How to Encrypt Data on Your Mac with FileVault
Encryption physically scrambles your files on your Mac so that even if people can access your files, they can’t open or edit them unless they know the correct password. When you use FileVault, your Mac encrypts your entire drive, which means everything on your Mac is secure. If you have multiple users on your Mac, you must enable them so each can sign in with his password.
FileVault uses an encryption algorithm called Advanced Encryption Standard (AES), which is the latest U.S. government standard for scrambling data that even national governments with supercomputers can’t crack — at least not in a realistic time frame.
FileVault scrambles your files so that only your password (or the system’s Master Password) can unlock the files so you — or someone you trust and give the password to — can read them.
When you type in a password, you can access your files and use them normally, but as soon as you close a file, FileVault scrambles it once more. FileVault works in the background; you never even see it working.
FileVault uses your login password to encrypt your data. For added safety, FileVault creates a recovery key that can decrypt any encrypted files for all user accounts and the files for each account that you have stored on your Mac. If you forget your login password and your recovery key, your data will be encrypted forever with little hope of unscrambling and retrieving it again.
You can opt to store your recovery password with Apple. If you lose it, you can retrieve it from Apple by giving the correct answers to three specific, pre-established questions.
To turn on FileVault, follow these steps:
Choose Command→System Preferences and click the Security & Privacy icon.
The Security & Privacy preferences pane appears.
Click the FileVault tab to open the FileVault preferences pane, as shown in this figure.
If the lock in the lower-left corner of the FileVault preferences pane is locked, click it, enter your password when prompted, and then click Unlock.
Click the Turn on FileVault button.
The recovery key appears, as shown in the following figure.
If more than one person uses your Mac, a list of users appears. Click the Enable button next to the user(s) you want to give access to, enter the account password(s), click OK, and then click Continue.
An enabled user who switches to his or her account must type in the password to access encrypted files. Users who forget their passwords will need the recovery key to gain access.
Write down your recovery key and then click Continue.
The recovery key changes if you turn FileVault off and then on again.
Choose whether to store your recovery key with Apple:
No: Select the Do Not Store the Recovery Key with Apple radio button.
Yes: Select the Store the Recovery Key with Apple radio button.
Options for three questions appear, as shown in the following figure. You must answer all three questions correctly for Apple to release your recovery key.
Select a question from each of the three pop-up menus, type the answers for the questions in the text boxes, and then click Continue.
In the dialog that opens, click the Restart button to begin the encryption process (or Cancel if you changed your mind).
Your Mac restarts and begins the encryption process. You can work while the encryption takes place. You can return to FileVault in System Preferences to check on the status.
FileVault also works with external hard drives, so your data is safe wherever it’s stored.