OS X: Configuring FileVault

OS X’s FileVault is a great feature to use if you’re concerned about the security of files on your Mac. The problem is that if someone takes your machine, it’s really trivially easy to gain access to your stuff. Because FileVault encrypts your files, it means that you don’t have to worry so much about your Mac being out of your control, because without knowing your password, even the smartest criminal mind will be out of luck. 

If you’re running 10.6 or earlier, FileVault will only encrypt your Home folder, but a machine with 10.7 or later will be able to secure its entire disk using FileVault 2, which is what’s covered below. (Don’t worry if you’re using an earlier version of OS X, though, because the steps are pretty similar.)

Here’s how you go about it. First, visit System Preferences> Security & Privacy and choose (unsurprisingly) the “FileVault” tab. Click the lock in the lower-left corner and enter your administrator password to give yourself permission to make changes, and then select the button labeled “Turn On FileVault.”

On the next screen, choose which user accounts can unlock your Mac. If you’re the only user on your machine, the choice is easy, but be aware that if you don’t give someone access in this step, he or she won’t be able to unlock the computer without knowing your password.

When you’re satisfied that everyone who needs to use the machine can do so, click “Continue,” and you’ll see your Recovery Key.

As that dialog box notes, this code will allow you to unlock the contents of your disk in case you forget your password. It’s a really, really good idea to take a screenshot of that (Command-Shift-3 or Command-Shift-4), print it out, and take it off-site; alternatively, you could store the file in Dropbox, 1Password (if you’re syncing your database to your iOS device), or anywhere else that would be accessible if you lost your administrator password. Have I mentioned that you shouldn’t forget your administrator password? I like you guys, so please don’t.

Once you’ve safely recorded your Key somewhere, click “Continue.” As another fail-safe, your machine will then ask whether you want to store the Recovery Key with Apple.

If you choose to do that, then Apple Support will be able to help you unlock your disk using the answers to the questions you pick. Keep in mind that if you forget your password and your Recovery Key and you either didn’t store your info with Apple or you forgot the answers to these questions, you’ll be locked out of your files. Forever and ever. That would be sad, so don’t do that, either. 

Anyway, answer the security questions (assuming you chose to store your Key with Apple), then click “Continue” again. At this point, you’ll have to restart.

When your Mac comes back to life, you can check how much longer encryption will take by going back to System Preferences> Security & Privacy> FileVault.

When the progress bar finishes, you’re good to go. Whew! It seems like a lot of work, but it really doesn’t take much time to walk through these steps. And when you’re done, you’ll have the satisfaction of knowing that your Mac is a thief-thwarting powerhouse. As long as your administrator password isn’t “password” or “1234,” that is.