Ask Us logo

Quick Links


Setting up encryption on a Macintosh

The information in this article applies to Mac OS 10.6 and higher.

If you have a need to store sensitive data such as social security numbers (SSNs) or student records on your Macintosh's hard drive, you should make sure this data is encrypted. The following are two suggested methods for encrypting data on a Macintosh. Please be aware that forgetting the password you use to encrypt the data means you will no longer be able to access the data. There is no way around this, so proceed with caution.

Secure disk images

The first method would be to create an encrypted disk image and save all your sensitive (financial, SSN) information on this image. This way, if your Macintosh should be stolen, the files on the disk image will be inaccessible without its password.

Creating a secure disk image

  1. Open the Applications folder. Open the Utilities folder. Double click on Disk Utility.
     
  2. Click on New Image.
     
  3. In the "Save as" box, specify a name for the disk image file. In the "Name" box, specify the name the disk will have when mounted. You can also specify a size for your disk image. Under the "Encryption" option, select 128-bit AES encryption. The "Format" should remain at "read/write disk image". Click Create.
     
  4. When prompted, enter a password. This password should be one that other people cannot easily guess, but that you can remember. Important: uncheck the box for "Remember password". Click OK.

Adding an encrypted disk image to the Login Items

You can add your encrypted disk image to your Login Items, so that it will open whenever you login to your account:

  1. Go to the "Apple" menu and select System Preferences.
     
  2. Click on the Accounts icon (Mac OS 10.6) or the Users & Groups icon (Mac OS 10.7 and higher).
     
  3. If necessary, click on the lock icon in the lower left of the window, then enter the username and password you use to login to your Macintosh.

  4. On the left side, select your account.  On the right side, click on the Login Items tab.
     
  5. Drag the icon of your disk image into the "These items will open automatically when you log in:" box.
     
  6. Close the System Preferences window by clicking on the red dot in the upper left corner of the window.

Now, each time you login to your Macintosh, you will automatically be prompted for the password to your encrypted disk image, and it will then mount on the desktop.

 


 

FileVault (Mac OS 10.6) and FileVault 2 (Mac OS 10.7 and higher)

FileVault and FileVault 2 are mainly recommended for laptops. If you are using FileVault or FileVault 2, and you forget your Mac's login password, you will not be able to access your data and it will most likely not be recoverable. For this reason, use this method only if you have a lot of highly sensitive data on your hard drive, and it's too cumbersome to use encrypted disk images.

FileVault (Mac OS 10.6)

FileVault works by creating an encrypted image of your Home folder.  [Your Home folder includes your desktop, but not files or folders on the top level of your hard drive.]  When you enable FileVault, an encrypted image is created, and then all the files within your Home folder are copied to this encrypted image. Your unencrypted Home folder is then erased from your hard drive. If you choose the secure erase option, your unencrypted Home folder will be erased such that the files cannot be recovered from the hard drive.

Once FileVault is enabled, the files in your Home folder can only be accessed via your login password.  If you forget this password, you will not be able to access any of your files.

Since FileVault will first copy your Home directory before deleting it, you will need as much free hard drive space as the size of your Home folder to enable FileVault.

IMPORTANT: Before turning on FileVault, be sure you have a current backup of your Home folder.  Once you have enabled FileVault, be sure to make regular backups of your Home folder.

Checking the size of your Home folder

  1. Open your hard drive.  Open the "Users" folder.
     
  2. You should see a folder with an icon of a house.  This is your Home folder.  Click once on this folder to select it.
     
  3. Go to the "File" menu and select Get Info.  A window will appear; the size of your Home folder will appear next to "Size:".

Checking the amount of available space on your hard drive

  1. Click once on your hard drive icon to select it.
     
  2. Go to the "File" menu and select Get Info.  A window will appear.  The amount of free hard drive space you have will appear next to "Available:".  This number must be higher than the size of your Home folder if you wish to turn on FileVault.

Turning on FileVault

  1. Go to the "Apple" menu and select System Preferences.  Click on the Security icon.
     
  2. Click on Set Master Password… Type a password and a hint, then click OK.
    IMPORTANT: do not forget this password!  If for some reason you forget your login password, the master password will allow you to recover your files.
     
  3. Click on Turn on FileVault. You will be asked if you want to use secure erase. If you do, check the box for "Use secure erase". Click on Turn On FileVault.
     
  4. FileVault will now be turned on. It may take a while. It is finished when you are back at the login screen. Do not interrupt this process, even if it seems that nothing is happening.

Once you've enabled FileVault, you may notice something new when you shut down or restart your Macintosh.  If you've increased or decreased the size of your Home folder (copied or deleted files), you may receive a warning message when you shut down/log off/restart asking you if you want FileVault to reclaim lost disk space. Click Continue to have FileVault reclaim the disk space.  Do not interrupt this process even if it takes a while.

FileVault 2 (Mac OS 10.7 and higher)

FileVault 2 will encrypt your entire hard drive, not just your Home directory. Instead of copying files to an encrypted image, a strong encryption key is created and stored on your hard drive. Unless this key is unlocked with an authorized password, the hard drive's data will be inaccessible.

IMPORTANT: Before turning on FileVault 2, be sure you have a current backup of your data, especially your Home folder. Once you have enabled FileVault 2, be sure to make regular backups of your data.

Turning on FileVault 2

  1. Go to the "Apple" menu and select System Preferences. Click on the Security & Privacy icon.

  2. If necessary, click on the FileVault tab.

  3. If necessary, click on the lock icon in the lower left of the window, then enter the username and password you use to login to your Macintosh.

  4. Click on Turn on FileVault...

  5. If you have multiple accounts on your Mac, you will be prompted to choose which accounts can unlock the disk. You may enable all or just your own. (You can go back later to enable the rest.) Click Continue.

  6. You will see a "recovery key" displayed on the screen. IMPORTANT: Write down this recovery key and keep it in a safe place. If for some reason you forget your login password, the recovery key may allow you to recover your data.

  7. You will be asked if you want to store the recovery key with Apple. After you've made your selection, and if necessary filled in all the required boxes, click Continue.

  8. Click on Restart.

After your Mac restarts, if you go back to the "Apple" menu, select System Preferences, click on the Security & Privacy icon, then click on the FileVault tab, you will see that your hard drive is in the process of being encrypted. Depending on the size and speed of your hard drive, encryption could take a while. You can use your computer as you normally would while encryption is taking place.

Please rate the quality of this answer: Poor Fair Okay Good Excellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 676
Created: Fri, 29 Dec 2006 11:15am
Modified: Mon, 04 Nov 2013 4:42pm