Check out the rest of the videos in this special course: The Practical Guide To Mac Security.
FileVault encrypts your drive in a way that is seamless to you, but would make it impossible for someone else to access the data on your drive without your password.
You can also watch this video at YouTube.
Watch more videos about related subjects: Security (130 videos).
You can also watch this video at YouTube.
Watch more videos about related subjects: Security (130 videos).
Video Transcript
Hi, this is Gary with MacMost.com. Here's Part 15 of my course The Practical Guide to Mac Security. This course is brought to you thanks to my great Patreon supporters. Go to MacMost.com/patreon to find out more.
So a very important part of Mac security, especially if you have a laptop that you travel with or take out of the house at all, is FileVault. You can find FireVault in System Preferences under Security & Privacy and then look for FireVault. Here you can turn it On and set it up. The best time to turn on and setup FireVault is when you first get your new Mac. So you first get a MacBook Pro, say, and you're setting it up. Turn it On right then! If you turn it on later it's still fine but it's going to take awhile to encrypt everything and it's going to have to do that in the background.
So what FireVault does is it encrypts everything on your hard drive. So in the Finder, if we look at all of our files, everything that's on here is stored on the hard drive as a file. If somebody were to, say, take your computer, open it up because they don't have any access. They can't get to it because you have your password set. But if they were to open it up and pull the drive out and connect the drive to another computer they could look on the drive and say find this file. They could then have access to that file. They can have access to all your files. However, with FireVault turned On they would look at that drive and all they would see is encrypted data. The data would be scrambled. Without the encryption key they would have no way to actually decrypt the data and find this file or any file or anything on that drive. The drive would be unreadable to them.
So when you turn on FireVault what it does is it encrypts drive and you can't get to those files without knowing the encryption key. Now for you there is very little change. You logon to your computer using your password just as before. By logging onto your computer with the password it gives you access to the encryption key which then gives you access to all your files. Everything looks just like it did before. When you access a file on the drive you're actually decrypting it and when you're saving a file to the drive you're actually encrypting it. But that's all done in the background and it's invisible to you. Apple's hardware is optimized for this. So it doesn't even seem to take up any extra time.
So to turn it On click here. Authenticate. Then when you turn on FireVault you're given two options for kind of a backup way, a back door to get into your own data. One is to allow your iCloud Account to unlock this data. So let's say you forget your User Account password. Now you're locked out. You can't even get to your files. It's all encrypted on the drive. But if you know your iCloud password you can use that as kind of a back door to get in. So you forget your computer password your iCloud password will allow you in. The other option is to create a Recovery Key. This will actually give you a key. It's a long password that you can then store somewhere or print out and have that as a backup. Store that somewhere safe. If you were to forget your User password to your Mac you could use that as another way to get back in. So it's important to pick which one you want. Usually you would just want to use your iCloud Account and set that up.
Then after you turn it on it basically goes to work encrypting all the files on your drive and making it more secure. If somebody were to steal your Mac and then have access to the drive there, they couldn't get into your account without your account password. So they can't get to anything just to use your computer. If they even pull the drive out of the computer and try to access it that way they still wouldn't have access because everything would be encrypted. So this is really a must have for anybody who has a MacBook that takes it out of the house. If it's a computer that's inside your house or in a secure location, like an iMac or a MacPro or a MacMini, and you're sure that it is not something that is likely to be stolen then FireVault isn't as important because if nobody has physical access to your drive then whether you have FireVault turned On or not really doesn't matter. But if you think there is any chance that your actual machine could get stolen and somebody could try to access the files on the hard drive directly then FireVault is the way to protect against that.
For more information here is Apple's page about FireVault. It goes into a little more detail and gives you some information about how all of this works. But for the most part once you turn FireVault on there's really nothing to do. It just all happens automatically and you don't really notice any difference in how you use your Mac.
I just confirmed that I have FileVault enabled on my Mac but was not sure if I had used iCloud recovery or a recovery key. After some research I found the following:
Assuming that your disk is APFS formatted, run the following command in the Terminal:
diskutil apfs listusers /
Then you need to check if it lists "Type: iCloud Recovery User" and "iCloud Recovery External Key" - if that is the case, then your computer thinks the recovery key is stored in iCloud.
If I purchase a new iMac and with the setting up process with the computer would I use migration assistant to move all data from old to new, then turn on FileVault after the data successfully transferred. Or set up new Mac by following the prompts with out migrating the data first. Turn on FileVault, then use Migration Assistant to transfer data from old to new.
Danny: You use Migration Assistant when setting up the new Mac. Read about it here: https://support.apple.com/en-us/HT204350
Hello again Gary. You didn’t really answer my question. I know how to use Migration assistant. My question was really about do you turn on FileVault first in the process of setting up the Mac, before migrating the data or turn FileVault on after the data has been migrated.
Thanks again
Danny: If you use Migration Assistant, you are doing it when you set up the new Mac. Just follow the prompts.I believe it should ask you both about migrating and about FileVault during the settings up. Just go through the steps.
What's the difference between FireWall and FileVault? Do you have a video explaining that?
Sherry: They are completely different things. A firewall is a system function that monitors incoming and outgoing network communication. FileVault is part of macOS and will encrypt your drive so that if the drive is removed from the machine and connected to another computer, it cannot be read.
Hi Gary,
I just note your response above regarding Migration Assistant and File Vault. I have one of those jobs where I have to set up a new Mac mini for a client and migrate for the old Mac mini. File Vault is set up on the older Mac and it's the only time I have seen it used. I remember setting it up years ago. It can take a while. Will the main admin password do instead of the encryption key, in the event that can't be located? Does it take long to turn off/decrypt File Vault?
Stephen: Maybe this article has your answers? https://support.apple.com/en-us/HT204837 I don't remember at the moment. Usually you just log in to your account and you never have to deal with a separate FileVault password.
Thanks Gary, from reading the linked article it looks like it equally takes time to decrypt after file Vault is turned off. I will be dealing with a fairly old machine so those kind of actions can lead to long waits. My understanding is that all new Macs now have File Vault enabled so I will probably stick with it on.
I wanted to secure my MacBook Air.I reviewed all of your FileVault related videos beforehand.When I actually turned FileVault "on," however, it LITERALLY only took 5 seconds to supposedly complete the process on my HD (130GB used, 865GB available).The FileVault tab in the Security and Privacy preferences shows "FileVault is turned on for the disk 'Macintosh HD'" and "A recovery key has been set."It seemed way too fast to have actually accomplished anything.Is there a way to confirm it's working?
Kevin: If it is on, it is working. You didn't have much stored on the drive, and plenty of free space for it to work with so I'm not surprised it was fast.