Setting Up Encryption on macOS

If you have a need to store sensitive data such as social security numbers (SSNs) or student records on your Mac’s hard drive, you should make sure this data is encrypted. The following are two suggested methods for encrypting data on a Mac. Please be aware that forgetting the password you use to encrypt the data means you will no longer be able to access the data. There is no way around this, so proceed with caution.

FileVault - Full Drive Encryption

FileVault is the built-in full disk encryption solution offered by Apple. In addition to the security benefits of encryption, FileVault also enables: Needing a password to log in when your Mac is in sleep and after the screen saver; Only users with FileVault enabled can log in. All other users will need an administrator to log in first.

  1. On your Mac, choose Apple menu > System Preferences
  2. Click Security & Privacy
  3. Click FileVault
  4. Click the lock icon to unlock it, then enter an administrator name and password.
  5. Click Turn On FileVault
  6. Choose how to unlock your disk and reset your login password if you forget it:
    • Use your iCloud account: Click Allow my iCloud account to unlock my disk.
    • Create a recovery key: Click "Create a recovery key and do not use my iCloud account." Write down the recovery key and keep it in a safe place. If for some reason you forget your login password, the recovery key may allow you to recover your data.
  7. Click Continue.
    • If your Mac has additional users, their information is also encrypted. Users unlock the encrypted disk with their login password.
    • If there’s an Enable Users button, you must enter a user’s login password before they can unlock the encrypted disk. Click Enable Users, select a user, enter the login password, click OK, then click Continue.

Additional FileVault Resources

Secure Disk Image - Container Encryption

An encrypted container is a location where you can store individual files, which will be encrypted. Apple refers to encrypted containers as a secure disk image (.dmg file), which is a file that looks and acts like a mountable device or volume.

  1. In the Disk Utility app on your Mac, choose File > New Image > Blank Image.
    2. Enter a filename for the disk image, add tags if necessary, then choose where to save it. This is the name that appears in the Finder, where you save the disk image file before opening it.
  2. In the Name field, enter the name for the disk image. This is the name that appears on your desktop and in the Finder sidebar, after you open the disk image.
  3. In the Size field, enter a size for the disk image.
  4. Click the Format pop-up menu, then choose a format:
    • If you're using the encrypted disk image with a Mac computer using macOS 10.13 or later, choose APFS or APFS (Case-sensitive).
    • If you're using the encrypted disk image with a Mac computer using macOS 10.12 or earlier, choose Mac OS Extended (Journaled) or Mac OS Extended (Case-sensitive, Journaled).
  5. Click the Encryption pop-up menu, then choose an encryption option.
  6. Enter and re-enter a password to unlock the disk image, then click Choose.
    • WARNING: If you forget this password, you won’t be able to open the disk image and view any of the files.
  7. Use the default settings for the rest of the options:
    • Click the Partitions pop-up menu, then choose Single partition - GUID Partition Map.
    • Click the Image Format pop-up menu, then choose “read/write” disk image.
  8. Click Save, then click Done. Disk Utility creates the disk image file where you saved it in the Finder and mounts its disk icon on your desktop and in the Finder sidebar.
  9. In the Finder, copy the documents you want to protect to the disk image.
  10. If you want to erase the original documents so they can’t be recovered, drag them to the Trash, then choose Finder > Empty Trash.

When not using your secure disk image, be sure to eject the secure disk image. This way, others with access to your computer will not be able to access these files.

Important: Be sure to record and keep this password in a safe place. You cannot access the data without this password.

The following Apple support article was used to provide the setup steps: https://support.apple.com/guide/disk-utility/create-a-disk-image-dskutl11888/mac

Removable Media (e.g., CD/DVDs, USB Drives, and Memory Cards) - Full Drive Encryption

WARNING: When you encrypt a disk or other media, the disk format is converted to the APFS format and then encrypted. Macs with older versions of macOS that don’t support the APFS format will not be able to read the device’s data.

  1. In the Finder on your Mac, open a window, then Control-click the item you want to encrypt in the sidebar.
  2. Choose Encrypt [item name] from the shortcut menu.
  3. Create a password for the disk and click Encrypt Disk.

Important: Be sure to record and keep this password in a safe place. You cannot access the data without this password.

To decrypt an encrypted disk, Control-click the disk you want to decrypt, then choose Decrypt [item name] from the shortcut menu.

The following Apple support article was used to provide the setup steps: https://support.apple.com/guide/mac-help/encrypt-disks-memory-cards-protect-mac-mh40593/mac.
An alternate method can be found here: https://support.apple.com/guide/disk-utility/encrypt-protect-a-storage-device-password-dskutl35612/mac

Please rate the quality of this answer: Poor Fair Okay Good Excellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 676
Created: Fri, 29 Dec 2006 11:15am
Modified: Fri, 19 Jun 2020 4:58pm