How to Encrypt the Home Folder on Your iMac
Allowing others to use your iMac always incurs a risk — especially if you store sensitive information and documents on your computer. Although your login password should ensure that your Home folder is off-limits to everyone else, consider an extra level of security to prevent even a dedicated hacker from accessing your stuff. All it takes is a forgetful moment in an airport or classroom, and your personal and business data is suddenly within someone else’s reach. Top-notch security is a Supremely Good Thing!
To this end, El Capitan includes FileVault, which automatically encrypts the contents of your iMac’s drive. Without the proper key (in this case, either your login password or the FileVault recovery key), the data stored on your drive is impossible for just about anyone to read.
The nice thing about FileVault is that it’s completely transparent to you and your users. In other words, when you log in, El Capitan automatically takes care of decrypting your files and folders. You won’t know that FileVault is on the job (which is how computers are supposed to work).
To turn on FileVault protection for a specific account, follow these steps:
- Click the System Preferences icon on the Dock and then click the Security & Privacy icon.
- Click the FileVault tab and then click the Turn On FileVault button.
- Specify whether your iCloud (Apple ID) account can be used to reset your password and unlock your disk, and click Continue. For most iMac owners, the Allow My iCloud Account to Unlock My Disk option is probably just fine, but if you’re security-conscious (or you’ve shared your iCloud account information with others), click the Create a Recovery Key and Do Not Use My iCloud Account radio button.
- If you decide to create a separate recovery key, write down the FileVault recovery key displayed by El Capitan, and store it in a safe place. To avoid mistakes, you can capture an image of your screen by pressing ⌘+Shift+3. The screenshot appears as an image file on your Desktop. From there, you can open it and print a copy, or even copy the image file to a USB flash drive or another computer on your network for safekeeping.
The FileVault feature is great. Yet a risk is involved (insert ominous chord here). To wit: Do not forget your login and iCloud account passwords (or make DOGGONE sure that you or your Admin user have access to a copy of that all-important FileVault recovery key)! OS X displays a dire warning for anyone who’s considering using FileVault: If you forget these safeguards, you can’t retrieve any data from your iMac’s drive. Even the smartest Apple support technician will tell you that nothing can be done. As Jerry Reed used to say, “It’s a gone pecan” (with pecan pronounced Southern style, as “puh-kahn”).
- If necessary, click Enable User, provide the login password for each user on your account, and then click Continue. Each user on your iMac has to be enabled to use your iMac after FileVault has been turned on. If you don’t know the login passwords for the other user accounts on your system, you have to ask each person to provide his or her password to continue. (If an account is not enabled, that person can no longer access anything on the hard drive after it has been encrypted.)
- Click the Restart button on the confirmation screen. Your iMac automatically reboots and begins the encryption process. You can continue to use your computer normally during the encryption.