OS X: Configuring FileVault

| TMO Quick Tip

OS X’s FileVault is a great feature to use if you’re concerned about the security of files on your Mac. The problem is that if someone takes your machine, it’s really trivially easy to gain access to your stuff. Because FileVault encrypts your files, it means that you don’t have to worry so much about your Mac being out of your control, because without knowing your password, even the smartest criminal mind will be out of luck. 

If you’re running 10.6 or earlier, FileVault will only encrypt your Home folder, but a machine with 10.7 or later will be able to secure its entire disk using FileVault 2, which is what’s covered below. (Don’t worry if you’re using an earlier version of OS X, though, because the steps are pretty similar.)

Here’s how you go about it. First, visit System Preferences> Security & Privacy and choose (unsurprisingly) the “FileVault” tab. Click the lock in the lower-left corner and enter your administrator password to give yourself permission to make changes, and then select the button labeled “Turn On FileVault.”

On the next screen, choose which user accounts can unlock your Mac. If you’re the only user on your machine, the choice is easy, but be aware that if you don’t give someone access in this step, he or she won’t be able to unlock the computer without knowing your password.

When you’re satisfied that everyone who needs to use the machine can do so, click “Continue,” and you’ll see your Recovery Key.

As that dialog box notes, this code will allow you to unlock the contents of your disk in case you forget your password. It’s a really, really good idea to take a screenshot of that (Command-Shift-3 or Command-Shift-4), print it out, and take it off-site; alternatively, you could store the file in Dropbox, 1Password (if you’re syncing your database to your iOS device), or anywhere else that would be accessible if you lost your administrator password. Have I mentioned that you shouldn’t forget your administrator password? I like you guys, so please don’t.

Once you’ve safely recorded your Key somewhere, click “Continue.” As another fail-safe, your machine will then ask whether you want to store the Recovery Key with Apple.

If you choose to do that, then Apple Support will be able to help you unlock your disk using the answers to the questions you pick. Keep in mind that if you forget your password and your Recovery Key and you either didn’t store your info with Apple or you forgot the answers to these questions, you’ll be locked out of your files. Forever and ever. That would be sad, so don’t do that, either. 

Anyway, answer the security questions (assuming you chose to store your Key with Apple), then click “Continue” again. At this point, you’ll have to restart.

When your Mac comes back to life, you can check how much longer encryption will take by going back to System Preferences> Security & Privacy> FileVault.

When the progress bar finishes, you’re good to go. Whew! It seems like a lot of work, but it really doesn’t take much time to walk through these steps. And when you’re done, you’ll have the satisfaction of knowing that your Mac is a thief-thwarting powerhouse. As long as your administrator password isn’t “password” or “1234,” that is.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

snowmobile

Thank you Melissa but could you please expand on the possible problems FileVault2 may have with TimeMachine and other backup of encrypted files/disks as this is an issue the casual user may need to know before attempting to filevalult their files

Macfox

Great help Melissa. I do have a concern as “snowmobile” eluted to using Time Capsule (TimeMachine) with a FileVault2 encrypted drive. Is there any problem(s) restoring from the setup? I would think at some point (before finding TM files to restore the FV2 password would have to be entered. Is that the only non-problem (as long as you follow proper procedure and remember your password or recovery key for the FV2 drive).

Melissa Holt

Hi guys!

Having FileVault turned on for your Mac doesn’t affect your Time Machine backups; if you want to encrypt those, you’ll need to do so within System Preferences> Time Machine (and you’ll have to erase any existing backups if you turn that on).

Of course, it’s always a GREAT idea to have multiple backups using different services in case of failure. I use Time Machine, Carbon Copy Cloner, and CrashPlan concurrently as my backup plan, and I would strongly suggest that no one rely on one single system or disk. I’ve seen too many people have Mac drive failures only to find out that their one backup had not worked properly for a month or more. That can get expensive, fast!

Hope that helps!
Melissa

Log-in to comment