How to Encrypt Your MacBook’s Home Folder
Allowing others to use your MacBook always incurs a risk — especially if you store sensitive information and documents on your computer. Although your login password should ensure that your Home folder is off-limits to everyone else, consider an extra level of security to prevent even a dedicated hacker from accessing your stuff.
All it takes is a forgetful moment in an airport or classroom, and your personal and business data is suddenly within someone else’s reach. Adequate security is a Supremely Good Thing!
To this end, Mavericks includes FileVault, which automatically encrypts the contents of your MacBook’s drive. Without the proper key (in this case, either your login password or the FileVault recovery key), the data stored on your drive is impossible for just about anyone to read. (The FBI or CIA would be able to decrypt it, but they’re not likely a worry at your place!)
The nice thing about FileVault is that it’s completely transparent to you and your users. In other words, when you log in, Mavericks automatically takes care of decrypting your files and folders. You won’t know that FileVault is on the job (which is how computers are supposed to work).
To turn on FileVault protection for a specific account, follow these steps:
Click the System Preferences icon in the Dock, and then click the Security & Privacy icon.
Click the FileVault tab, and then click the Turn On FileVault button.
If necessary, click Enable User, provide the login password for each user on your account, and then click Continue.
Each user on your MacBook has to be enabled to use your laptop after FileVault has been turned on. If you don’t know the login passwords for the other user accounts on your system, you have to ask each person to provide his or her password to continue. (If an account is not enabled, that person can no longer access anything on the hard drive after it has been encrypted.)
Write down the FileVault recovery key displayed by Mavericks, and store it in a safe place.
To avoid mistakes, you can capture an image of your screen by pressing ⌘+Shift+3. The screenshot appears as an image file on your Desktop. From there, you can open it and print a copy, or even copy the image file to a USB flash drive or another computer on your network for safekeeping.
Decide whether to allow Apple to store your FileVault recovery key.
If you want this extra safeguard, click the Store the Recovery Key with Apple radio button, and then click Continue. Provide three security questions and the answers to each. Note that your answers must be entered exactly as you provide them to retrieve your key!
If you’re satisfied with the copy (or copies) of your key that you’ve made yourself, and you’d rather not bring Apple into the picture, click Do Not Store the Recovery Key with Apple, and then click Continue.
Click the Restart button on the confirmation screen.
Your MacBook automatically reboots and begins the encryption process. You can continue to use your laptop normally during the encryption.
A risk is involved with the FileVault feature (insert ominous chord here). To wit: Do not forget your login password, and make DOGGONE sure that you (or your Admin user) have access to a copy of that all-important FileVault recovery key!
OS X displays a dire warning for anyone who’s considering using FileVault: If you forget these safeguards, you can’t retrieve any data from your MacBook’s drive. Even the smartest Apple support technician will tell you that nothing can be done. As Jerry Reed used to say, It’s a gone pecan (with pecan pronounced Southern style, as puh-kahn).