Home > Wiki Tips

Encrypt Your Disk with FileVault to Protect the Data

Updated on Thursday, November 21, 2024

Written by

Amanda Wong

Approved by

Jessica Shee

English

Summary: This post will tell you what is FileVault and how to use it to encrypt your disk. You will know whether this feature is right for you after reading this post.

Are you worried about the security of the information stored on your computer? As a Mac user, you may have heard of FileVault, a feature of Mac. In this post, I will give you a complete introduction to FileVault. After you read this post, you will know what FileVault is, how to encrypt a disk with it, and whether this feature is right for you.

What is FileVault?

FileVault was originally introduced with Mac OS X Panther (10.3) in 2003. At that time, it only encrypted the home directory where your files are kept. It means that other sub-directories under the root directory (Macintosh HD) were not encrypted, which was very poor.

FileVault 2 came into being with the Mac OS X Lion (10.7) and is applied in later versions ranging from Mac OS X Lion (10.7) to macOS Big Sur (11.0). FileVault 2 was redesigned with core storage as the basis. It encrypts the whole hard drive by using XTS-AES-128 encryption with a 256-bit key. 

What does FileVault do?

When you enable the FileVault on your Mac/MacBook, encryption occurs in the background as you use your Mac, and only while your Mac is awake and plugged into AC power. It automatically encrypts newly created files you saved to your startup disk. Every time your Mac wakes up from sleeping or a screen saver, you need to enter the login password to access all the data on your device.

How to Enable FileVault?

Data encryption is a complicated process. But enabling Mac FileVault is quite easy. If your Mac is running OS X Yosemite (10.10) and newer, you are encouraged to turn on this feature during the initial setup to encrypt the contents on your Mac. Also, you can follow the procedures below to turn on Apple FileVault.

  1. Click the Apple menu, and navigate to System Preference > Security & Privacy.
  2. Choose FileVault.
  3. Click the lock at the left bottom and enter your password when asked.
  4. Click Turn On FileVault to enable this feature.
  5. Choose Allow my iCloud account to unlock my disk or Create a recovery key and do not use my iCloud account, then click Continue. It will begin to encrypt your data on the Mac immediately.

The chance is that you may forget Mac password. In this case, your iCloud account or the FileVault recovery key can help. In addition, Reset Password Assistant on Mac, macOS Recovery mode, and admin account are alternatives to reset the password. If neither of them works, resetting M1 Mac is the last resort to access the device again at the expense of the data.

How to Reset Password?

If you want to change the FileVault password to a new one, you can reset your password. Bear in mind, on Mac, the login password and FileVault password are the same by default. When you reset your FileVault password, the login password also changes.

  1. Click the Apple menu, and navigate to System Preference > Security & Privacy.
  2. Choose General.
  3. Click the lock at the left bottom and enter your password when asked.
  4. Click Change Password.
  5. Follow the onscreen guide to enter your old and new passwords.
  6. Click Change Password to confirm.

How to Turn off FileVault?

If you no longer want to encrypt your startup disk, you can turn off FileVault at any time. Once you disable this feature, the encryption will turn off and all your data stored on the startup disk will be decrypted. It means that a committed unauthorized individual could theoretically access files if they had access to your Mac.

  1. Click the Apple menu, and navigate to System Preference > Security & Privacy.
  2. Select the FileVault tab.
  3. Click the lock at the left bottom and enter your password when asked.
  4. Click Turn Off FileVault.

Should I use FileVault disk encryption?

It depends. If there is sensitive, important, or personal information on your Mac, and you don't want the data to fall into the wrong hands, FileVault disk encryption is necessary, as one way to encrypt a drive on Mac. Even if the hard drive of your Mac is swapped into another computer, nobody can access the data directly with FileVault turned on. Only the recovery key works.

Password protection VS. FileVault disk encryption

What if I already have a login password, do I still need to turn on FileVault to protect my data? The answer is yes undoubtedly.

A login password is used to verify the identity of a user during the authentication process. It is like a lock on the door. When you enter the right password, you can successfully log in to your Mac and access the files.

FileVault, the added level of security is more secure. A weak password can be hacked or cracked in minutes. But if the FileVault is enabled, unauthorized individuals can not access your data on your Mac without the recovery key. 

FileVault VS. BitLocker

BitLocker is another kind of full disk encryption applied to the Windows operating system, supporting versions of Windows Vista and later. Here is a comparison to help users better understand the similarities and differences between the two data protection features.

Similarities:

  • Encrypting the whole startup disk to protect all the data on your device.
  • Using AES encryption with a 256-bit key.
  • Hidden containers can't be created for deniable encryption.
  • Authentication is required before booting the computer.
  • The recovery key can be used to unlock the disk when you forget the password.
  • Free to use on the supported versions of OS.

Differences:

  • BitLocker can encrypt individual disk partitions.
  • BitLocker needs to be combined with TPM or USB to keep the recovery key.
  • FileVault is applied to a wider range supporting OS X Lion or later. BitLocker is available in Windows Vista, 7 Ultimate, 7 Enterprise, Windows 8.1 Pro, Windows 8.1 Enterprise, or Windows 10 Pro.
  • BitLocker provides email encryption and file transfer encryption.