The information in this article applies to Mac OS 10.6 and higher.
If you have a need to store sensitive data such as social security numbers (SSNs) or student records on your Macintosh's hard drive, you should make sure this data is encrypted. The following are two suggested methods for encrypting data on a Macintosh. Please be aware that forgetting the password you use to encrypt the data means you will no longer be able to access the data. There is no way around this, so proceed with caution.
The first method would be to create an encrypted disk image and save all your sensitive (financial, SSN) information on this image. This way, if your Macintosh should be stolen, the files on the disk image will be inaccessible without its password.
Creating a secure disk image
Adding an encrypted disk image to the Login Items
You can add your encrypted disk image to your Login Items, so that it will open whenever you login to your account:
Now, each time you login to your Macintosh, you will automatically be prompted for the password to your encrypted disk image, and it will then mount on the desktop.
FileVault and FileVault 2 are mainly recommended for laptops. If you are using FileVault or FileVault 2, and you forget your Mac's login password, you will not be able to access your data and it will most likely not be recoverable. For this reason, use this method only if you have a lot of highly sensitive data on your hard drive, and it's too cumbersome to use encrypted disk images.
FileVault (Mac OS 10.6)
FileVault works by creating an encrypted image of your Home folder. [Your Home folder includes your desktop, but not files or folders on the top level of your hard drive.] When you enable FileVault, an encrypted image is created, and then all the files within your Home folder are copied to this encrypted image. Your unencrypted Home folder is then erased from your hard drive. If you choose the secure erase option, your unencrypted Home folder will be erased such that the files cannot be recovered from the hard drive.
Once FileVault is enabled, the files in your Home folder can only be accessed via your login password. If you forget this password, you will not be able to access any of your files.
Since FileVault will first copy your Home directory before deleting it, you will need as much free hard drive space as the size of your Home folder to enable FileVault.
IMPORTANT: Before turning on FileVault, be sure you have a current backup of your Home folder. Once you have enabled FileVault, be sure to make regular backups of your Home folder.
Checking the size of your Home folder
Checking the amount of available space on your hard drive
Turning on FileVault
Once you've enabled FileVault, you may notice something new when you shut down or restart your Macintosh. If you've increased or decreased the size of your Home folder (copied or deleted files), you may receive a warning message when you shut down/log off/restart asking you if you want FileVault to reclaim lost disk space. Click Continue to have FileVault reclaim the disk space. Do not interrupt this process even if it takes a while.
FileVault 2 (Mac OS 10.7 and higher)
FileVault 2 will encrypt your entire hard drive, not just your Home directory. Instead of copying files to an encrypted image, a strong encryption key is created and stored on your hard drive. Unless this key is unlocked with an authorized password, the hard drive's data will be inaccessible.
IMPORTANT: Before turning on FileVault 2, be sure you have a current backup of your data, especially your Home folder. Once you have enabled FileVault 2, be sure to make regular backups of your data.
Turning on FileVault 2
After your Mac restarts, if you go back to the "Apple" menu, select System Preferences, click on the Security & Privacy icon, then click on the FileVault tab, you will see that your hard drive is in the process of being encrypted. Depending on the size and speed of your hard drive, encryption could take a while. You can use your computer as you normally would while encryption is taking place.