Apple introduced FileVault, a disk encryption program, in OS X Panther (10.3) and later to provide on-the-fly encryption with volumes on Macs. At that time it can only be applied to a user’s home directory. In OS X lion (10.7) FileVault was significantly redesigned, and the new FileVault 2 can encrypt the entire OS X startup volume. FileVault 2 is a full-disk encryption software that uses XTS-AES 128 encryption to help prevent unauthorized access to the information on your Mac startup disk. Once you turn it on, your Mac startup drive will be fully encrypted during the running. FileVault encodes the information stored on your Mac so that it can’t be read unless the login password is entered, which means, even when your Mac is powered off, all data stored in the drive is unrecoverable without a password. Besides, if your Mac is lost or stolen, you can use the Find My Mac feature to erase your data remotely.
To enable FileVault, do the followings to complete the configuration:
If your Mac has multiple accounts, you will see a message saying that each user must type in their password before they will be able to unlock the disk. You can click the Enable User button and enter the user’s password to allow access to encrypted files.
After that you will be asked to choose a way of unlocking your disk and resetting your password in the event that you forget your password. You can use your iCloud account to unlock your disk, or you can choose to create a recovery key. You will need to note this key and had better keep a copy of it in a secure place. Warning: If you lose or forget both your OS X account password and your FileVault recovery key, you won’t be able to log in to your Mac or access the data on your startup disk.
Once you configure FileVault, your Mac will restart, and you will be required to enter your account password to unlock your disk and finish system startup. After restarting, Mac OS X will start encrypting all the data on your disk as long as your Mac is awake and plugged in to AC power. The encryption process takes time (usually it can last hours) to complete, and you can go to Security & Privacy to check on the progress.
Anytime you want to stop encryption on your startup disk, you can head to System Preferences > Security & Privacy > FileVault and click the Turn off FileVault button. When your Mac finish starting up, the decryption will begin in the background.
FileVault 2, with full FDE capabilities, delivers robust data protection for your Mac. If you have installed 3rd party applications like TrueCrypt, you might not need them so badly as long as you make use of Mac’s built-in encryption utility – FileVault 2.
Enjoy reading Mac info & tips? Stay with us for the latest IT news and tutorials.
Comments