FileVault Encryption

FileVault 2 is an encryption software built into Mac OS X. It encrypts the entire drive on your Mac making your data inaccessible to anyone without the password or encryption key. Faculty and staff using Macs that contain sensitive information, WIN, Social Security numbers, grades, financial or research information, etc., should set up FileVault to protect their files.

FileVault 2 requires Mac OS X Lion or newer. Some of the key features of FileVault 2 are:

  • Transparent encryption - Enter your password at startup and your files are unencrypted.
  • Volumes can only be accessed with the password or encryption key.
  • Encryption of external hard drives and Time Machine backups. 

Do not lose your password or encryption key. If both the password and the encryption key are lost, the files on your FileVault encrypted Mac can never be opened again.

Enable FileVault

  1. Open the System Preferences application.
  2. Click the Security & Privacy and select the FileVault tab.
  3. Click the Turn on FileVault button to enable FileVault encryption.
  4. A recovery key will be shown, copy down the key and then click the Continue button. The computer account password will be used as the encryption password. Store this recovery key in a safe place. Anyone who has access to this key can unencrypt your Mac. Also, if you lose your password, the recovery key is the only way to recover your data.
  5. You will be presented with the option to store your recovery key on Apple's servers. If you choose to do this, do not rely on this method as your only means of recovering the security key. You should still store your own copy of the encryption key show in the previous step.
  6. Click the Restart button to begin the encryption process. Your computer will continue the initial encryption process in the background.
  7. Your Mac is now encrypted. Each time your computer is started you will be prompted to enter your password. If you use external drives for backup, it is recommended you encrypt those drives as well.

Enable Find my Mac

For even greater secruity, enable the Find my Mac feature. When enabled, Find my Mac can be used to locate a lost or stolen Mac, lock the Mac to prevent other people from accessing it, or even wipe the hard drive to prevent sensitive data from falling into the wrong hands.