By Glenn Fleishman

May 18, 2026 10:00 AM PT

FileVault keys can’t be escrowed in iCloud anymore

If you’ve enabled FileVault before macOS 26 Tahoe and used the option to escrow your key in iCloud, as of 26.4, you’ll be forced to migrate to a new, better, more secure method. Jason Snell just noted this update in his post about refreshed security. I wrote last September about how Tahoe shifted to storing the last-ditch account Recovery Key in Passwords starting with macOS 26.

In that column, I explained, “Your previous choices are preserved. If you wrote the key down or used iCloud escrow, this remains in place.” This is no longer the case! That article remains accurate and provides all the background and insight you need on using FileVault and the role of the Recovery Key.

However, when faced with the upgrade, you may appreciate a few tips and some advice.

You may not need FileVault

FileVault is not necessary for everyone. Apple encourages it, but enabling FileVault increases the odds that you might be locked out of your Mac forever should something go wrong. What is that something? If I could predict that, I wouldn’t be any richer, but you’d all be happier, as would Apple.

The something arises from FileVault’s two-part boot process, which uses a thin layer that requires a Mac account password to unlock your drive. There’s an “opportunity,” shall we say, for that data to corrupt for whatever reason. The Recovery Key bypasses the password requirement, uses a long code stored securely to let you in, and then resets your password.

You might also somehow forget your login password! Unlikely, but I have had times in the past when I used only a memorized password, and my fingers kept the muscle knowledge, and my brain apparently did not. I lost the thread of it, and couldn’t remember what to enter anymore! I have taken measures to prevent this since, but it isn’t impossible.

Fail to have a password or access to your Recovery Key, and you’re locked out forever. Apple can’t recover this data.

If you don’t use FileVault, you don’t need to worry about that at all. Consider your risk profile—are you concerned that someone other than you (or an authorized person) might have physical access to your Mac, and be able to bypass macOS’s login to read the drive directly? That is a big lift for anything but motivated cryptocurrency thieves or a government. If so, FileVault is a valuable add-on, a good complement to Lockdown Mode: FileVault hardens your Mac against local attempts to get into its contents; Lockdown Mode resists many common remote methods of malicious intrusion and phishing.

If not, you can rely on built-in encryption and the physical security of someone having to get to your machine to try to crack it.

But if you like or need the protection of FileVault, perhaps because you travel with a laptop or work in a sensitive industry or carry sensitive data, read on.

Practical upgrading insight

The previous column covers all the basics and the, er, advanceds, but as you migrate, consider these items:

• Found in passwords: Recovery Key is now stored in Passwords. Search for “recovery key” or the model name listed in Settings: General: About in the Name field. (Changing the name doesn’t update the Passwords entry.) If you don’t see an entry in Passwords, try resetting FileVault (see below).

• Persistently available: The key is persistently available in the Mac interface, too, either by using Touch ID or entering your password in Settings: Privacy & Security: FileVault and clicking Show.

• Backup your backup: Because you can no longer store your key in iCloud, it is critical that you have some means of using Passwords on a 26 or later operating system version to regain access to your Mac account if your login fails. You may want to store the key in another password management system, like 1Password, if that would increase your odds of gaining access to it. If you can’t use your password to log in and you can’t access your Recovery Key, you will be locked out of that data forever.

• Older devices can’t see the key: Any of your iCloud-linked devices not yet running iOS 26, iPadOS 26, or macOS 26 will be unable to view the Recovery Key in Passwords (or equivalent in Safari in older versions of macOS).

Resetting FileVault

In my case, I’d upgraded to the new method back in 26.0, writing about it here and upgrading my book Take Control of Securing Your Apple Devices. When I went to check just now—with 26.5 installed—the FileVault view said I had FileVault enabled. However, the Show button was grayed out, and Passwords didn’t show an entry for this computer.

I fixed it in this way:

1. Disable FileVault.
2. Click Turn Off Encryption. (You may be prompted to enter your password.)
3. Enable FileVault. (You may be prompted again, but probably not.)

The entry now appears in Passwords.

Note also that Apple continues to show outdated text in this section: “FileVault secures your data by encrypting the contents of your Mac and locking your screen with a password.” All M-series Macs and all Intel Macs with a T2 Security Chip encrypt the contents of the startup drive by default. FileVault layers startup protection on top of that. So Apple may require this mandatory security change, but it fails to explain it correctly.

