Apple’s first attempt at native encryption wasn’t the best in its class. The original FileVault was launched in 2003 – along with OS X 10.3 Panther – and was applicable only to a user’s home directory. That changed with FileVault 2, which Apple introduced with OS X 10.7 Lion.
FileVault 2 (which wasn’t referred to by Apple with the numbering) provides full-disk encryption using XTS-AES-128 encryption with a 256-bit key, able to keep away everyone who doesn’t have the password to unlock the content stored on your Mac’s startup disk. It will also help erase the Mac of its data using Find My Mac if the machine ends up in the wrong hands. Starting with OSX 10.10 Yosemite, the operating system now encourages users to turn on FileVault during the setup process.
When FileVault is turned on, your Mac will always require your password when you log in, though this is a setting that can also be applied without any encryption, too. FileVault is activated by following these steps:
- Launch System Preferences, then click Security & Privacy and then on the FileVault tab.
- Click on the lock icon to unlock it and then enter an administrator name and password.
- Click on the “Turn On FileVault” button.
If there are other user accounts on the Mac, you’ll need to enable each of them. This way each user can unlock the startup disk and access their own documents and settings.
If You Forget Your Password
Since the disk is encrypted, its contents can be unlocked only with the account password or the recovery key, so you should be sure to keep both of them somewhere safe. We recommend using a password manager, but you can also write them down on a piece of paper.
If you forget the password, Apple provides the following options to decrypt the disk and reset the password:
- Mac users on OS X 10.10 Yosemite or later can choose to log in with their iCloud account.
- OS X 10.9 Mavericks users can choose to store a FileVault key with Apple by providing three security questions and their answers. Of course, you should only choose items that you are certain to remember.
- Those skipping iCloud FileVault recovery can create a local recovery key. This key should be kept somewhere other than on your encrypted disk, of course.
There is one thing that should be kept in mind when using iCloud FileVault recovery or asking Apple to become the ‘key-keeper’, it’s that there is no guarantee that Apple will give you the key if you lose or forget it. Not all languages and regions are serviced by AppleCare or iCloud, and not all AppleCare-serviced regions offer support in every language, and that could be a problem.
Should You Turn on FileVault?
If you are concerned about corporate espionage or want to create a highly secure environment because you are working with highly sensitive information, FileVault is the best path to take. For the average user it depends on the circumstances (AKA the Mac that is being used) and how much nervous energy they’re willing to sacrifice, because FileVault may have some impact on performance.
Users with older Macs may want to refrain from enabling FileVault, as it may have impact performance that could affect the overall user experience. While the encryption process works fine, they may experience extended boot time or, in some cases, an increase in processing power required by the system.
As such, FileVault is recommended on newer devices because, with the i5 and i7 Intel CPUs, Apple takes advantage of the AES-NI (Intel’s Advanced Encryption Standard New Instructions) to make the FileVault encryption less of a demand on the system. That’s not the case with older chips, as encryption must instead be done within software.
Apple recommends using FileVault on Macs with SSDs because the Secure Erase option is not available on these machines due to how SSDs work. However, when you format the encrypted disk – if, for instance, you are preparing your Mac for sale – the decryption keys will be destroyed, meaning the new owner won’t be able to recover any of the older files. A performance drop is not noticeable, especially if you are using an HDD.
As a result, if you are using the latest (or nearly the latest) hardware from Apple, you won’t notice much of a detrimental effect on your system, which means enabling FileVault a no-brainer, especially if you are intending to protect your documents. Users of older machines may want to refrain from turning it on, since it may make using the computer a hassle.
Best Mac Optimization Software of 2018