Several people asked me about FileVault, which was a new feature in Panther OS X 10.3.
First let me explain briefly what FileVault does. Basically, when you switch FileVault, everything under your user will encrypted with a very strong encryption that is almost impossible to break. Every time you save or open a file or do anything that requires a file operation FileVault will decrypt and encrypt the files on the fly. It’s happening in the background so you won’t notice anything, everything will work the same way it used to before turning it on. Only your user folder (and all folders within) will be protected, so anything you save in any other directories will not be protected (like for example you Applications will not be protected).
So, who needs FileVault and who doesn’t? Basically if there is anything under your user folder, such as documents, pictures, passwords, etc. that are sensitive and there is a slight chance that your computer can be stolen or used by unauthorized personnel than it’s a good idea to turn FileVault on. It’s especially important if you own a portable Mac, since it’s much easier to loose one of those than a desktop.
It’s not enough to disable the Auto Login feature under System Prefs/Accounts, because if someone steals your machine he can take the hard disk out of your machine and boot it as a second hard disk on another machine and look at your files like there was no password protection.
If you are using your machine with heavy files, like image editing and video editing than it’s better to avoid turning FileVault on, because it will slow down the machine slightly, however this slow down will not be felt with regular usage at all. Also, don’t turn on FileVault if you don’t have sensitive data on your machine, because if you happen to forget the password there will be no way to recover your encrypted user folder.
To turn FileVault on select System Prefs/Security/Turn on FileVault. Make sure you choose a strong log in and master password and don’t give away much in the password hint. Having a password hint like ‘My wife’s name’ or ‘My mobile number’ won’t protect your files, since it’s relatively easy to find out such information. It will take up to half an hour to secure your whole user directory depending on the size of it. Also, make sure to switch on all the options, so that your unattended machine doesn’t give a possibility to a thief to unlock your machine before taking it.
Commenting on this Blog entry is closed.