Encrypt your disk with FileVault to protect the data

By Amanda | Posted to Home > Wiki, on August 30th, 2021

Summary: This post will tell you what is FileVault and how to use it to encrypt your disk. You will know whether this feature is right for you after reading this post.

Apple FileVault encryption

Are you worried about the security of your information stored on your computer? As a Mac user, you may have heard of FileVault, a feature of Mac. In this post, I will give you a complete introduction to FileVault. After you read this post, you will know what FileVault is, how to encrypt a disk with it, and whether this feature is right for you.

What is FileVault

FileVault was originally introduced with Mac OS X Panther (10.3) in 2003. At that time, it only encrypted the home directory where your personal files are kept. It means that other sub-directories under the root directory (Macintosh HD) were not encrypted, which was very poor.

FileVault 2 came into being with the Mac OS X Lion (10.7) and is applied in later versions ranging from Mac OS X Lion (10.7) to macOS Big Sur (11.0). FileVault 2 was redesigned. It encrypts the whole hard drive by using XTS-AES-128 encryption with a 256-bit key.

What does FileVault do

When you enable the FileVault on your Mac/MacBook, encryption occurs in the background as you use your Mac, and only while your Mac is awake and plugged into AC power. It automatically encrypts newly created files you saved to your startup disk. Every time your Mac wakes up from sleeping or a screen saver, you need to enter the login password to access all the data on your device.

How to Enable FileVault

Data encryption is a complicated process. But to enable Mac Filevault is quite easy. If your Mac is running OS X Yosemite (10.10) and newer, you are encouraged to turn on this feature during the initial setup to encrypt the contents on your Mac. Also, you can follow the procedures below to turn on Apple FileVault.

  • Click the Apple menu, and navigate to System Preference > Security & Privacy.
  • Choose FileVault.
  • Click the lock at the left bottom and enter your password when asked.
  • Click Turn On FileVault to enable this feature.
  • Choose Allow my iCloud account to unlock my disk or Create a recovery key and do not use my iCloud account, then click Continue.
  • It will begin to encrypt your data on the Mac immediately.

turn on FileVault

The chance is that you may forget Mac password. In this case, your iCloud account or the recovery key can help. In addition, Reset Password Assistant on Mac, macOS Recovery mode, and admin account are alternatives to reset the password. If neither of them works, reset M1 Mac is the last resort to access the device again at the expense of the data.

How to Reset Password

If you want to change the FileVault password to a new one, you can reset your password. Bear in mind, on Mac, the login password and FileVault password are the same by default. When you reset your FileVault password, the login password also changes.

  • Click the Apple menu, and navigate to System Preference > Security & Privacy.
  • Choose General.
  • Click the lock at the left bottom and enter your password when asked.
  • Click Change Password.
  • Follow the onscreen guide to enter your old and new passwords.
  • Click Change Password to confirm.

turn off FileVault

How to Turn off FileVault

If you no longer want to encrypt your startup disk, you can turn off FileVault at any time. Once you disable this feature, the encryption will turn off and all your data stored on the startup disk will be decrypted. It means that a committed unauthorized individual could theoretically access files if they had access to your Mac.

  • Click the Apple menu, and navigate to System Preference > Security & Privacy.
  • Select the FileVault tab.
  • Click the lock at the left bottom and enter your password when asked.
  • Click Turn Off FileVault.

turn off FileVault

Should I use FileVault disk encryption

It depends. If there is sensitive, important, or personal information on your Mac, and you don’t want the data to fall into the wrong hands, FileVault disk encryption is necessary. Even if the hard drive of your Mac is swapped into another computer, nobody can access the data directly with FileVault turned on. Only the recovery key works.

Differences between password protection and FileVault disk encryption

What if I already have a login password, do I still need to turn on FileVault to protect my data? The answer is yes undoubtedly.

A login password is used to verify the identity of a user during the authentication process. It is like a lock to the door. When you enter the right password, you can successfully log in to your Mac and access the files.

FileVault, the added level of security is more secure. A weak password can be hacked or cracked in minutes. But if the FileVault is enabled, the unauthorized individuals can not access your data on your Mac without the recovery key.

FileVault VS. BitLocker

BitLocker is another kind of full disk encryption applied to the Windows operating system, supporting versions of Windows Vista and later. Here is a comparison to help users better understand the similarities and differences between the two data protection features.

Similarities:
  1. Encrypting the whole startup disk to protect all the data on your device.
  2. Using AES encryption with a 256-bit key.
  3. Hidden containers can’t be created for deniable encryption.
  4. Authentication is required before booting the computer.
  5. Recovery key can be used to unlock the disk when you forget the password.
  6. Free to use on the supported versions of OS.
Differences:
  1. BitLocker can encrypt individual disk partitions.
  2. BitLocker needs to be combined with TPM or USB to keep the recovery key.
  3. FileVault is applied to a wider range supporting OS X Lion or later. BitLocker is available in Windows Vista, 7 Ultimate, or 7 Enterprise, Windows 8.1 Pro, Windows 8.1 Enterprise, or Windows 10 Pro.
  4. BitLocker provides email encryption and file transfer encryption

FAQ about FileVault

Q: Does using FileVault slow down Mac?

A: FileVault 1 did slow down Mac significantly. But on a newer Mac with SSD, using FileVault 2 doesn’t cause a noticeable decrease in reading and writing files. FileVault encrypts and decrypts your data on the fly and works in the background, you can’t even feel it.

Q: How long does it take to encrypt a Mac hard drive?

A: For the first time to turn on the FileVault on Mac, it will take minutes or hours to encrypt the whole volume. It depends on the hard drive size and computer performance. You can use your computer while it is encrypting.

Q: What happens if I disable FileVault on Mac?

A: When you turn off FileVault on Mac, the contents encrypted will be decrypted. It will take minutes to hours according to how much information you have stored. During the decryption process, you can use your Mac as usual.

Q: How to stop FileVault encryption in progress?

A: No matter it is encryption or decryption, you can not stop it once the process starts. You need to wait until the process completes, then you can make further changes. So there is no way to stop FileVault encryption in progress.