FILEVAULT DATA RECOVERY
FileVault full-disk encryption (FileVault 2) uses XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk.
Encryption occurs in the background as you use your Mac, and only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences. Any new files that you create are automatically encrypted as they are saved to your startup disk.
When FileVault setup is complete and you restart your Mac, you will use your account password to unlock your disk and allow your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.
Choose how you want to be able to unlock your disk and reset your password, in case you ever forget your password: Â
If you're using OS X Yosemite or later, you can choose to use your iCloud account to unlock your disk and reset your password.*
If you're using OS X Mavericks, you can choose to store a FileVault recovery key with Apple by providing the questions and answers to three security questions. Choose answers that you're sure to remember.*
If you don't want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk.Â
If it’s a FileVault password then great, but if you don’t explicitly enable FileVault, your login password is nothing more than a deterrent from someone casually sitting down at your computer and using it. There are still ways someone can override your password or connect your Mac to another Mac and copy your files off.
There is a huge difference between password protection and encryption. A password is like a lock on your door: you can still come in through a window or hire a locksmith. Encryption rewrites your data in code that only your password can decipher, so that if the data gets stolen it’s useless.
How long does FileVault encryption take?
Mac models with a T2 chip (models since 2018) will encrypt instantly. Older models will take several hours or days, but you can close the System Preferences window and you can continue to work uninterrupted. Encryption is paused any time you are running on battery power, so keep that in mind if you want it to encrypt quickly. Once all of the files you have are encrypted it will continue to encrypt any new files on the fly with no additional effort.
Will FileVault slow my computer down?
Some older models of Mac (2009 and earlier) do run slightly slower. Modern Macs have a chip that handles this so there is between 0 and 3% increase in the time it takes to write data. But that only affects some of your computer functions. The newest Macs with a T2 chip have absolutely no performance impact.
Will I have to learn anything new?
Not at all. Your computer will work in the same way as before with the only difference being when your computer asks for your password. Without FileVault your computer would start up, then you would enter your password. Now your computer will ask for your password immediately, then it will continue starting up.
Do I need to remember an additional password? No, your FileVault password is the same as your computer login password, the same password you enter when you install software. There is not even an option to use a different password.
Do I even really need FileVault if I don’t have anything private on my Mac? You may not realize how much personal information is on your computer. If someone really wanted to they could use the information on your computer against you or even against others. Things like knowing what banks you use, who your cell phone provider is, where you vacation, information about friends and family.
How can I get in if I forget my FileVault password?
There are only two ways into your files: Your computer login password and your backup entry, which is either your iCloud account or the recovery key you created during the setup process. That’s it. Don’t forget your password or lose this recovery key. I also recommend putting this information somewhere secure that someone could get to it if needed. If something happens to you, your family would have absolutely no way into the computer otherwise. Without either you can only erase the computer and start fresh.
Can FileVault be hacked? Everything can be hacked. And security vulnerabilities in FileVault have been found in the past, but Apple has been extremely quick to fix these problems. This is why I always recommend keeping your software up-to-date. But if your FileVault is hacked it’s no less secure than if you hadn’t enabled FileVault to begin with.
Is it safe to use my iCloud account as my FileVault backup login? Very safe. For the vast majority of people, I recommend this option, which is only available if you have enabled Two-Factor Authentication on your iCloud account. If you have particularly sensitive data or if you worry you could be targeted because of who you are or the work you do, then you probably should keep the key manually.
Does FileVault protect my Mac from theft? FileVault encryption on its own won’t deter a thief because they can simply erase the computer and use it for themselves. They will have the computer but not the contents, and most common thieves only care about that. Macs from 2018 and later running macOS Catalina offer Activation Lock rendering a stolen computer useless, but that’s an entirely different feature.
Should I enable FileVault on a desktop computer? Absolutely! For two reasons. First, your home could be broken into and your computer stolen. A thief is much more likely to see a desktop computer than a laptop computer. Second, if your computer or hard drive dies, you won’t have to worry as much about making sure it’s thoroughly erased before recycling it if it’s protected by encryption.