How to Strengthen Mac Security Using FileVault Encryption?

Setting up a new Mac is easy, and you can do it in a few minutes to a few hours. If you are concerned about your internet privacy, you need to spend a fair share of your time tweaking security settings. Since Apple emphasizes more on protecting its user privacy, configuring macOS security settings is particularly difficult. 

It’s good to check your privacy settings if you are setting up a new Mac or upgrading to the latest operating system. 

Here’s what you need to know to tweak your Mac for the best security settings

Enable FileVault Hard Disk Encryption

Use Apple's FileVault disk encryption to protect data stored on the hard drive. FileVault uses XTS-AES-128 encryption with a 256-bit key to prevent unauthorized access to important information. The feature works efficiently and doesn't slow down your Mac computer in any way. 

The latest FileVault 2 is available on macOS 10.7 (OS X Lion) and later versions. The users will have to sign in to their administrator account when the disk encryption feature is turned on. If someone steals your computer and the startup disk is not encrypted, the information stored on the disk is vulnerable to unauthorized access. 

On the other hand, if you encrypt your hard drive using FileVault, the moment you shut down your computer, the hard drive locks down immediately. This prevents unauthorized access to any of the files, folders, and other items. 

Setting up FileVault is easy, and you can do it by navigating to System Preferences from the Apple menu. Next, click Security & Privacy and select the FileVault tab. Click on the Lock sign and enter the administrator's credentials. Click on Turn On FileVault.

What If Multiple User Accounts Exist on Mac?

In case multiple user accounts are set up on the Mac computer, it will prompt each user to provide their password to unlock the startup disk. The user accounts that you have added after turning on FileVault will be enabled automatically. 

The Security & Privacy window will display the message, "Each user must type in their password before they are able to unlock the disk." Click on Enable User button, provide the user's password and click Continue.

How Does FileVault Encryption Work?

FileVault encodes all the data stored on the hard drive to help you prevent unauthorized access to your information. You must be an administrator to set up FileVault encryption. Moreover, you will have to choose how you will unlock your Mac's hard drive in case you forget your account password. 

You may select any among the two given options. 

  • iCloud: If you set up your account on iCloud Drive, it will be an easy and convenient option to unlock the startup disk as you don't need to maintain a separate recovery key. 
  • Recovery Key: It is a string of alphanumeric characters that FileVault generates when you set up the disk encryption feature. You need to copy and save the key somewhere other than your computer. It is mandatory to use the exact letters and numbers in the right sequence to unlock the disk. 

When you turn on FileVault encryption, and it's in process, you cannot turn it off until the process completes. Depending on the amount of data stored on the hard drive, the encryption process can take longer than expected; however, you can use your computer normally when the encryption is running in the background. 

If you receive an error message saying that the encryption has been paused, the possibilities are that your Mac has encountered an issue that is preventing encryption from completing. You need to identify where the error message is coming from to rectify the issue. Most of the startup disk errors are associated with storage so try to free up the startup disk.

The source of the problem could be insufficient storage. Ensure that at least 15% of the overall disk space is free. If the amount of free storage is insufficient, try deleting unnecessary apps, data, and other items. Once done, try to run the encryption process again and check if it completes successfully. 

If you wish to turn off FileVault encryption for any reason, go through the given steps.  

How to Turn Off FileVault?

Turning off FileVault will turn off the hard disk encryption, and all the contents of the hard drive will be decoded. 

Click on the Apple menu and select System Preferences. Tap on Security & Privacy, click FileVault and check if the lock icon available in the bottom left is locked. If yes, click on it to unlock the preferences pane, tap Turn Off FileVault, and then click Turn Off Encryption. 

The disk decryption process may take several minutes, depending on the amount of data stored on the hard drive. While the disk decryption is in process, you can use the Mac computer normally.