While they all look similar, macOS has three separate screens that allow you to log in and start a new user session, decrypt the system volume at startup, or unlock an existing user session
The screen to sign in to a computer account will be familiar to any Mac user. But on closer inspection, you might have noticed three similar— yet slightly different—screens that can ask for your computer password. Those three screens are the login window, the FileVault unlock screen and the lock screen.
The login window starts a new user session or re-enter an existing user session running in the background. This is the screen you see when the computer starts up. It can have user icons or a name and password form.
When the system volume is encrypted, the FileVault unlock screen appears at startup or after waking up from standby or safe sleep. It will always have icons for the users who can decrypt the volume.
The lock screen shows up when the computer has locked the computer after waking up from sleep when the screen saver has locked the screen, or if some other event has triggered a lock. This screen will prompt for the active user's password.
Login Window
The login window is the screen that greets you after the system has finished the startup process that prepares the computer for use. This window consists of a list of user icons.
Configuring login options in System Settings > Lock Screen preferences can show only user's name and password instead.
This option will remove the icons from the login window, and you will instead see a form with fields for the account name and password.
If you later return to the login window and there are user sessions already open in the background, those users will have a check indicator next to the account name.
If you have set the login options to show only a name and password field, there will be no visual indication that already open user sessions are running in the background.
FileVault Unlock Screen
If you have enabled disk encryption on your computer with FileVault, the Mac will not be able to read the encrypted system volume until a FileVault-enabled user unlocks the encryption key. The computer will start up to a hidden pre-boot volume that shows a FileVault unlock window that looks just like the login window with icons for the enabled users (even if you selected name and password to be shown at the login window).
One indication that you are at the FileVault unlock screen is a progress bar that appears after you enter your password. This progress bar shows the status of decrypting the system volume.
When you successfully present credentials to decrypt the system volume, the computer will use the provided account credentials to log in instead of showing you the login window again.
Generally, all users on the computer will be enabled to decrypt FileVault. But it is possible that accounts was created before FileVault was turned on, or users created through automation tools like MDM, may not be enabled to do so. In that case, you will only see the enabled users at the FileVault unlock screen.
FileVault Login Screen Differences Between Intel and Apple Silicon Mac Computers
Intel Mac Computers
Enables the use of account icons and password fields on the FileVault login screen.
Does not support username and password fields at the FileVault login screen.
Does not support smart cards for login at the FileVault login screen
Apple Silicon Mac Computers
Enables the use of account icons and password fields on the FileVault login screen.
Supports username and password fields at the FileVault login screen
Supports smart cards for login at the FileVault login screen
After you log in with the enabled account and the computer is unlocked, you can then switch to another user account by selecting Login Window from the Fast User Switching menu.
After logging in with an enabled account, you may also choose to log out from the Apple menu.
In System Settings > Security & Privacy > Security > FileVault, you will see a warning that some users are not enabled for FileVault.
Clicking the Enable Users button will enable the remaining users to unlock FileVault.
Lock Screen
The lock screen is shown when the computer has locked after a period of inactivity, the screen saver is set to lock the computer, or some other event has triggered the computer to lock. When users return to the computer, they will be prompted to unlock the screen with their account password. The visual indication that you are at the lock screen is that the user account is already selected and the password prompt is ready for input. If a screen saver is enabled, you may see the screen saver image behind the account icon and password field.