- DATE:
- AUTHOR:
- The Kandji Team
Recovery Password Library Item
ㅤ Kandji's new Recovery Password library item allows you to configure and apply recovery passwords (to Mac computers with Apple silicon) and EFI firmware passwords (for Intel-based Mac computers), in order to protect against unauthorized startup commands.
![Recovery Password 2_edit.png](http://cloud.headwayapp.co/changelogs_images/images/big/000/087/391-34c92d79253870e7d80834d1322114c77a8c4c43.png)
This new library item supports automatically generating per-computer passwords, with the option of configuring time-based rotation (similar to the functionality for our rotating FileVault recovery keys); alternatively, you can manually set a static password. (We recommend the per-computer option.)
![Recovery password 3_edit.png](http://cloud.headwayapp.co/changelogs_images/images/big/000/087/392-2509e3251806abf205e273911b1c6ba50bb4a5cc.png)
If you’ve migrated from another device management solution, and had firmware passwords configured on Intel-based Mac computers, you can also provide up to 20 of those known passwords to Kandji and they will be automatically updated. For end-users, the experience will depend on the kind of Mac they have. For Mac computers with Apple silicon, the recovery password will be applied without any user interaction. For Intel-based Mac computers, users will be prompted to restart within 30 minutes after a legacy firmware password is applied, whether for the first time or when being rotated; this restart can not be deferred. Learn more about the Recovery Password library item.