[Got a question for the column? You can email glenn@sixcolors.com or use /glenn in our subscriber-only Discord community.]

[Glenn Fleishman is a printing and comics historian, Jeopardy champion, and serial Kickstarterer. His latest book, which you can pre-order, is Flong Time, No See. Recent books are Six Centuries of Type & Printing and How Comics Are Made.]

By Jason Snell

May 14, 2026 10:00 AM PT

Apple escalates macOS defenses while honoring its open nature

One of the big differences between the Mac and Apple’s other platforms is that, by design, it’s an old-school “general computing” platform—you can install and run whatever software you want, from any source.

That’s a good thing. It’s what makes the Mac the Mac. But it also makes the Mac more vulnerable than Apple’s other platforms, where the company can strictly limit what software is allowed to run on the device behind layers of developer memberships, code signing, scanning, and App Store approval.

For the last decade or more, as the Mac has become more popular, Apple has been trying to ratchet up Mac security. But because the Mac is open, securing it brings some unique challenges, as I found out when I got a chance to discuss these issues with some members of Apple’s security team recently.

Back in 2018, the company introduced notarization for apps, a system that used developer code signing and automated scans to provide a slightly increased level of scrutiny and security. While you can run apps that aren’t notarized on your Mac, it’s become increasingly difficult to do so—on purpose.

That’s because as Apple gradually ratchets up its Mac security approach, it’s increasingly playing a game of Whac-a-Mole with malware makers and scammers who are trying to take advantage of Mac users. Adding notarization made it harder for users to install malware without taking additional steps, so scammers switched to social engineering, talking users through the process of bypassing the warnings for non-notarized software. Apple eventually made bypassing the warnings so onerous that most scammers moved on.

They generally moved on… to the Terminal, which is why macOS 26.4 introduced warnings about code being pasted into Terminal. Scammers were giving users long strings of mostly unreadable code to paste into Terminal to “fix” problems—and this code would, when entered, grant permission and download software. In 26.4, Apple looks for specific strings on the clipboard and blocks them with a warning—while also looking for the presence of various developer tools on the system as an indicator that the user is more sophisticated and therefore the blocking should be a bit more lenient. It’s a clever approach to spare confused novice users without getting in the way of more expert ones. (Malicious AppleScript scripts are also being checked these days. You can’t be too careful.)

Apple has also, over the years, increased Mac security by structuring the way macOS is stored on disk. Much of the operating system is stored on sealed volumes that are cryptographically signed, meaning they can’t be tampered with. System Integrity Protection prevents tampered OS versions from booting. Drivers have been moved into limited-access user areas, out of full-access admin areas. Admin users, who used to have ultimate power (without ultimate responsibility), are now more limited in what they can do.

A few years ago, I complained that Apple’s warning dialogs were out of control, especially when migrating to a new system. Since then, Apple has made a bunch of improvements, including honoring many older permissions choices when migrating. The security team seems to have also acknowledged that there are certain circumstances where installing a lot of software might not be as big a security threat. That’s why during the first 24 hours of setting up a new machine, Apple’s security warnings are now throttled.

Among other recent changes in macOS 26 updates are new background security improvements that allow Apple to install small updates in the background between normal system updates.

And as our own Glenn Fleishman reported last year, Apple began syncing FileVault keys via iCloud. What began as a gentle roll-out is now mandatory in macOS 26.4, where all users who are syncing FileVault keys will have them stored via this method.

The Mac is never going to be as secure as iOS, and that’s okay. That extra insecurity is the trade-off for the Mac being an open system, and that’s what makes the Mac special. In 2018, at WWDC, I watched as a representative of Apple’s security team stood on stage and promised that Apple would never prevent Mac users from running any code they wanted. He never promised it would always be easy, and it’s not—but that promise has been kept, and I get no sense that Apple envisions a world where it will ever be broken.

In the meantime, the good news: When you consider that the game of Whac-a-Mole has reached the “paste long strings of text into the Terminal” phase, it makes you wonder how desperate those scammers have gotten. Maybe after years of ratcheting up security, Apple’s made it just too hard to talk users into installing malware on their Macs. That has required a lot of extra effort that’s not necessary on the iOS side—and I’m glad Apple is making that effort to keep the Mac as safe as possible while it still remains open.

