Help

How to set destroyfvkeyonstandby ?

lucasrinvor
New Contributor

Posted on ‎08-29-2024 08:37 AM

Hello,

I would like to set up "destroyfvkeyonstandby" so that I can continue to use the touch id. because when I close the hood of my mac after 30 seconds when I open the hood again it starts by displaying the logo of the apple then he asks me for my password without the possibility to use touch id.

Thanks in advance

0 Kudos
Reply
5 REPLIES 5

AJPinto
Honored Contributor III

Posted on ‎08-29-2024 12:13 PM

Are you an Admin or a User? By default macOS only requires the password after a reboot, and after 48hrs of non-use. MDM Configurations can change this behavior, and if set by a MDM no client side settings will make any differences.

0 Kudos
Reply

lucasrinvor
New Contributor

Posted on ‎08-30-2024 12:34 AM

I manage the devices via jamf pro

0 Kudos
Reply

sdagley
Esteemed Contributor II

Posted on ‎08-30-2024 05:57 AM

@lucasrinvor If you're using "DestroyFVKeyOnStandby" then you cannot use Touch ID to unlock the Mac once it has entered Standby mode. You're forcing the Mac to go back through the FileVault login process, and Touch ID is not available at that point and there's no configuration setting you can change that will make it available.

0 Kudos
Reply

easyedc
Valued Contributor II

Posted on ‎08-30-2024 06:58 AM

If you're setting this based on a security review, my suggestion is to push back to whoever is asking for this setting and discuss the impact to user experience.

0 Kudos
Reply

KateWinslet
New Contributor II

Posted on ‎09-01-2024 11:11 AM

@lucasrinvor DG Paystub wrote:

Hello,

I would like to set up "destroyfvkeyonstandby" so that I can continue to use the touch id. because when I close the hood of my mac after 30 seconds when I open the hood again it starts by displaying the logo of the apple then he asks me for my password without the possibility to use touch id.

Thanks in advance

To continue using Touch ID after your Mac wakes from sleep, you need to set the destroyfvkeyonstandby to 0, which prevents the FileVault decryption key from being destroyed when the Mac enters standby mode. Open Terminal and enter sudo pmset -a destroyfvkeyonstandby 0, then press Enter and provide your password. This setting should allow Touch ID to work correctly when you open your Mac after it has been asleep.

0 Kudos
Reply