Take Control of FileVault (1.1) (2015)
Introduction
Anyone who keeps sensitive or confidential information on a Mac—whether that’s business secrets, private medical records, love letters, or a personal journal—may worry that their information could fall into the wrong hands. That’s especially true for those of us who rely on Mac notebooks, and all the more so if we travel internationally.
FileVault is a Mac OS X feature that enables Mac users to securely encrypt all their data so that it’s completely unreadable to anyone who doesn’t have the right password—including thieves, people who happen upon lost computers, and snooping coworkers or roommates. It’s Apple’s attempt to make it as easy as possible to protect your data.
Apple introduced FileVault in 10.3 Panther, but at that time it had significant bugs, didn’t play well with Time Machine, and was limited to encrypting one’s home folder—among other problems. Starting with 10.7 Lion, Apple completely revamped FileVault—the name remains, but the underlying technology is totally different. FileVault 2 (as the current version is officially known) encrypts everything on your disk, and does so in a far more secure, robust, and user-friendly way.
Note: Apple now refers to the original version of FileVault as “Legacy FileVault.” In this book, except when I need to make an explicit distinction, I’ll use the term FileVault to refer to FileVault 2.
I like, use, and recommend FileVault. It’s easy to set up and provides excellent protection for the data on your disk (or SSD). But I’ve discovered an astonishing amount of misinformation and outdated advice about FileVault on the Web; and from talking to ordinary Mac users, I’ve become convinced that most people still don’t understand how FileVault works. Some people put too little faith in FileVault, assuming it has weaknesses that it doesn’t, while others put too much faith in FileVault, assuming it protects your data in ways that turn out to be impossible.
And, although basic setup is a piece of cake, once you go beyond the basics, questions arise with surprisingly hard-to-find answers, such as:
· Does FileVault protect my external drives too?
· If I back up a Mac with FileVault enabled, are my backups automatically encrypted?
· Can Apple—or someone else, such as law enforcement or security researchers—bypass (or hack) FileVault encryption?
· Is my data still safe if I’m logged in? If I’m logged out? If my Mac is asleep?
In this book, I get to the bottom of such questions once and for all. I’ve done lots of experiments, pored over Apple’s documentation and developer materials, and compiled what I believe to be the most complete, accurate, and up-to-date explanation of FileVault.
My goal is to demystify FileVault. I want you to understand what it does and doesn’t do, how best to use it, and how it interacts with other activities (such as backups, Power Nap, and Find My Mac). I also point out FileVault’s limitations and explain when alternatives or supplements may be a good idea.
Everything in this book works with OS X 10.9 Mavericks and 10.10 Yosemite. Most of it also applies to 10.7 Lion (in which FileVault 2 was introduced) and 10.8 Mountain Lion. A few minor things have changed along the way, but anyone with Lion or later should find the instructions here useful. (To check for updates or corrections to this book, visit this book’s Ebook Extras and click the Blog tab.)