How to protect your Mac using FileVault 2 encryption

FileVault 2 can protect your drive's data by encrypting the data on your drive. Is it worth using?

An administrator password only goes so far to protect your Mac, but what happens if someone circumvents it or boots from another volume? The contents of your Mac will be vulnerable — unless you encrypt it. Fortunately Apple enables just such technology with FileVault 2 encryption, and it's built right into OS X Mavericks. Here's how to enable FileVault 2 encryption on your Mac.

FileVault 2 is whole-disk encryption for the Macintosh. The entire contents of your Mac's hard disk are encrypted using XTS-AES 128, a secure encryption algorithm. (The original FileVault, available for Snow Leopard, uses weaker AES 128 encryption.)

What you'll need to use FileVault 2

  • A Mac running OS X Lion 10.7 or later
  • A hard drive with Recovery Partition installed (to check, try rebooting your Mac with holding down the command and R keys).

How to turn on FileVault 2

  1. Click on the menu.
  2. Select System Preferences....
  3. Click on Security & Privacy.
  4. Click on the FileVault tab.
  5. Click on the padlock icon in the lower left hand corner.
  6. Enter your system password and click on Unlock.
  7. Click on Turn On FileVault.
  8. Write down or record the recovery key and store it in a secure location. This is a second-line defense if you should forget your system password, or if something goes wrong with that password. Then click the Continue button.
  9. You can optionally store the recovery key with Apple. If you do, you'll be required to enter three security questions to verify your identity, should you ever need it.
  10. Click the Restart button to restart your Mac, activate FileVault and begin the encryption process.
  11. After you restart, you'll be required to log in. Once you do, FileVault will begin to encrypt the information on your hard drive. It may take several hours depending on the performance of your Mac and the amount of data on you're encrypting.

The recovery key is absolutely vital — if you don't have this and something goes wrong with your Mac's system password, the data on your hard drive will be lost permanently. So make sure you've recorded it, or that you've stored the recovery key with Apple.

FileVault will encrypt files in the background. During the initial encryption process and thereafter, you'll be able to continue to use your Mac normally.

How to disable FileVault 2

To turn off FileVault, simply return to the Security & Privacy system preference, click the padlock, enter your system password and then click the Turn Off Filevault button. FileVault will decrypt the hard drive the same way that it encrypted it.

Who should use FileVault 2?

To be clear, FileVault isn't something that everyone needs to use. Unless you absolutely need to protect the contents of your hard drive outside of anything but the most intensive forensic recovery, FileVault may be overkill. But if the need is there, it's reassuring to know that it's there, and it's fairly easy to activate and deactivate as long as you follow the instructions.

Do you use FileVault? Will you? Let me know in the comments.