Most people are aware that privacy is a big concern when it comes to digital information. How can you be sure that the data on your computer is kept safe from prying eyes?
Using strong passwords can help keep your information safe, but that's only a small part of what you can do to protect your privacy. Encryption play a big part in safeguarding your information, especially if your laptop gets stolen. That's why FileVault disk encryption on your Mac is a lifesaver.
What Is FileVault? A Brief History
Apple's FileVault is a type of disk encryption. What this means is that it hides your information from prying eyes by essentially scrambling it. If somebody were to look at an encrypted text file, for example, it would look like complete gibberish. The only way to unscramble it is by using a key that only you (or in this case, macOS) know.
If someone steals your laptop, they might have the hardware, but they can't get to the information. This applies even if they take out the disk and try to read it with another computer. Without encryption, doing so would allow anyone to easily see what's on your storage drive.
The original version of FileVault wasn't as useful as it could be. It encrypted your home folder, which is likely where all your personal data is, but left the rest of your system untouched. If a program stored private information somewhere else on your system, it wasn't protected.
Starting in Mac OS X Lion, Apple introduced FileVault 2. This encrypts your entire SSD or hard drive instead of just your home folder. As another benefit, FileVault 2 also uses overall stronger encryption than the original version, helping to keep your data even safer.
Going forward, you may encounter some terms you're not familiar with. While we'll try to keep it simple, encryption is a complex topic, so there may be cases where you came across more technical terms. We have a list of basic encryption terms that should help you out in that case.
Should You Use FileVault?
If you're wondering whether you should use FileVault, the default answer is yes, you should. There aren't many occasions where it's a bad idea to use FileVault. That said, FileVault encryption is more useful in some cases than others.
If you have an old Mac mini sitting in your house that you use to store your iTunes music catalog for playing over Airplay, FileVault isn't strictly necessary. On the other hand, on the MacBook that you carry with you for business, FileVault disk encryption is essential. If you travel with your Mac laptop frequently, take a look at our list of tips for keeping your Mac safe on the road.
You should know that FileVault encryption doesn't come without a cost. On any device, encryption will have some sort of performance penalty.
In most cases, encryption only adds marginal performance overhead, but if your computer is already struggling, this may slow it down even more. If you're using a RAID setup or run Boot Camp, you may not be able to use FileVault at all.
Once FileVault has encrypted your disk, you must log into your computer with your account password to unlock your files. As a consequence, you cannot use automatic login on your Mac when FileVault is enabled.
You may already have FileVault encryption enabled on your computer, especially if you bought your Mac recently. In the next section, we'll look at how you can check.
Is FileVault Already Enabled on Your Mac?
Checking whether you have FileVault enabled on your Mac is simple. Open System Preferences, then navigate to the Security & Privacy settings. Here, select the FileVault tab at the top of the screen.
You'll see a brief overview of what FileVault does, as well as a grayed-out button to turn it on or off. At the bottom of this screen, you may see a message saying FileVault is turned on for the disk "Macintosh HD" or something similar. If you do see this message, FileVault is already enabled on your computer.
If the message instead begins with FileVault is turned off, you'll need to enable it manually.
How to Enable FileVault on Your Mac
Enabling FileVault is simple. If you're not already there, launch System Preferences, then click on Security & Privacy. Here, click on the FileVault tab.
On this page, you'll notice the button labeled Turn On FileVault is disabled. All you need to do is click the lock icon at the bottom of the screen, then enter your administrator password. Now click the button to enable FileVault encryption.
If you have multiple users on your computer, you'll need to enter the password for each user. Now you need to choose how to unlock your disk and reset your password if you ever forget it. You have two options: use iCloud to unlock your disk, or create a FileVault recovery key.
Using iCloud is easier, but slightly less secure. If someone can compromise your iCloud account, they can decrypt your computer's drive. Using a FileVault recovery key is typically more secure, but if you ever lose this key and forget your password, there is no way to recover it.
If you opt to use a FileVault recovery key, keep it safe. This means you should store it somewhere other than your now-encrypted Mac system drive, such as a password manager or a safe. No matter which method you choose, encryption will take a while, but it happens in the background so you can keep using your computer.
How to Disable FileVault
Disabling FileVault disk encryption, should you ever want to, is easy. The process starts the same way that enabling FileVault does. Open System Preferences, then go to Security & Privacy and click the FileVault tab. Click the lock at the bottom of the screen and enter your password.
Now, click the button labeled Turn Off FileVault. The decryption process will start. As with encryption, this takes place in the background, so feel free to continue using your computer.
FileVault Is Just the Beginning of Encryption
Using strong passwords and encrypting your Mac with FileVault encryption will go a long way toward keeping your information safe. However, you can do much more. Each additional method you add is another lock on the door between your data and someone looking to get their hands on it.
This could mean switching to a more secure email provider or using two-factor authentication, but it often means even more encryption. If enabling FileVault on your Mac has you wondering where else you might be able to use encryption, you've got options. For a place to start, take a look at our guide to using encryption in your daily life.