Filed under: Security, Mac 101
Mac 101: Protect your data with FileVault
If you use a notebook Mac, then the risks are higher for getting your computer stolen. However, Apple has included a tool to protect your entire home folder (documents, pictures, movies, etc.) right within OS X. FileVault protects your computer against stolen data by encrypting/decrypting your home folder each time you login and logout. To use FileVault, you must first set a Master Password. This password is a fail-safe if you forget your user login info. However, if you lose both your user login info and the master password, you will not be able to decrypt your home folder and your data (if not backed up in unencrypted form) will be lost forever. To set the master password, navigate to System Preferences > Security > FileVault > Set Master Password.
Once you have the master password set, you will be able to turn on FileVault and begin protecting your data. Click the "Turn on FileVault" button in the FileVault section of the Security preference pane. You will be asked for your master password, and a disclaimer will be displayed explaining the process. Please note that you will not be able to login to your Mac via SMB (Windows file sharing) after turning on FileVault.
FileVault provides a high level of data security, but some applications have a history of incompatibility with the feature; it's also very important that you have a secure and solid backup strategy if you choose to use FileVault. For best results with Time Machine, make sure that your FV home folder is upgraded to the Leopard image format (if you were using FV under Tiger, you may have to turn it off and back on to convert your home folder) and log out of your account periodically to allow backups to run.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
CJ said 10:41AM on 8-04-2008
How much does this slow down the login/logout process, if the data has to be encrypted/decrypted each time?
Reply
Brett said 10:41AM on 8-04-2008
Oh yeah, i remember when i used FileVault. It destroyed/ erased my whole data and made my system unusable.
NEVER EVER AGAIN. FileVault? No thanks!
Reply
Kory said 12:01PM on 8-04-2008
Hi there. I actually work for an Apple store. FileVault is an extra layer of high security that MOST PEOPLE WILL NEVER NEED!
If you don't need it, please DON'T USE IT! We've seen far too many cases of harddrive failure with FileVault. In the first place, there is no possible way to get your stuff back without a password (Which some people just can't remember!!) And second it slows your system WAY DOWN!!!
Unless you're Steve Jobs and need to protect the top secret location of the team working on nano touches, then just stay away.
Brett said 12:05PM on 8-04-2008
Why the hell would Apple create FileVault messing up your system in the first place?
Josh said 10:54AM on 8-04-2008
I'm at work so I can't check but could I use this to protect an external hard drive? I'm going away to college in two weeks and plan to bring an external drive containing all my DVDs on it with me. I don't want anyone but myself to have access to it. Is this how I would go about doing something like this? Or is there a better option? It would be greatly appreciated if someone could give some solutions for this. Thanks.
Reply
conigs said 10:56AM on 8-04-2008
As far as I know, FileVault only protects your home directory. You could put an encrypted disk image on your external drive. That way you still have a password protected area that no one but you can access.
Lewis said 10:56AM on 8-04-2008
I don't recommend using FileVault. The potential for complete data loss is too big a deterrent.
My solution is to use individual encrypted disc images for the real important stuff, and leave the rest unencrypted.
Reply
Dan Jensen said 11:13AM on 8-04-2008
...and if you want to see your laptop again if it gets stolen i can highly recommend Undercover from Orbicule.
If you get your mac stolen Undercover will record IP, take pictures of the purb and screenshots from the computer. If you use a firmware password, the thief cant remove the program or reinstall the OS.
We had our iMac stolen in a break-in and even though the Police was 2 months about picking it up, the computer was returned.
Reply
stucco_x said 11:16AM on 8-04-2008
Why wouldn't an encrypted disk image for private files work just as well or better? I know that there is the extra step of mounting/ejecting, but I use this approach and don't see any performance problems. Am I missing something extra that FileVault brings to the party?
Reply
totoro said 11:33AM on 8-04-2008
I use encrypted disk images for data as well. But they don't work on the home directory, and aren't as transparent to use as File Vault.
Personally, I'm waiting for TrueCrypt to become fully OSX ready.
Ari B said 11:37AM on 8-04-2008
I tend to use FileVault to encrypt my HD before I take my lappy with me on a trip. It slows the machine down somewhat, but isn't much of a drag.
I also want to second installing Undercover. I hope I never have to use it, but I'm glad it's there.
Reply
William said 11:30AM on 8-04-2008
How do you do an unencrypted backup? I am not a very big fan of Time Machine, so I use SuperDuper. How would I do an unencrypted backup from SuperDuper?
Reply
Michael Rose said 12:05PM on 8-04-2008
SuperDuper with FileVault: http://shirt-pocket.com/forums/printthread.php?t=4300
In a nutshell: log in to your machine from another (non-FV) account to perform your backups, and your data will be encrypted on the backup target.
If you want to make an UNencrypted backup of your home folder, you need to be logged in when you do that.
William said 12:15PM on 8-04-2008
So to create an unencrypted backup, just be logged into my own user account when I run SuperDuper, and my backup will NOT be encrypted, right?
datalifter said 12:32PM on 8-04-2008
TrueCrypt supports OSX. I use it primarily in XP with a 2GB virtual drive container. With OSX I setup a 10GB encrypted partition for all things important!
Zach said 11:31AM on 8-04-2008
Do NOT use filefault. I've seen it destroy many a home directory, it's a mess and doesn't benefit you in any way.
Reply
al said 11:49AM on 8-04-2008
FileVault is just an encrypted sparse disk image that mounts automatically.
Reply
delight1 said 11:35AM on 8-04-2008
you should really mention how timemachine doesn't work well with filevault... unless apple fixed this and i can find any info on them doing so, you can't use the timemachine browser with a filevaulted account, nor will it back up a filevaulted user while they are logged in.... really disappointing for me...
Reply
Michael Rose said 12:02PM on 8-04-2008
See the links in the last paragraph. Time Machine works as designed with FV if you have a Leopard-format home folder image. Granted, it's not that good, but it works.
delight1 said 1:52PM on 8-04-2008
you mean this has been fixed?
http://www.macosxhints.com/article.php?story=2007111404402514