By Jason Snell

May 13, 2026 4:40 PM PT

Indigo unifies the Mastodon and Bluesky timelines

Indigo, from Soapbox Software, is a new social media client that combines Bluesky and Mastodon timelines in one place. I’ve been using it for the last month or so as my primary social-media client—and it’s so good that I’ve largely stopped using individual clients dedicated to the two services.

Indigo makes it easy to cross-post to the services, which is unsurprising given its pedigree—its creators, Aaron Vegh and Ben Rice McCarthy, made the cross-posting app Croissant before they made this. Since the services offer different character limits, Indigo shows you countdowns for both in one place. The app offers some other cross-service niceties, like identifying very similar posts on both services and de-duping them—though I still see not-quite-identical posts from time to time.

Indigo excels at scrolling through a timeline. Get too far beyond that, though, and you’ll find that it’s still definitely a 1.0 product. There’s no way to search within your timeline, tapping to expose an entire thread can be very slow, there’s no support for Bluesky lists, mute filters aren’t applied immediately to all items in a timeline, and occasionally I found that it just wouldn’t let me interact with some posts until I quit and re-launched the app. I also found the app’s choice of colors—blue for Bluesky, purple for Mastodon—to be impossible for me to differentiate as a colorblind person. (Fortunately you can add a badge on each account’s avatar, but it would sure be nice to pick a better color scheme.)

While I prefer Indigo because I want to scroll a timeline once and only once, it’s not yet at the level of a dedicated app like Tapbots’s Ivory for Mastodon. But this is a brand-new app, so I accept that it’s got room to grow. Ben Rice McCarthy has a nice blog post about how the project came to be, and another about how its design evolved.

Indigo is available for free on the App Store. For the Ultraviolet level, which allows interaction with posts, you can pay $5/month, $35/year, or $120 for a one-time purchase.

By Glenn Fleishman

May 12, 2026 9:00 AM PT

How I restarted using RSS, and actually noticed!

Recently, I tripped over a headline for an article I wrote for Six Colors in 2015: “How I stopped using RSS and didn’t even notice.”

I could hardly remember writing it. But write it I did, at a time when we were deep in a news-aggregation desert. It seemed like RSS had experienced a conceptual death, through neglect and intent. Google first hijacked usage by creating Google Reader during RSS’s heyday in 2005, which sank the market for paid RSS apps and led to near hegemony for Google.

Then, typical of fickle Google, the company killed off Google Reader in 2013. Because Google Reader was web-based, its loss revealed a barren marketplace. Small developers tried to fill the gap, but the pattern of usage for many people had ended.

Couple that with the emergence, by that time, of the expectation of very low prices for single-purpose apps, and little chance yet of convincing people to pay for a recurring subscription. RSS readers persisted, but it seemed like their time had come and gone.

But I was too pessimistic! Today, I’m back to daily—or multiple-times-per-day—use of a newsreader, the same one that got me addicted back in the early 2000s. Hurray, I’m an RSS news junkie again!?

Continue reading “How I restarted using RSS, and actually noticed!”…

By Dan Moren

May 12, 2026 8:00 AM PT

Bartender 6’s new pro feature turns the MacBook notch into a dynamic peninsula

The battle for the Mac menu bar has raged for decades, and shows no signs of letting up.

As the number of apps and controls in the menu bar have continued to proliferate, users have had to constantly find ways to keep them in check. For years, the de facto solution was the Mac app Bartender, but after an awkwardly managed ownership transition in 2024, a slew of alternatives sprouted up to take on the venerable utility and vie for the crown.

The team behind Bartender has continued to plug away, however, and the latest release is Bartender 6, which not only continues the app’s legacy of menu bar management, but also extends into an interesting new area: the omnipresent notch of the MacBook.

The menu bar management options haven’t changed much from Bartender 5 to 6; you’ll find all your usual options, including the ability to customize layout, behavior, and look and feel.

