Home page
Articles for Windows, Linux, OS X
Mac tips and articles
Mac tips
Windows 8 tips and articles
Windows 7 tips and articles
Vista Tips
XP Tips
Linux tips and articles
Read the blog
Online store
Windows, Linux, OS X programs

Apple Mac OS X tips and tweaks

Date: 15th December 2011     

Boost security with FileVault

Security is increasingly important these days and the reason is that more personal information than ever is stored on our computers: Usernames, passwords, financial data and accounts, online shopping receipts, contacts, emails and much more. If your computer is stolen the consequences could be severe if your personal, private or business information fell into the wrong hands. Laptops are the most easily taken, but it can happen to desktop computers too. The solution is to encrypt the contents of the disk drive so no-one else can access your files.

Apple introduced FileVault into OS X many years ago and this enabled users to encrypt their home folder so that no-one could access it unless they had the password. The encryption wasn't perfect, but it was adequate for most people. However, compatibility issues and limitations meant that Time Machine and other software could have problems if used with FileVault in certain circumstances.

FileVault 2 in OS X Lion is much better and in addition to using stronger 128-bit AES encryption, it works differently. Instead of encrypting just the user's home folder, it now works at a much lower level in the system and it encrypts the whole disk drive. All your files, your applications, files outside of the home folder and other users' accounts are all encrypted. In addition to this, it is possible to encrypt external disk drives too, such as USB and FireWire units. It simplifies security and it is transparent to software. Everything works as it should.

Using FileVault is easy and you just need to go to System Preferences on the Apple menu and select Security and Privacy, FileVault. Click the padlock in the bottom left corner and enter your administrator password. Now you can click the button to turn on FileVault for the internal hard disk drive.


It doesn't immediately do anything, so it's safe to try this even if you don't want to encrypt the disk just yet. You first have to select the users that are able to unlock the disk. You'll be able to unlock it because you're the administrator, but others won't unless you specify a password for them. It makes it a bit less simple for children and they can't have a standard account with no password for instance. A password is required to unlock the disk otherwise you will have to enter yours to unlock the disk for them every time the Mac is started.


External USB drive encryption
If you use an external USB or FireWire Drive or a USB flash memory drive (thumb drive ir pen drive), anything you store on it will not be encrypted. Your Mac or MacBook will be OK, but files written to external devices are a security risk and can be accessed by anyone. They need to be encrypted too.

Apple says that you can use FileVault 2 in OS X Lion for external drives, but doesn't say how. You might expect the facility to be in System Preferences under FileVault, but it isn't, it is in Disk Utility. When you get a USB disk drive it is usually pre-formatted using Microsoft's FAT system. Although the Mac can use this, it is better to reformat it using a Mac OS format. When you select a disk format to use in Lion, there is now an option for Mac OS Extended (Journaled, Encrypted). This is FileVault for external drives and it should be used if you store private or personal information on it or use it for backups.


Time Machine encryption
Talking of backups, what about Time Machine? It is all very well encrypting the disk drive in the Mac, but if you then go and use Time Machine to back up your files they will be stored in an unencrypted form on an external disk that anyone can access. You need to encrypt your Time Machine backups too.

Go to System Preferences and select Time Machine. Click Select Disk, click the disk you use for Time Machine and then tick the option below, Encrypt backup disk.


Now you are fully protected and your files are secure from unauthorised access. Even if your Mac or MacBook is stolen no-one can access your files. They can't even boot it up.