Enabling FileVault on Mac
FileVault is a built-in encryption feature on your Mac that helps protect data by encrypting the hard drive.
The great thing about using FileVault is that it is set and forget — once set up you don't need to worry about performing any maintenance or updates, since this is performed by macOS for you.
For the majority of users, FileVault offers an acceptable level of protection in cases of hardware loss. For example when your MacBook is stolen, or you lose it while traveling.
FileVault was introduced in 2003, so if you have any Mac made in the last 20 years you can enable it.
Modern versions of FileVault use XTS-AES-128 with a 256-bit key to encrypt your Mac's startup disk.
FileVault is seamlessly integrated into macOS, so it is crucial to also have a strong password set for all local user accounts used on your Mac.
Steps to Enable FileVault
- Open System Settings: Click System Settings from the Apple menu, the dock or the
- Navigate to FileVault: Go to
Privacy & Security →
FileVault, or search for
FileVault in the searchbar.
- Turn On FileVault: In the FileVault panel, click
System Settings: FileVault (macOS, all current versions)
When securing your Mac with FileVault you are given the option to upload a recovery key to your iCloud account. This may not always be preferable, since the convenience of a cloud backup comes with several security drawbacks. If you avoid backing up to the cloud, your family and associates will be unable to access your Mac in the event of your death. Consider setting up contingencies, for example you could use Entropy Keycrypt to securely prepare and distribute physical shares of your account's passphrase to a trusted group.
Using FileVault on macOS to encrypt your system disk is an effective way to protect your data. By following these steps, you can ensure your sensitive information remains secure in case of hardware loss or theft. In a future
how-to I'll show you how to install and enable higher security alternatives to FileVault.