If you are looking to address exactly that, please first have the user try an older password of theirs. FileVault will only accept the SecureToken password, and if the user's password was reset improperly, the new password will not be registered with SecureToken, per se. More information on this is here. Upon resetting the password in Recovery Mode, the user will be granted a SecureToken.
- Knowing an Admin user password (Could be a temporary Admin created via Go-Live and cannot be the same user you're trying to reset the password for)
- Reset and change all the passwords on the device without needing Admin credentials (but they will create the password for any admins on the device).
Step 1
- Press the power button on the device
- Begin holding Command + R until the recovery screen appears
Silicon -
- Press and hold the power button until you see a screen with the system volume and the options button.
- Select "Options" and then click continue
Step 2
Step 3A (Option 1)
Step 3B (Option 2)
Click Forgot all Passwords and set a new password for every user on the device, making a note of the password you set for your user. (The other passwords can be anything and reset via Go-Live as long as you're okay with them not being able to log into them via the FileVault login page). Then click Restart