Why would you not be able to use the individual Mac's Recovery key to help the remote user log in? The advantage of the Recovery Key is that it applies to only that one Mac. I would agree you definitely don't want to give anyone your institutional key - bad idea for sure. But the individual recovery key I'd be much less worried about giving someone. Just instruct them to NOT write it down anywhere.

Thanks mm2270! I was way overthinking it....

I would also avoid adding any management accounts to FV because they will appear at the login screen. I'm already not happy that the user's name appears there (it could be used for social engineering purposes).

I would also avoid adding any management accounts to FV because they will appear at the login screen. I'm already not happy that the user's name appears there (it could be used for social engineering purposes).

Completely agree on this one. We've already asked Apple back when Mountain Lion shipped if they could please allow for us to change the FV2 PreBoot screen to Username & Password fields. At first glance it doesn't appear Mavericks has added this capability, which is very disheartening. Apparently Apple doesn't care to change this. My concern, in addition to social engineering, is that half the work in getting into a computer is knowing the username, the other half the password, So Apple has made it so if you use FileVault 2, someone getting at your Mac already knows half your secret. This makes zero sense to me from a security standpoint.

That's why I'm using Sophos SafeGuard until Apple changes it :(

@tkimpton Good luck updating firmware! I kicked Sophos to the curb; FileVault has been superior in every way.

Yep but I'm 100% security conscious and knowing even the username is a big no no!