Encrypting Data on a Mac with FileVault

Last week, we discussed how to encrypt files, folders or whole volumes on your Windows PC. Now, let’s talk through the same process for Mac users, which is, in many ways, a simpler experience.

We recently wrote a post on encrypting your data on Windows PCs, but a since Mac users are becoming more and more prevalent, While Microsoft uses BitLocker, Apple’s choice of software is called FileVault. The main difference between BitLocker and FileVault is that while the former is only available on select, more premium versions of Windows like Enterprise, the latter has been available universally since Mac OS X Panther all the way back in 2003. It has, however, gone through numerous changes in the last fifteen years. When the feature was included with Mac machines, FileVault could only be applied to a user’s home directory. From Max OS X Lion, released in 2011, FileVault received a significant buff, remarketed as FireVault 2. FileVault 2 encrypts the enture OS X startup volume. Now, FileVault uses XTS-AES-128 encryption with a 256-bit key to help prevent unauthorised access to your data. In plain terms – it’s super secure.

So why would Mac users want to enable FileVault, how do they go about doing so, and what other alternatives are there, for, say, individual file encryption? We’ve written endlessly about the benefits of encryption, but essentially, it takes your data and scrambles it. Only someone with the correct key can decrypt the data back into its original form. It’s especially useful if you’re a business user, with confidential data stored on your network, but increasingly, home users are looking for similar levels of security. But is encryption the right route of data protection for you? Let’s look at FileVault and some other alternatives for Macs. Setting up FileVault is simple. Open System Preferences, and the click on Security and Privacy. There will be four tabs – click on the FileVault one. You’ll then be presented with an option to turn on FileVault. If your Mac has more than one user account, it allows you to specify which users should be allowed to decrypt the disk. For example, if you have four user accounts, and you only you allow yourself to decrypt the disk, the other users can only login to their personal profiles once you’ve decrypted the disk.

Apple FileVault

Apple lets you choose your type of recovery key, and how to keep it safe and secure. On OS X Yosemite or later, you can use your iCloud account to unlock your disk. If you’re using Mavericks, you can store a FileVault recovery key locally, which will be accessible by correctly answering three security questions. If neither of these options take your fancy, you can simply create a local recovery key. But make sure you keep it safe, because if you forget it, the data on your disk will be gone forever; even a professional data recovery company won’t be able to crack it, and Apple themselves don’t have a backdoor. Encryption occurs as you’re using your Mac, but only while it’s awake and plugged into the mains. Any new files or folders that are added to your Mac are automatically encrypted by FileVault.

But what about if you don’t want to go to the trouble of fully encrypting your drive, but you want a particular folder encrypted? Disk Utility can help with that. Open the application from the utilities folder, and go to File>New Image>Image from Folder. Choose your folder and a password, and the type of encryption you want to use (Apple recommends you choose 128-bit AES encryption for maximum security), and it will create a disk image with your files in that can be mountable and accessed at any time. Pretty neat, don’t you think? For many, it’s a much more simplified way of encryption, as it lets you choose particularly important content to protect.

Apple FileVault

Just remember; don’t lose your key! If you do, even Data Recovery Specialists won’t be able to help you out of this unfortunate spot!