What is FileVault and why do I want it?

One of the reasons we love Mac is that they are very secure. But many of us are not using one of Apple’s greatest security features: FileVault. Filevault encrypts all of the contents of your computer so that you and only you can access it should your computer be lost, stolen, or damaged.

It sounds like it could be a lot more complicated, but it’s surprisingly easy to use. Once it’s enabled you won’t even know it’s on.

But I already have a password to get into my computer

If it’s a FileVault password then great, but if you don’t explicitly enable FileVault, your login password is nothing more than a deterrent from someone casually sitting down at your computer and using it. There are still ways someone can override your password or connect your Mac to another Mac and copy your files off.

There is a huge difference between password protection and encryption. A password is like a lock on your door: you can still come in through a window or hire a locksmith. Encryption rewrites your data in code that only your password can decipher, so that if the data gets stolen it’s useless.

How to enable FileVault

Go to the Apple menu > System Preferences > Security & Privacy > FileVault. If it’s already enabled it will say so here. If it’s not enabled, click the padlock icon in the lower-left corner and then click the button to Turn On FileVault.

The precise steps to follow may vary depending on your specific model of Mac, your OS version, whether you use iCloud, the security settings on your iCloud account, and whether you have additional users configured on your Mac. But just read and follow the instructions.

You may be asked if you want Apple to allow your iCloud account to unlock your disk or if you want to create a recovery key that you store yourself. For most people, I recommend using your iCloud account. It’s much easier and one less thing to keep track of. If you have extra security needs and you prefer to keep it yourself make sure to store it in an extremely safe location. If you have a folder where you keep birth certificates this would be a great location. It’s that important. The recovery key is your one and only bypass in case you forget your password.

You may be asked to enter the passwords of other user accounts on the computer. This isn’t strictly required, but until you enter the passwords these users will be unable to turn the computer on. If the computer is turned off or restarted, only users whose passwords are entered on this screen can turn the computer on. You can then switch to one of the other accounts. If you don’t have their passwords handy you can always come back to System Preferences > FileVault later and enter them.

When encryption starts your computer might freeze up for about 10 to 30 seconds, and depending on your macOS version you might be asked to restart.

While the encryption process is running you will not be allowed to install any system updates.

FAQ

How long does FileVault encryption take? Mac models with a T2 chip (models since 2018) will encrypt instantly. Older models will take several hours or days, but you can close the System Preferences window and you can continue to work uninterrupted. Encryption is paused any time you are running on battery power, so keep that in mind if you want it to encrypt quickly. Once all of the files you have are encrypted it will continue to encrypt any new files on the fly with no additional effort.

Will FileVault slow my computer down? Some older models of Mac (2009 and earlier) do run slightly slower. Modern Macs have a chip that handles this so there is between 0 and 3% increase in the time it takes to write data. But that only affects some of your computer functions. The newest Macs with a T2 chip have absolutely no performance impact.

Will I have to learn anything new? Not at all. Your computer will work in the same way as before with the only difference being when your computer asks for your password. Without FileVault your computer would start up, then you would enter your password. Now your computer will ask for your password immediately, then it will continue starting up.

Do I need to remember an additional password? No, your FileVault password is the same as your computer login password, the same password you enter when you install software. There is not even an option to use a different password.

Do I even really need FileVault if I don’t have anything private on my Mac? You may not realize how much personal information is on your computer. If someone really wanted to they could use the information on your computer against you or even against others. Things like knowing what banks you use, who your cell phone provider is, where you vacation, information about friends and family.

How can I get in if I forget my FileVault password? There are only two ways into your files: Your computer login password and your backup entry, which is either your iCloud account or the recovery key you created during the setup process. That’s it. Don’t forget your password or lose this recovery key. I also recommend putting this information somewhere secure that someone could get to it if needed. If something happens to you, your family would have absolutely no way into the computer otherwise. Without either you can only erase the computer and start fresh.

Can FileVault be hacked? Everything can be hacked. And security vulnerabilities in FileVault have been found in the past, but Apple has been extremely quick to fix these problems. This is why I always recommend keeping your software up-to-date. But if your FileVault is hacked it’s no less secure than if you hadn’t enabled FileVault to begin with.

Is it safe to use my iCloud account as my FileVault backup login? Very safe. For the vast majority of people, I recommend this option, which is only available if you have enabled Two-Factor Authentication on your iCloud account. If you have particularly sensitive data or if you worry you could be targeted because of who you are or the work you do, then you probably should keep the key manually.

Does FileVault protect my Mac from theft? FileVault encryption on its own won’t deter a thief because they can simply erase the computer and use it for themselves. They will have the computer but not the contents, and most common thieves only care about that. Macs from 2008 and later running macOS Catalina offer Activation Lock rendering a stolen computer useless, but that’s an entirely different feature.

Should I enable FileVault on a desktop computer? Absolutely! For two reasons. First, your home could be broken into and your computer stolen. A thief is much more likely to see a desktop computer than a laptop computer. Second, if your computer or hard drive dies, you won’t have to worry as much about making sure it’s thoroughly erased before recycling it if it’s protected by encryption.

Featured Image by Jason Dent on Unsplash