Is it still the case that with File Vault enabled you can no longer use Touch ID at all? or is it only for certain things that Touch ID won't work. See https://support.apple.com/en-us/HT207054
tx
MacBook Pro with Retina display, macOS High Sierra (10.13.3), 13 inch with Touchbar (2016 late)
I have FileVault turned on and use Touch ID for everything possible. I searched the article that you referenced ( Use Touch ID on MacBook Pro - Apple Support ) and only found one mention of FileVault and it states that there are only 2 places (both in System Preferences) where you would normally be able to use Touch ID but cannot if FileVault is on:
Note that you must type your password rather than use Touch ID to unlock the Security & Privacy pane and the Users & Groups pane (if you have FileVault turned on).
I have used FileVault on my previous MacBook Air for 4 years and my current MacBook Pro for 2 years and I am not aware of any compromises. I don't remember how long it took when I originally turned it on but you can continue to uses your Mac normally while it does the original encryption although it does have a performance impact during that time. I'm not sure if there is any recommended policy regarding the passwords; mine uses my login password (i.e., I only enter one password at startup or to unlock) and I don't believe that there is any option other than that.
Great to know. So I assume you recommend turning FV on. It seems like an extra layer of security. And if there are no compromises to performance or touchid apart from security prefs in system prefs, then it will be a go. Takes a day or so for 600 GB of data would you guess?
thanks.
One last question: is there a recommended policy for creating a password for FileVault? would a 4-digit combination work?
Great to know. So I assume you recommend turning FV on. It seems like an extra layer of security. And if there are no compromises to performance or touchid apart from security prefs in system prefs, then it will be a go. Takes a day or so for 600 GB of data would you guess?
thanks.
One last question: is there a recommended policy for creating a password for FileVault? would a 4-digit combination work?and would it defeat the purpose if you used the same log in as you use every day?
Thanks. This raises another question then. If FIleVault is supposed to be more secure than without it, but both can be intruded into using the same password, what is the advantage of the encryption? I'm trying to foresee a bad situation: you lose your Mac, someone pries into it (how? hacking your password?). Once they've figured that out, what stops them from unvaulting the MacBook; worse, why would they need to if they are already inside?
Wouldn't having a dedicated password for FireVault be the obvious answer? But then, if your login can be hacked, what's to prevent your FV password from being hacked? I guess the idea is that the latter exists in encrypted form on the drive, while the former is stored in unencrypted form on the drive. If that's right, you really need 2 passwords. Or not?
Or do you mean that there's a FV recovery key separate from your login? And the only way to decrypt the vault is with the recovery key? That would make more sense. But not complete sense. If the only reason you have a recovery key is to (just beginning to explore this security enhancement.)
The difference is that if FileVault is not on (i.e., if your disk is not encrypted) the data on your hard drive or SSD can be accessed (by anyone that knows what they are doing) without knowing or hacking your password. Having your data encrypted is very, very significantly more secure.
Thanks again.
File Vault and Touch ID