There’s also beta feature called Widgets, which lets you make your own menu bar items with a plug-and-play interface that feels like a combination of Shortcuts and Yahoo Pipes. It’s interesting but feels more than a little underbaked at present; I had a hard time getting it do anything that it was supposed to do, including simply showing the current CPU usage. With some more work, it might be more competitive with the likes of SwiftBar, but right now, it’s a beta in the classical sense.

Bartender 6 is available as a four-week trial; after that time you’ll need to buy a full license for $20, though generous upgrade pricing is available for owners of previous versions. If you purchased Bartender 5 in 2025, you can even upgrade for free. Note that Bartender 6 does require macOS Sonoma or later and that if you do update from 5 to 6, your settings won’t transfer—the developers say this is because of changes in Tahoe, but it’s a shame they didn’t provide an export/import option.

If that were the whole story, it might make Bartender 6 an unremarkable update. However, in addition to all of those features, there’s also Bartender Pro, a $15/year subscription that promises not only all future Bartender updates, but also advanced features, starting with what it dubs Top Shelf.

Continue reading “Bartender 6’s new pro feature turns the MacBook notch into a dynamic peninsula”…

By Glenn Fleishman

May 11, 2026 12:44 PM PT

Keeping (and losing) track of Mac sleep settings

Your Mac doesn’t have one kind of sleep—it has several. That fact is generally uninteresting until you find you can’t easily put your Mac into display sleep or system (idle) sleep automatically when you walk away from it or close a laptop’s lid. Let me help you help your Mac drift into the arms of Morpheus by digging beneath the surface.

Scattered sleep settings

Recently, I got frustrated with this recurrent problem on the Mac in my studio. Generally, I want this Mac’s displays to sleep and the system to lock, but to remain active, since I access it remotely and it handles networked Time Machine backups. I thought I’d correctly configured the various System Settings, scattered across different panes, several releases ago.

There are three settings to be aware of:

• Lock Screen: In the System Settings app, select Lock Screen, note the “Turn display off… when inactive” setting or settings: “on battery” and “on power adapter” appear on a laptop; nothing on a desktop.¹ You can choose an interval here. Never is an option, and could be your problem.

• Battery: On a laptop, go to the System Settings app and select Battery and click Options. There, you can enable “Wake for network access,” which is set to “Only on Power Adapter” by default, to wake your Mac as needed for certain incoming network traffic. Your Mac will wake up—and sometimes your display will, too. If set to Always, this can wake your laptop while it’s on battery power, and potentially leave its display active, which could drain your battery.

• Automatic sleeping: Apple enables a setting by default that keeps your Mac active when the display goes to sleep. The location and phrasing are slightly different between laptops and desktops. On a laptop, the setting is in Battery’s Options dialog, as above, and reads “Prevent automatic sleeping on power adapter when the display is off.” On a desktop, find it in the Energy preferences, where it’s called “Prevent automatic sleeping when the display is off.” Disable this switch if you want your Mac to sleep when the display powers down.

Conversely, if you’d like a quick, manual way to put your display to sleep, you’ve got two options:

• In the System Settings app, go to Desktop & Dock, click Hot Corners (found at the bottom), and choose Sleep as an action for one corner.

• Press Control-Command-Q to activate Lock Screen, or choose Lock Screen from the Apple menu. I don’t love this keystroke, to be honest, because it’s perilously easy to type Command-Shift-Q, which logs you out of your account, shutting down all the apps.²

Unfortunately, tweaking these settings didn’t help my situation. The answer lay in Terminal, where I ran commands to reveal low-level information about what was keeping my Mac from display sleep.

Power management shows who’s keeping you awake

Apple does provide an excellent tool that shows what’s affecting power management and lets you control it: pmset.³ Even better, you can paste in the following to use that command to extract just sleep-related assertions, or activities that have an impact on sleep:

pmset -g assertions | grep -i sleep

When I typed this just now, I had a modest list, preceded by a summary:

