Protecting Your Data with FileVault Disk Encryption

I'm going to tell you a little secret. This is a secret that very few people know, and once you know this secret, it may scare you a little. In fact, it may scare you a lot. OK, ready? Here we go...

Your Mac isn't as secure as you think. Gasp! Sure, you have a password on your account so that people can't casually log in under your profile, but believe it or not, it's super easy to bypass that password. There's a publicly-documented way to change a user account's password, and once a password has been changed, anyone could have access to anything and everything stored within your profile. While I'm not going to share with you how to change someone else's password (not everyone needs that kind of encouragement), I will share with you how to prevent others from being able to change yours.

By default, your Mac's hard drive is not encrypted. This means that if you were to remove your hard drive from your computer and connect it to another computer, you would be able to access all of the files without a password. While this may seem like a major security flaw, Apple has provided a way to secure your entire hard drive through disk encryption. Here's how it works.

WARNING: Before making changes to your system, you want to make sure that you have a good backup of your data. Not that I expect anything to go wrong, but as with anything... it's better to be safe than sorry.

Apple calls their disk encryption technology FileVault. Once a drive is encrypted using FileVault, it is protected from unauthorized access. To enable FileVault, open System Preferences, click on the "Security & Privacy" button, then click on the "FileVault" tab.

If the lock in the lower left-hand corner is locked, you will need to unlock it by clicking on the icon and entering your password. Next, click on the "Turn On FileVault..." button. Before FileVault is activated, there are a few steps to take.

On the next screen, you will be prompted to enter passwords for each account.

After you have entered the passwords, click "Continue". This will take us to another screen where we will be given a recovery key. It's important that you document this recovery key and store it in a safe and secure location. This is the key that will be used in the event that you forget your user account password. 

WARNING: if you forget your user account password AND don't have access to your recovery key, you will lose access to your data for good.

Next, hit "Continue". As a fail-safe, you will be asked whether or not you want Apple to store (securely) a copy of your recovery key on their servers. If you choose to use this method, you will supply answers for three security questions. These are the questions that you will be asked by an Apple rep, should you need to recover your recovery key. If you choose NOT to store your recovery key with Apple... well, just make sure you have it documented somewhere.

After you click "Continue", you will be prompted to restart your computer.

As your computer restarts, it will begin the drive encryption process. This will take anywhere from a few minutes to 30 minutes, depending on several factors. When it has completed the encryption process, you will log in to your account like normal, and things will appear to be the same. I say appear, because it will look as though nothing has changed, with one difference... your hard drive (or SSD) is now encrypted. What does this really mean? Quite simply, if your laptop or desktop were ever compromised, you will find peace, knowing that it will be impossible for the perpetrator to gain access to your files.

Is this drive encryption really necessary for most people? Maybe not, but you may want to ask yourself this question... if your computer was ever stolen and/or fell into the wrong hands, would you be comfortable knowing that someone else could have full access to your data? If the answer is no, then it's worth at least considering FileVault to protect yourself.

Posted on July 13, 2015 and filed under How To, Mac, Opinion.