This article originally appeared in TidBITS on 2014-07-31 at 1:56 p.m.
The permanent URL for this article is:
Include images: Off

“Take Control of FileVault” Dispels FileVault Misconceptions

by Adam C. Engst

Confession time here. I formed my opinion of Apple’s FileVault encryption feature a long time ago in a galaxy far, far away, and if you think back to those days (Mac OS X 10.3 Panther!), you’ll remember that it was terrible, causing performance problems, data reliability issues, and backup frustrations. All that went away in 10.7 Lion, when Apple introduced the completely rewritten FileVault 2 [1]. About the only things in common that FileVault 2 and what’s now called Legacy FileVault have are the name, the interface in System Preferences, and the fact that encryption is involved. FileVault 2 is fast, transparent, and far safer than Legacy FileVault. But you know what? I never got around to trying FileVault 2, even though I’ve heard no reports of trouble with it, in part because I never saw any discussion of FileVault that was sufficiently in depth and from a source I trusted.

So when the idea of Joe Kissell writing “Take Control of FileVault [2]” came up, I was ecstatic, since I’ve long had a nagging feeling that I should be using full-disk encryption on my Macs to protect data in case of theft. That hasn’t happened, thankfully, but now that I’ve read “Take Control of FileVault,” I’m far more comfortable with turning on FileVault, integrating it with my backups (which should also be encrypted now!), and figuring out how I’d work with Find My Mac in the event of theft. If you too have been hesitant to entrust your data to FileVault before understanding how it works, Joe’s 92-page “Take Control of FileVault” will dispel any misconceptions, answer your questions, and get you running FileVault with confidence. It’s available now for $10.

Here then is the question. If your Mac were stolen, would you worry about the thief — or whoever your Mac was fenced to — seeing your email, photos, financial data, and other sensitive information? Or do you have a Mac that contains business data, such as customer names and addresses, credit card numbers, or the like? In either situation, you should enable FileVault, especially if you’re using a MacBook that you carry around with you. Too many laptops are nicked from coffee shops or left in cabs to risk leaving the drive unencrypted.

In “Take Control of FileVault [3],” Joe begins by demystifying FileVault in a quick FAQ that explains, among other things, how it is that you can work with your startup drive normally even though all the data on it is encrypted. The FAQ also answers questions about whether FileVault will impact your Mac’s performance (no), what restrictions FileVault imposes (no more automatic login, for one), and exactly when your data is protected (at rest, and what “at rest” means). After the FAQ, Joe provides detailed steps for activating and using FileVault on both your startup volume and external drives. He also explains how FileVault interacts with your backups and how to use Find My Mac to lock or wipe a stolen Mac’s drive once you’ve turned on FileVault.

Additional topics in “Take Control of FileVault [4]” include making and using encrypted disk images, third-party software that can encrypt just a single file or folder, and accessing special FileVault features from the command line.