer after a reboot or other startup.

One change that you will encounter if your computer previously had FileVault enabled will be that the FileVault unlock window will have changed to look identical to the standard login window. This change is to ensure that a layer of security by not exposing one half of your login information in the form of the username. Where this might be a little confusing is that the computer does not complete the entire login process from the FileVault unlock window and you will ultimately be entering your credentials twice after a reboot or other startup. Since you should be leaving your Mac on for remote management and application maintenance, you will not encounter this situation often, so the security benefit has been determined to outweigh the slight inconvenience it might cause.

Unlocking your active session

Up until now, TouchID has been able to be configured only during the initial login. After discussion and verification of how it works, TouchID will be fully functional to setup during the initial login and also able to be configured in System Preferences. For more information, read further on TouchID.

For security reasons, unlocking with an Apple Watch will still not be allowed, since it does not conform to the standards we have to be compliant with.