Office of Information Technology

Data Encryption with FileVault on Mac OS X


FileVault is the data encryption tool built in to the Mac operatins system, OS X. It allows you to encrypt your home directory (Documents, Pictures, Desktop, etc.) and then seamlessly access it at login. The result is you are able to work with them as normal when you are logged in. No one else can read your files, unless they login as you. This is important should your computer be lost or stolen, any confidential data on the hard drive would not be accessible by anyone without your userid and password.

It is important to keep in mind some limitations of this tool:

  • Only files in your home directory are encrypted so if you save something to another location on your hard drive (e.g. the Applications folder) it will not be protected by the encryption.
  • FileVault uses your login password and an optional Master Password to allow access to the encrypted data. If you forget both of these passwords you will no longer be able to access the data.

WARNING: Because the encryption and decryption is done at login and logout, it is important that you always log out or shutdown your computer completely. Don't force the machine to power off or Force Quit applications doing this can result in data loss. It is important to avoid this evem if you are not running FileVault, as it can cause data corruption and loss on un-encrypted systems as well.

 

Enabling FileVault Encryption

  1. Open the APPLE MENU in the upper left corner of your screen.
  2. Select SYSTEM PREFERENCES.
  3. Click on the SECURITY icon in the upper right of the window.
  4. If you have not done so already, click on the SET MASTER PASSWORD button. This password can be used to access your encrypted files if you forget your login password.
  5. You will be prompted for your current login password. Then, you will be presented with fields to enter a master password and confirm it, as well as an option to enter a hint for the master password. Choose a master password that is complex and easy for you to remember.
    Screenshot
  6. Once you have set a master password, click on the TURN ON FILEVAULT button to start the encryption process. You will be prompted to enter your login password again and click OK.
  7. A final screen with information about the encryption process will be presented. Once you proceed past this screen, you will be logged out of your system and will not be allowed to log back in until encryption is complete. You should save all your work and close any other applications before proceeding. You may also want to check the box for USER SECURE ERASE as this will more securely remove the unencrypted versions of your files. When you are ready, click the TURN ON FILEVAULT button.
    Screenshot
  8. FileVault will log you out and start the encryption process. It will display its progress and a time estimate to completion. Keep in mind that the more files you have in your user directories the longer this process can take.
  9. Once the encryption is complete, you will be prompted to log back into your machine as normal. Your home directory and the files it contains are now encrypted, and can be accessed normally when you are logged in.