FileVault: Encryption for your Mac

filevault2 mac icon

What is FileVault?

“FileVault” is Apple’s term for disk encryption. It’s been around in its current incarnation since OS X 10.7 “Lion” shipped in 2011. FileVault secures your Mac’s hard disk using XTS-AES 128 block cipher technology. When FileVault is turned on, you are required to input your password whenever your Mac starts up. Without this password, the data on the hard drive is unrecognizable.

The encryption is linked to a recovery key and a password that are generated at the time the disk is encrypted. NC State escrows this key to a secure location to retain it for emergency uses. One way or the other, without entering a password or recovery key, neither you nor anyone else can get any meaningful data from that drive.

This makes FileVault a great choice if you handle sensitive information, or if you are concerned about the security of the data on your Mac if it’s ever lost or stolen. There’s another good reason to use FileVault, too: Apple recommends using it if you want to securely delete data off an SSD-equipped Mac once you stop using it.

Should I use FileVault?

FileVault protects your data from prying eyes. If you’re using your computer to access sensitive data, or if you just don’t want your information to fall into the wrong hands, FileVault gives you peace of mind you won’t have otherwise.

Having said that, FileVault adds a layer of complexity to the operation of your computer by enforcing a password you have to remember to access the drive. If you have trouble keeping track of passwords, or if you just don’t want to bother, consider your strategy and whether it’s worth the effort.

Last, take a look at your gear. There are a few reasons why Apple’s switched from keeping FileVault off to turning it on by default. Hardware encryption features are baked into the CPU, which makes FileVault faster. Newer Macs mostly use Solid State Drive (SSD) flash storage in place of spinning hard drives, and that makes a big performance difference too.

If your Mac is older and still using a hard drive, you may find that FileVault imposes an unreasonable performance hit. Make sure your Mac is up to snuff before turning on FileVault.

Before you use FileVault

Regardless of whether FileVault was activated when you first set up your Mac, you can turn it on at any time. There are a couple of practical caveats you should bear in mind. Be warned that the initial encryption process — and the decryption process, if you should ever need it — will take hours. You’re still able to use your Mac while it happens, because the Mac will set up FileVault in the background, but it’s a process. So Mac laptop users should be prepared to leave their machines running and plugged in to a wall outlet until FileVault’s work is done.

Enabling FileVault

Turning on FileVault protection for your Mac is easier than ever. Simply open up Self Service and run the “Enable FileVault Encryption” by pressing the “Encrypt” button. The complicated process of setting up FileVault, adding your users, and escrowing the recovery key is automatically completed for you, so you don’t have to worry about a thing. Do remember, you won’t be able to turn on your Mac without the password of the account that enables FileVault on the Mac. You can check out this article to learn about what other cool things you can do with the Self Service app!

Original Content from Peter Cohen‘s article, “All about FileVault: Encryption for your Mac”.

Leave a Reply