FileVault Encryption on Mac: What is it and Should It Be Enabled?

Today, most users believe that their data is more or less protected if you need to enter a password to log into your account. That’s just such a method is still not entirely safe. There are many ways to reset a user’s password, which will make it possible to access all of its information stored on a Mac.

However, macOS offers a solution to this problem in the form of a tool called FileVault. The term is not particularly familiar to the general public what is hidden behind this technology.

♥ BY TOPIC: Useful free macOS apps not found on the Mac App Store.

What is FileVault?

The name FileVault has a full disk data encryption system. In her work, she uses the XTS-AES-128 algorithm with a 256-bit key length. This is enough to ensure the highest level of security. The encryption key is generated by the PBKDF2 algorithm based on the user’s password. After encryption, all information will be stored in blocks of 8 MB.

If you use macOS Snow Leopard, it is possible to upgrade to macOS Lion and get the FileVault 2 tool at your disposal.

The work of this function is actually very simple – the data is transferred to an encrypted disk image, and then erased from the previous unprotected space. Instant Wipe technology is responsible for the removal of information without the possibility of deletion. But this is only the primary data processing, after it the files will be encrypted already in the background, “on the fly.” FileVault can even encrypt Time Machine backups. Encryption is not performed in sleep mode or when using the Mac on battery power.

♥ BY TOPIC: How to automatically delete specific incoming e-mail messages in Mail on Mac (macOS).

How FileVault Works

During the initial setup, the user will be given a recovery key in case they lose their password. The key must be remembered, because otherwise it will not be possible to recover your data without a password. But as an alternative, it can also reset the password using an iCloud account.

After activating FileVault, the procedure for starting up the computer changes for security. If previously an account was first loaded, and then a password was required to enter it, now authorization is required before downloading. This method eliminates the theoretical possibilities of password reset by booting from external media, in Single User mode and other methods. Automatic login for all accounts is excluded.

♥ BY TOPIC: Active angles on macOS: what it is, how to set up and use it.

Do I need to enable FileVault?

It is no longer a secret that just a user password to enter the system is not enough to ensure complete data security. If the attackers gain physical access to the computer, the only question is how quickly they will be able to reset the password from the system or directly connect to the drive. But encryption systems like FileVault guarantee reliable information protection – the data on the drive will be encrypted. And this utility was created by Apple itself, which allowed us to achieve maximum integration with macOS. An important bonus is the preservation of the original amount of data after encryption.

♥ BY TOPIC: How to check the speed of SSD, HDD or USB stick on Mac (macOS).

Disadvantages of FileVault

For the sake of justice, it is worth mentioning the disadvantages of this technology:

  • encryption process significantly affects system performance;
  • if the password and recovery key are lost, data cannot be restored;
  • damage to the drive will make information recovery impossible;
  • encrypted copies of Time Machine make it impossible to recover a specific file, offering to deploy the entire copy.

♥ BY TOPIC: How to schedule a sleep mode and automatically turn on your Mac.

How to enable FileVault encryption on Mac

1. Launch the “System settings“.

2. Go to the menu “Protection and security“, Go to the”Filevault“.

How to enable FileVault encryption on Mac

3. Release the lock by pressing the lock in the lower left corner and enter the Administrator password.

How to enable FileVault encryption on Mac

How to enable FileVault encryption on Mac

4. Select “Enable FileVault“. If other users have accounts on the computer, a message will appear stating that each of them needs to enter their password. To do this, you will need to press the button every time “User On”. Accounts added to the system after activating FileVault will be included automatically.

How to enable FileVault encryption on Mac

5. In the window that appears, select how you can reset the password you forgot. On OS X Yosemite and later, you can use your iCloud account, and on OS X Mavericks you can store the recovery key on Apple servers as well. To access it, it will be necessary to answer three control questions.

How to enable FileVault encryption on Mac

6. If you select a recovery key, the system will issue a code. It will need to be remembered or written down, and then stored in a safe place. Of course, this place should not be an encrypted boot disk.

How to enable FileVault encryption on Mac

After activating FileVault, file encryption will begin in the background and may take several hours. The computer can be used normally.

How to enable FileVault encryption on Mac

♥ BY TOPIC: Split View, or how to split a Mac screen to work with two applications at the same time.

How to reset password or change FileVault recovery key

If you suddenly forgot your password or it does not work, then you can reset it according to the standard procedure.

But to change the recovery key used in encryption of the boot disk, you will need to disable the FileVault function on the tab “Protection and Security” in “Settings”. Then encryption can be enabled again, while creating a new key and deactivating the old one.

♥ BY TOPIC: Mac for Dummies: 30 helpful macOS tips for beginners.

How to turn off FileVault encryption

It may well turn out that you decided not to encrypt your boot disk. This can happen, for example, when the system slows down explicitly. Here’s how to disable FileVault:

1. Go to Apple System settings Protection and security.

2. Click on the FileVault tab.

3. Click the lock icon, enter the administrator username and password.

4. Click “Turn off FileVault“.

Decryption will also be performed in the background when using a Mac computer. It should not be in sleep mode or running on battery power. You will be able to check the completion of the task in the same Vault section of the tab “Protection and Security” in “Settings”.

See also:

Rate article
( No ratings yet )
Share to friends
Leave a Reply