When booting your Mac you should only need to supply your username and password once in order to log in. However, there may be times upon cold-booting your Mac where you enter your password at the login prompt, but after the system shows a gray boot screen as expected, it displays your login window again. This problem does not affect the functionality of your Mac, and is only a minor hiccup in how FileVault disk encryption is set up on your system.
FileVault encrypts your entire disk, including the operating system. When you turn on your Mac, a login screen look-a-like is presented that shows the usernames your system has authorized to unlock the disk. Since these are users on the system, once the disk is unlocked and OS X loads, the login credentials you provided will be passed to the OS so it automatically logs in and does not require you supply the same credentials twice.
This break in the login process may happen after upgrading your system, especially to Yosemite, where Apple converts your hard drive to a CoreStorage volume (a special volume-management setup that allows for encryption). As part of Yosemite’s setup, you are encouraged to enable FileVault, so this feature may have been enabled by you somewhat in passing. This problem may also have happened when restoring from a backup, reinstalling Yosemite, changing and modifying user accounts, among other core system modifications.
The first approach for fixing this issue requires you toggle your account’s administrator status, especially if you have multiple administrator accounts set up on your system (admin status in Yosemite automatically grants the ability to unlock your hard drive):
- Go to the Users & Groups system preferences
- Click the lock to authenticate
- Ensure an account other than yours is granted admin status
- Log into that account and demote your current account to Standard
- Reboot your system for these changes to take effect, if prompted
- Log into your second admin account and re-enable admin status for your main account
- Shut down your Mac, and then boot it up to test your login windows
Create a new user account and toggle this option to give it admin status. Then restart your system when prompted.
While this involves a few steps, it is overall the fastest option for addressing this issue. Once completed and if the login window only displays once, you can go back to the Users & Groups system preferences and remove any temporary administrative accounts you had to create for this process.
The second approach for this problem is to disable and re-enable FileVault completely, which will re-associate your administrative accounts to the disk encryption prompt, setting up your Mac to pass the supplied credentials to the operating system when it loads.
- Go to the Security & Privacy system preferences.
- Go to the FileVault tab
- Click the lock and supply admin credentials to unlock the preference pane
- Click the “Turn Off FileVault…” button
- Restart your Mac when prompted
Click this button to disable FileVault, followed by restarting. Re-enabling FileVault will associate your admin accounts to unlocking the disk.
The problem with this approach is it may take a while to both decrypt and then re-encrypt the system, but it is perhaps the more thorough method of addressing this issue. Overall, I recommend you try the first approach, and then the second one if the first does not work for you.
Two comments: First, it is always a good idea to have an alternate admin account configured on your system. That way, if you muck your user’s account to the point where you can no longer log into it, you can still log into the alternate admin and try to fix things from there.
Better yet, create the second admin and then demote your regular account. That will limit the damage that can be done either by an accident or by malware; only the files that you can modify without further authentication can be affected. (In most cases whenever you need administrative privileges you are given a chance to enter both the name and password of an administrator, so you will need to log into the admin account very rarely and the impact on your daily routine is minimal).
Second: The users authorized to decrypt the FileVault volume don’t have to be administrators, nor do all Administrators necessarily have to be authorized to decrypt. You can add users to the list of authorized people in System Folders > Security & Privacy > FileVault > Enable Users…, but to remove them from the list you need to use the very powerful fdesetup command. You can find more info on that command in this old article by Topher from when CNET was useful (with extra info in the comments).
Note that removing and adding back the user via fdesetup may be enough to solve the double-login issue central to this article.
So I did both solutions and still have two login screens. It’s worth noting that this all happened after I installed the SAASPASS connector for automatic login (and subsequently uninstalled it…)
Any other steps you could recommend?
After setting up my laptop with a misspelled username, I created a new user and deleted the old one, but I still had to log in first to the old, wrong name after reboot. Since I had already deleted the old username, I tried the second approach which resolved the issue. Thanks!
Thank you. Very helpful for me! I removed the original user that had created the disk, adding a new admin user, so I had to use the second method.
Thanks! got it to work using the 2nd option.