Setting Up Encryption on macOS

The information in this article applies to versions of macOS supported by University of Hawaii. A list of operating systems supported by the university can be found here.

 

If you have a need to store sensitive data such as social security numbers (SSNs) or student records on your Mac’s hard drive, you should make sure this data is encrypted. The following are two suggested methods for encrypting data on a Mac. Please be aware that forgetting the password you use to encrypt the data means you will no longer be able to access the data. There is no way around this, so proceed with caution.

Secure Disk Images

One method to encrypt data is to create an encrypted disk image and save all your sensitive data on that image. This way, if your Mac is stolen, the files on the disk image would be inaccessible without its password.

 

To create a secure disk image:

  1. Open the Applications folder in the finder, open the Utilities folder, and double click on Disk Utility.

  2. Once in Disk Utility, in the menu bar go to File > New Image > Blank Image.
  3. In the "Save as" box, specify a name for the disk image file.
  4. In the "Name" box, specify the name the disk will have when mounted.

  5. In the “Size” box, specify the desired size for the disk image (the default is 100 MB).

  6. Make sure in the “Format” drop down, “Mac OS Extended (Journaled)” is selected.

  7. Under the "Encryption" option, select 128-bit AES encryption. When prompted, enter a password. This password should be one that other people cannot easily guess, but that you can remember. Click Choose.

  8. The "Image Format" should remain at "read/write disk image".

  9. Click Save to create the secure disk image.

Adding an encrypted disk image to the Login Items

You can add your encrypted disk image to your Login Items so that it will open whenever you login to your account:

  1. Go to the “Apple” menu and select System Preferences.
  2. Click on the Users & Groups icon.
  3. Make sure that the lock on the lower left hand side is unlocked to make changes. If it is locked, click on the icon and enter the username and password used to unlock your Mac.
  4. On the left side, select your account, and click Login Items tab at the top.
  5. Click on the “+” at the bottom of the Login Items list to add a new login item.
  6. Select the encrypted image from the list of items to add it as a login item, then click Add.
  7. Close the System Preferences window by clicking the red dot in the upper left corner of the window.

Now, each time you login to your Mac, you will be prompted for the password to your encrypted disk image, and it will then mount on the desktop.


FireVault 2

FireVault 2 is a full disk encryption that is included in University of Hawaii supported versions of macOS and is mainly recommended for laptops. When FireVault 2 is enabled, the entire Hard Drive is encrypted and can only be decrypted with the encryption key. This key is only accessible by entering the login password when starting up the device. If the device is stolen or the password is lost, the contents of the Hard Drive will be inaccessible. You can find out more about FireVault on Apple’s website here.

 

IMPORTANT: Before turning on FileVault 2, be sure you have a current backup of your data, especially your Home folder. Once you have enabled FileVault 2, be sure to make regular backups of your data.

Turning on FileVault 2

  1. Go to the “Apple” menu and select System Preferences.
  2. Click on the Security & Privacy icon.

  3. Click on the FireVault tab.

  4. Make sure that the lock on the lower left hand side is unlocked to make changes. If it is locked, click on the icon and and enter the username and password used to unlock your Mac.

  5. Click on Turn on FireVault…

  6. If you have multiple accounts on your Mac, you will be prompted to choose which accounts can unlock the disk. You may enable all accounts, or just your own (you can go back later and enable the rest). Click Continue.

  7. You will see a “recovery key” displayed on the screen. IMPORTANT: Write down this recovery key and keep it in a safe place. If for some reason you forget your login password, the recovery key may allow you to recover your data.

  8. You will be asked if you want to store the recover key with Apple. After you’ve made your selection, and if necessary fill in all the required boxes, click Continue.

  9. Click on Restart.

After your Mac restarts, if you go back to the "Apple" menu, select System Preferences, click on the Security & Privacy icon, then click on the FileVault tab, you will see that your hard drive is in the process of being encrypted. Depending on the size and speed of your hard drive, encryption could take a while. You can use your computer as you normally would while encryption is taking place.

Please rate the quality of this answer: Poor Fair Okay Good Excellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 676
Created: Fri, 29 Dec 2006 11:15am
Modified: Wed, 21 Feb 2018 9:04pm