• ITS Help Desk
• Support
• Security
• Software Central
• Get a Computer
• Help Desk Live

FileVault Drive Encryption

Overview
Drive Preparation
FileVault Step-by-Step
Best Practices
Additional Resources

FileVault Overview

FileVault an encryption system built--in with OS 10.3 and later. It uses the Advanced Encryption Standard (AES) with 128-bit keys and encrypts the data in your Home directory in real time. Your username and password is what unlocks the encryption on your home directory, but if you forget your password the master password can also be used to access the encrypted data on your computer. And, while you can create encrypted virtual disk images using the Apple Disk Utility only the home directory on your computer will be encrypted.

Back to Top

Drive Preparation

• When preparing a computer to use FileVault it is best to start with a clean installation of the latest version of OS 10 and make sure all of the updates are done.
• Make sure that you have enough free space on your computer to hold two copies of your home directory.
• If you use any specific backup software, make sure that it is compatible with FileVault.
• Enable file vault before restoring any backed up or saved files to the computer.

Back to Top

FileVault Step-by-Step

1. Click on the Apple menu, on the top left hand corner of the screen and go to the System Preferences menu.
   
   
   
2. From the System Preferences menu, click on the Security icon under the Personal section
   
   
   
3. In the Security section you will be presented with FileVault options.   The first thing to do is set your options to look like the image below.  We recommend requiring a password to wake up the computer from sleep or screen saver, disable automatic login, logout after 15 minutes, and to use secure virtual memory.  Once those are set click on Set Master Password…
   
   
   
4. This will take you to the screen to set a Master Password.  Here you will want to choose a secure password that will unlock your data in the event that you forget your password or for some reason you’re unable to get into your account.   Make sure you keep a record of this password in a secure place and with your departmental IT person. Using an easily memorable phrase with a few misspellings or other unique modifications is a good way to select a strong master password.  
   
   
   
5. Once you set the Master Password click on the button to Turn on FileVault…  Make sure you click the option to Use Secure Erase. All that’s left to do is confirm your decision by clicking the button that says Turn On FileVault.
   
   
   
6. Once you’ve gone through these steps your machine will want to log out.  While you are logging out your computer will be encrypting your home directory.  Because it is encrypting your home directory it will take longer to log out this time than you may be used to.  After this is done make sure that you restart your computer so that the option for using Secure Virtual Memory can take effect.
   
   
7. You will be able to tell that the encryption went through by seeing a padlock over your home directory in the finder:
   
   
   And the Security section of System Preferences will now show that FileVault is turned on:
   

Back to Top

Best Practices

• FileVault will only encrypt data that is in your home directory.   Files that are kept on the desktop or in folders other than in your home directory are not protected by this.
• Because of how FileVault encryption works you should be careful to avoid force quitting programs and improperly shutting down the computer.  These things increase the risk of damaging your data or keeping that data from being properly encrypted.
• Always make sure to log off of your computer when done.  Not only does this keep unauthorized users from walking up to your computer and accessing your files, it also is important for how FileVault’s encryption works.   Doing this will help keep your operating system in good working order.
• Using a longer and more complex password will increase the security of your encrypted data.
• Haxies and certain disk utilities can interfere with how  FileVault works and potentially cause data corruption
• Encrypted data, especially video files, can cause performance issues.
• Make sure that you keep a copy of your master password in a secure location like a locked file cabinet.   We also recommend that you give a copy of it to your departmental IT person.
• Using encryption is a good defense but nothing is perfect.  Remember to have a strong password and to handle sensitive data responsibly.
  

Back to Top

Back to Help Desk Encryption Support Center

Last Updated: 04/24/2008