Skip to main content

What is FileVault and is it right for you?

By
http://ift.tt/2C6j9ca

Are you interested in encrypting your data? We explain Apple's FIleVault!

If you've heard about data encryption, you may have wondered if encryption is something that you'd want to implement for your own data and computers. You might be on the fence on whether you should or shouldn't encrypt your data in this post-Snowden age. Or, you might be a health or business professional wanting to safely store client information. What ever your reason, Apple provides data encryption on macOS and Apple calls it FileVault. We're here to help you see if data encryption and FileVault is right for you.

What is data encryption

As a primer, encryption is the ciphering or scrambling of of your data in such a way that the only way to decipher or unscramble your data would be if you were in possession or have knowledge of the proper deciphering mechanism. It can be in the form of a key, long passcode, portable RFID chip or a combination.

What is FileVault

FileVault is Apple's implementation of encrypting your data on macOS and Mac hardware. It will encrypt all of your data on your startup disk (although you can also encrypt your Time Machine backups as well) and once enabled, it will encrypt your data on the fly and will work seamlessly in the background. It forces all uses to have to re-enter their password when waking from sleep or a screensaver and any non administrator accounts will require an administrator to log them in on first login to enable the encryption.

How does FileVault work

Enabling FileVault will prompt you for a password and you'll then have a choice to create a Recovery Key. or to be able to use your iCloud account as a cipher. The Recovery Key is the cipher that can be used to decrypt all of your data whether it be on your computer or if you put your hard drive in a new Mac. It is imperative that your Recovery Key be stored in a safe, non-local location such as a safe, safety box or cloud storage location such as 1password or iCloud. The iCloud account is less secure in the sense that your iCloud cipher is stored online and at least part of the cipher information is visible for all to see (i.e. your iCloud account). More on this below.

Why would you want to enable FileVault

If you have sensitive information on your Mac, such as patient information, industrial blueprints, or intellectual property you might want to consider using FileVault to encrypt your data. Perhaps you often travel with your MacBook and have personal information on it such as credit cards or bank information. Just having a strong password is not enough if you've physically lost your device. Swapping your hard disk into another PC, Mac or linux computer allows for direct data access if the contents are not encrypted.

Drawbacks of FileVault

There are some caveats when it comes to enabling FileVault.

First, encryption does take a toll on system resources. Mind you, todays, Macs are very powerful and the processor usage is negligible when encrypting and decrypting data on the fly. However, some older macs like my 2010 MacBook Air, has noticeable hiccups when opening and closing programs and files. As a result, my battery life is also affected.

Second, and we've made reference to this earlier, your Recovery Key must never be stored on the local disk exclusively. If you lose or misplace your Recovery Key, and you need to restore your data from backup or to another Mac due to hard drive failure, your data is gone forever. Apple does not have a backdoor or secret way to unlock your data. You are solely responsible for safeguarding your Recovery Key and making it available for restoration purposes. If you by chance use the iCloud option as a cipher for your encryption, then you'll have some help from apple in terms of requesting a password reset. However, this is inherently less secure in that you're placing your trust in Apple to make certain no one gets access to that cipher online.

Who might not want to enable FileVault

If you're the type of person that is less concerned with securing your data, but is more concerned with being able to restore lost data easily, then enabling FileVault might not be for you. Some non-power users simply store photos, music, or videos on their Macs and as such, the stress of not being able to recover your data due to a misplaced Recovery Key or a forgotten iCloud account name or password might outweigh the security aspect. Also, if you believe that encrypting and decrypting data on the fly on your Mac may prove to resource intensive, you might want to forego enabling FileVault until such time that your system specs can run FileVault with out a noticeable hit.

Encryption and backups

I was an IT and security administrator for many years. Most end users never truly understood that backups were not the be-all end-all of keeping your data protected. What most end users do not realize is that it's the recovery process that is much more critical and much more difficult than the backup process. Just because you've backed up your data, doesn't mean you'll be able to restore your data. Adding encryption on top of this stressful and critical process can prove to be overly complicated and difficult for what your data is worth. Rene wrote an excellent article describing this very scenario and the take away is that encrypting is not yet for everyone.

