Previous 1 2 3 4 Next 47 Replies Latest reply: Jan 11, 2016 7:34 PM by mgnick
Dogs 'n Front Level 1 (0 points)

Of the many recent changes and updates that Lion offers, FileVault has me a little baffled.  What's the point of it?  Does it allow me to encrypt my files and folders with a password?  If so, I haven't seen that option yet.  After turning on FileVault, Lion started the process of encrypting my files (so it says) but without the option to enable a password for folders and programs, I'm not sure I understand what purpose it serves.

Mac Pro, Mac OS X (10.6.8)
  • richardfromsalmon arm Level 1 (95 points)

    Without your user password everything is encrypted. No real benefit to the average user.


  • b j t Level 4 (3,670 points)

    If you don't undertand it in enough detail, DO NOT DO IT as you may make your computer into a very large paper weight. ( Happened to someone I know )

    Makes computer run slower too as it has to contantly encrypt and de-crypt files.

  • Topher Kessler Level 6 (9,865 points)

    FileVault very useful to some users. It encrypts your whole hard drive, so in the event your system is stolen then it is very unlikely someone can read the files on your disk. Without it, a thief can easily boot your system to Target Disk mode or even take out the hard drive and use another PC to read its contents.


    It is an advanced level of security that is very beneficial, and does not have many of the drawbacks that the previous FileVault had. However, as is always the case be sure you keep a good and full backup of your system, regarldess of whether or not you use filevault.


    Filevault will absolutely NOT brick your system as b j t claims. At the very most a problem would require you to format your hard drive and restore from backup or reinstall OS X, but provided you have a good backup this should not be an issue (regardless of how remote it actually is). It is very likely that BT's friend had another issue with his system.

  • Topher Kessler Level 6 (9,865 points)

    To emphasize, FileVault does not work on the level of individual files, and works underneath the OS so all files on the hard drive are automatically encrypted. The password unlocks the drive's decryption keys so the system can read its contents. Without these keys or the password to unlock them the drive's contents will be garbled.


    Because of this requirement for a password, when FileVault is enabled you will not be able to set your system to automatically log in (the password is required to unlock the drive when starting up or restarting).

  • boyfromoz Level 1 (45 points)

    Lose you password and computer is bricked with FileVault. Is what BT. Saying and is correct and folks here have done so. I no use for FileVault. Will slow system as well and interfere with upgrades.

  • b j t Level 4 (3,670 points)

    boyfromoz wrote:


    Lose you password and computer is bricked with FileVault. Is what BT. Saying and is correct and folks here have done so. I no use for FileVault. Will slow system as well and interfere with upgrades.

    This is what happened to the person I know. Now their computer a VERY expensive paper weight

  • Topher Kessler Level 6 (9,865 points)

    Like I described, this is not true. You have the option to save the encryption keys somewhere safe, or even with Apple if you choose. Additionally, if you lose your password and the encryption keys and as a result cannot log in, you still have not bricked your system. It is either restorable from a backup if you have one, or at the very worst you can reinstall OS X.


    FileVault 2 also will neither slow the system significantly nor interfere with upgrades. While this may have been the case with the first generation of the FileVault technology which used an encrypted disk image within OS X for the user's home folder, the new FileVault is transparent to the OS so unless upgrades have to do with the FileVault technology itself then the system will not be aware of it. Additionally, while there is a small performance hit because of the encryption overhead, the hit is fairly insignificant.


    Here are some benchmarks showing in many cases a very small performance change, with the only major difference being in boot times. In some cases because of caching differences there is even an increase in performance: -os-x-lion/

  • Terence Devlin Level 10 (137,920 points)

    With respect, FileVault didn't make  paperweight of the computer. It was simple User Error - forgetting the password - that did it.

  • Topher Kessler Level 6 (9,865 points)

    Even with this distinction, the computer is not bricked. This is a false description of a basic inability to log in. Without the password you can still reinstall OS X and restore from a backup.

  • b j t Level 4 (3,670 points)


  • Tom in London Level 4 (1,610 points)

    I've been considering FileVault for a long time but have always been scared to start using it because of (a) the performance hit - however small - mentioned above (b) the fear of losing my password.


    This is balanced by the fear of having my MacBook Pro stolen while I'm out and about - and thereby, the possibility that anyone could then access the contents of my hard drive (by any of the methods described above by other posters).


    So - can I hear it please from some actual users of File Vault? What's your experience? A few questions would be:


    - Can I make a clone of my HD if FV is enabled, and boot from it?

    - What happens with system upgrades, installing new applications etc.?

    - Etc.

  • Topher Kessler Level 6 (9,865 points)

    I use FileVault on all of my systems, which include two MacBook Pro systems (one with dual hard drives), a Mac Mini, and an XServe, and have enabled it on numerous other Macs that colleagues have used, and also enable encryption on most of my external hard drives.


    You can clone your encrypted drive, though you might have troubles doing block-level clones. Once the drive is unlocked and mounted the system treats it as any other drive, and you can use Carbon Copy Cloner or another cloning tool to file-level clone your drive. The problem with cloning Lion drives with file-level cloning is you will not copy the hidden Recovery HD partiton, but this hurdle is present regardless of whether or not you have FileVault 2 enabled. However, it only takes a few more steps to restore the Recovery HD partition when cloning or restoring your system from backup (it just takes remembering to do so, since cloning is not officially supported by Apple as a backup/recovery routine).


    Installing new applications and managing documents is seamless, and is the same as if you install them on any other OS X system. The encryption happens underneath the OS, so OS X, documents, and applications you use are unaware of it and work as they would on any system.


    Your concerns about losing the password are good ones, but if you already set your system to use the login window instead of automatic login then there is no difference (the regular use of the login window ensures you remember your password). The same password is used to unlock the drive and then log into your account once the system is booted. The difference with login is that you will need to specify the users who are able to unlock the drive (done in the FileVault system preferences). If a user is not, then the initial login window will not show that user account, and to get to that account another user will have to log in, and then log out so the unauthorized user can access his account.


    In terms of performance problems, I've not seen any in my uses (primarily office and computational analysis with programs such as Igor Pro, Matlab); however, I use SSDs in my systems so this greatly increases overall performance and results will likely be different if you are using the slower classic HDD technology.

  • Tom in London Level 4 (1,610 points)

    Thanks Topher - very useful. I shall ponder.

  • Topher Kessler Level 6 (9,865 points)

    While rare, the point that is most likely to give you problems (if any) is when you first enable FileVault and the system sets up the disk management system and encryption keys, and performs the encryption. In these steps the filesystem is more vulnerable to corruption from things like crashes or other mishaps, so do be sure to fully back up your system before enabling it, should something go awry (regardless of its low probability).

Previous 1 2 3 4 Next