PreventUserIdleDisplaySleep    0
PreventSystemSleep             1
PreventUserIdleSystemSleep     1
pid 507(coreaudiod): [0x00022a4d00018492] 00:36:44 PreventUserIdleSystemSleep named: "com.apple.audio.BuiltInHeadphoneOutputDevice.context.preventuseridlesleep"  
pid 507(coreaudiod): [0x0001fc3c0001a751] 03:53:17 PreventUserIdleSystemSleep named: "com.apple.audio.BuiltInHeadphoneOutputDevice.context.preventuseridlesleep"  
pid 64802(Music): [0x00022a4c00018a52] 00:36:45 PreventUserIdleSystemSleep named: "com.apple.Music.playback"  
pid 35328(QuickTime Player): [0x000200bb0001894d] 03:34:06 NoIdleSleepAssertion named: "com.apple.QuickTimePlayerX - disable system sleep"  
pid 68171(screensharingd): [0x00022c1e00078cbd] 00:28:59 PreventSystemSleep named: "Remote user is connected"  
pid 437(powerd): [0x00022b5900018bb7] 00:32:16 PreventUserIdleSystemSleep named: "Powerd - Prevent sleep while display is on"

The first three lines tell me the off/on status as a 0 (off) or a count (1 per set of connected items) about whether any application or other process affects those categories:

• PreventUserIdleDisplaySleep: When showing 0, as it is for me, there’s nothing that will block the display from sleeping on your Lock Screen delay choice. If this is 1 or higher, the display will not go to sleep.
• PreventSystemSleep: A non-zero value, as in my case, means something is actively preventing the system from sleeping at all, even if I tried to put it to sleep manually.
• PreventUserIdleSystemSleep: With a value of 1 or more, a process prevents your Mac, when idle, from engaging system sleep. If you perform an action, like choosing Sleep from the Apple Menu or closing the lid on a laptop, it will sleep.

You can see that I have several typical items in the filtered list below. The three lines listing com.apple.audio.BuiltInHeadphoneOutputDevice.context.preventuseridlesleep (twice) and com.apple.Music.playback relate to my current situation: I’m listening to the Music app via my Mac’s headphone jack, which is connected to speakers.

I have no idea why QuickTime Player, shown next, would prevent idle sleep—that seems strange, as it was inactive and had no open files. Quitting it removed that assertion. (Apparently, the specific language it uses is a legacy assertion, so it isn’t properly counted in the summary.)

Screen Sharing (screensharingd) is also an odd duck. Normally, if you have a Screen Sharing session connected to your Mac, its display can go to sleep, but the system stays active. In this case, this is a transient state: I use Bartender, which has to use Screen & System Audio Recording, which appears as a form of screen sharing when active, to determine which system menu items are currently visible.

The final item, powerd, is the setting noted earlier: “Prevent sleep while display is on.”

When previously looking through this list, I came across an online reference to a Mac utility called caffeinate. Folks, I’ve said before I have to keep humble despite being a technology writer for what is now nearly 30 years: I had never seen this command-line tool before, to my knowledge, and, according to Google, I have never mentioned it in my archived writing.

caffeinate was introduced 13 years ago by Apple as a cutely named option you can use to keep the display awake. For instance, to keep the display forced awake for an hour, overriding other settings, enter:

caffeinate -d -t 3600

Now, I was aware of Amphetamine (free from the Mac App Store). But I didn’t quite understand—or, let me be honest, maybe have forgotten—that it performed the same function, relying on the same system hooks caffeinate employs, and putting a friendly menu bar wrapper around it.

Finding the caffeinate reference led me to look for Amphetamine, which in turn revealed the problem. Perhaps due to some errant menu bar clicking, I had activated Amphetamine, thus locking my display on. My confusion might stem from three factors. First, I forgot I had it installed. Second, I used Bartender to put the icon in its Hidden list, so it wasn’t displayed in the active bar. Third, I used the icon selection option to change the menu bar picture from a pill to a tea kettle—you know, drinking tea might keep you awake? I regret my decision, as I didn’t recognize what it was when I made that decision, seemingly years ago.

Unfortunately, I couldn’t just turn it off in the app—I had to quit the app, then toggle the active state to turn it off. Sadly, we humans can’t turn off our caffeinated mode to go to sleep.

[Got a question for the column? You can email glenn@sixcolors.com or use /glenn in our subscriber-only Discord community.]

[Glenn Fleishman is a printing and comics historian, Jeopardy champion, and serial Kickstarterer. His latest book, which you can pre-order, is Flong Time, No See. Recent books are Six Centuries of Type & Printing and How Comics Are Made.]