Apple macOS High Sierra update fixes the password-leaking bug
In the last macOS update, a bug made it possible for anyone to easily steal your password of APFS (Apple File System) encrypted volume. The bug showed the entire password when users clicked on the password hint. Which means no matter what password hint you’ve set, the bug will always show you the entire password once you click on the hint.
Apple says that it has fixed the bug in new macOS High Sierra 10.13 Supplemental Update. After installing the 10.13 update, you must also install a security update to remain secure.
Apple also suggests a number of steps you should take after installing the update. The steps include including Disk Utility, selecting the affected encrypted APFS volume in the sidebar, clicking on Unmount to unmount the volume, and then erasing the volume by clicking on Erase. You’ll then have to type in the name of the new volume and change Format again to APFS (Encrypted). After that, enter your new password and add a password hint.
To see the complete list of steps, follow the official Apple Support page. We know that these steps are not easy to follow and Apple should have fixed the issue without you doing anything, but for now, you should follow them to stay safe.