Security Articles


Enabling FileVault on Mac

Introduction

FileVault is a built-in encryption feature on your Mac that helps protect data by encrypting the hard drive.

The great thing about using FileVault is that it is set and forget — once set up you don't need to worry about performing any maintenance or updates, since this is performed by macOS for you.

For the majority of users, FileVault offers an acceptable level of protection in cases of hardware loss. For example when your MacBook is stolen, or you lose it while traveling.

Enabling FileVault

Prerequisites

FileVault was introduced in 2003, so if you have any Mac made in the last 20 years you can enable it.

Encryption Mode

Modern versions of FileVault use XTS-AES-128 with a 256-bit key to encrypt your Mac's startup disk. FileVault is seamlessly integrated into macOS, so it is crucial to also have a strong password set for all local user accounts used on your Mac.

Steps to Enable FileVault

  1. Open System Settings: Click System Settings from the Apple menu, the dock or the Applications folder.
  2. Navigate to FileVault: Go to Privacy & SecurityFileVault, or search for FileVault in the searchbar.
  3. Turn On FileVault: In the FileVault panel, click Turn On.

System Settings - FileVault

System Settings: FileVault (macOS, all current versions)

Contingencies

When securing your Mac with FileVault you are given the option to upload a recovery key to your iCloud account. This may not always be preferable, since the convenience of a cloud backup comes with several security drawbacks. If you avoid backing up to the cloud, your family and associates will be unable to access your Mac in the event of your death. Consider setting up contingencies, for example you could use Entropy Keycrypt to securely prepare and distribute physical shares of your account's passphrase to a trusted group.

Conclusion

Using FileVault on macOS to encrypt your system disk is an effective way to protect your data. By following these steps, you can ensure your sensitive information remains secure in case of hardware loss or theft. In a future how-to I'll show you how to install and enable higher security alternatives to FileVault.

Share this Article

Tweet

Entropy

Secure your Digital Legacy