Enable FileVault

If you're ready to enable FileVault, follow our detailed guide or follow these quick steps.

  1. Launch System Preferences.
  2. Select Security & Privacy.
  3. Click the Lock icon to enable changes.
  4. Read the WARNING.
  5. Click Turn On FileVault.
  6. You must make a choice on whether you want to use your iCloud account as a key to unlock your encrypted disk or to create a recovery key. If you plan on having highly sensitive data that you want to ensure that no one but you can get access to, the select to create a recovery key. Otherwise choose to Allow my iCloud Account to unlock my disk.
  7. If you've chosen to create a recovery key you must store it in a safe place not on your hard drive where you'll be able to retrieve it for recovery purposes. Other wise your data will be unrecoverable.

The encryption will run in the background in realtime. You'll be able to use your Mac as you normally would in the meantime.

Disabling FileVault

Once your entire startup disk has been encrypted, you can at anytime turn off FileVault by selecting Turn Off FileVault in system preferences if you find it being too system resource intensive or if you don't think you need that level of security.



from iMore - The #1 iPhone, iPad, and iPod touch blog http://ift.tt/2lcGeSu
Labels:

Comments

Post a Comment

Popular posts from this blog

How to Get a MacBook or MacBook Pro Keyboard Repaired Free Under Apple's Service Program

By
https://ift.tt/2tocBCJ Apple has initiated a new worldwide service program offering free repairs of MacBook and MacBook models equipped with low-profile, butterfly mechanism keyboards, after the company determined that "a small percentage" of the keyboards may develop one or more of the following issues: Letters or characters repeat unexpectedly Letters or characters do not appear Key(s) feel "sticky" or do not respond in a consistent manner Apple or Apple Authorized Service Providers will service eligible MacBook and MacBook Pro keyboards free of charge. Apple says the process may involve the replacement of one or more keys or the whole keyboard. The following MacBook and MacBook Pro models are eligible for the program: MacBook (Retina, 12-­inch, Early 2015) MacBook (Retina, 12­-inch, Early 2016) MacBook (Retina, 12-­inch, 2017) MacBook Pro (13­-inch, 2016, Two Thunderbolt 3 Ports) MacBook Pro (13-­inch, 2016, Four Thunderbolt 3 Ports) MacBook Pro...
1 comment
Read more

How to like, comment, and add subscribers to shared photo albums on your iPhone, iPad, Mac, or PC

By
https://ift.tt/2q570On With iCloud Photo Sharing, you can share, like, and comment on photos and videos with friends and family around the world — no social media account needed. Making or subscribing to a shared photo album on iCloud is just the beginning: Once you're part of a shared album with your friends, family, or co-workers, you can add comments, like photos, invite more pals into the fray, and more. iCloud Photo Sharing: The ultimate guide If you want the social media experience without having to plaster your images across the internet, iCloud Photo Sharing offers some great tools for it. Here's how you can like your friends' images, add new people to an existing shared album, and add comment threads to photos and video. How to share albums with people who don't use iCloud How to add someone to a shared photo album How to remove someone from a shared photo album How to let other people add photos and video to your shared photo album How to like...
1 comment
Read more

The Instant Pot Craze and How it's Disrupting Kitchens Everywhere

By
http://ift.tt/2InTBKj Pressure cooker? Slow cooker? Rice cooker? The Instant Pot is all of these things and more! The Canadian-designed Instant Pot is essentially a roided out slow cooker for half the price of most decent slow cookers on the market. There are several iterations of the Instant Pot, and it may just be able to replace every imaginable kitchen appliance you have. So what's the hubbub? Is the hype real? Let's take a look! See at Amazon What does it do? I think, in terms of kitchen capabilities, the better question is what doesn't the Instant Pot do? The lower-end versions have 6-in-1 functionality, while the Ultra, for example, can be a slow cooker, pressure cooker, rice cooker, yogurt maker, cake maker, egg cooker, sauté cooker, steamer, warmer, and sterilizer. Oh, and the 6-quart Ultra model is only $150 ... Somehow… Basically, the Instant Pot could be your tool for cooker just about everything. With many programmable cooking options, for everyt...
Post a Comment
Read more