PDA

View Full Version : FileVault recommended or not?




2012Tony2012
Jun 7, 2013, 11:26 PM
Filevault safe? Recommended? Or the advanced Mac users recommend against using it?



Dark Dragoon
Jun 8, 2013, 04:09 AM
I've been using FileVault on a couple of machines for quite a while now.
I've yet to have any problems but of-course you should always have a backup regardless of whether you use FileVault or not.

Performance wise I notice no difference at all, benchmark wise I lose a couple of MB/s but nothing major. Visually the only difference is the login screen which appears before the OS boots on startup.

The one thing to be careful of is if you have moved your home directory to another drive, and then attempt to encrypt the drive containing the home directory.

justperry
Jun 8, 2013, 04:14 AM
I've been using FileVault on a couple of machines for quite a while now.
I've yet to have any problems but of-course you should always have a backup regardless of whether you use FileVault or not.

Performance wise I notice no difference at all, benchmark wise I lose a couple of MB/s but nothing major. Visually the only difference is the login screen which appears before the OS boots on startup.

The one thing to be careful of is if you have moved your home directory to another drive, and then attempt to encrypt the drive containing the home directory.

Bold, exactly, just a day or so ago someone did just that, could not login, got an Error.

Bear
Jun 8, 2013, 01:30 PM
Filevault safe? Recommended? Or the advanced Mac users recommend against using it?Works fine. Very minimal impact to performance. I also have my Time Machine and other external drives encrypted.

Also, you can sleep and shutdown the computer if you need to while the disk is being encrypted. The encryption process will continue when you start the system back up.

Weaselboy
Jun 8, 2013, 01:57 PM
Filevault safe? Recommended? Or the advanced Mac users recommend against using it?

+1 Very minimal impact on speed (http://www.anandtech.com/show/4485/back-to-the-mac-os-x-107-lion-review/18) and there is really no good reason not to do it. Once enabled it is transparent to the operator. I also encrypt Time Machine backups.

JohnDoe98
Jun 9, 2013, 12:39 PM
+1 Very minimal impact on speed (http://www.anandtech.com/show/4485/back-to-the-mac-os-x-107-lion-review/18) and there is really no good reason not to do it. Once enabled it is transparent to the operator. I also encrypt Time Machine backups.

I disagree. It is only transparent if you already have your mac setup not to auto-login and always prompt you for a password on boot ups and resuming from sleep. For many of us that is annoying and we don't want to have to constantly punch in the password, that seems like a good reason not to use it.

Bear
Jun 9, 2013, 12:41 PM
I disagree. It is only transparent if you already have your mac setup not to auto-login and always prompt you for a password on boot ups and resuming from sleep. For many of us that is annoying and we don't want to have to constantly punch in the password, that seems like a good reason not to use it.Constantly? How often do you sleep or restart your Mac?

Dark Dragoon
Jun 9, 2013, 12:43 PM
I disagree. It is only transparent if you already have your mac setup not to auto-login and always prompt you for a password on boot ups and resuming from sleep. For many of us that is annoying and we don't want to have to constantly punch in the password, that seems like a good reason not to use it.
Disk encryption without a password to login/decrypt would be rather pointless though, unless you were able to use a token or key of some sort which isn't supported by FileVault2.

I guess I assumed that anyone wanting to secure their computer would expect to have to use a password of some sort.

Weaselboy
Jun 9, 2013, 12:44 PM
I disagree. It is only transparent if you already have your mac setup not to auto-login and always prompt you for a password on boot ups and resuming from sleep. For many of us that is annoying and we don't want to have to constantly punch in the password, that seems like a good reason not to use it.

Huh? I think it goes without saying that if one enables encryption, some sort of login PW will be required. No different than a normal login PW operationally.

ColdCase
Jun 9, 2013, 04:57 PM
I think what was meant is going from a auto login no PW setup to file fault is not so transparent..... extra steps are now required.

Bear
Jun 9, 2013, 05:06 PM
I think what was meant is going from a auto login no PW setup to file fault is not so transparent..... extra steps are now required.I think other than the password, it is transparent. And unless someone is sleeping or rebooting their Mac every 5 minutes, I don't think it's an issue.

For example, my machine gets slept when I go out and when I go to sleep. If I'm going to be gone for more than a day, I will shut the iMac down. I have to enter my password maybe 2 or 3 times in a normal day.

JohnDoe98 made it sound like you had to enter your password frequently, which isn't true for a lot of people.

sidewinder
Jun 9, 2013, 05:18 PM
Well, using FileVault makes sense ONLY if you need it. If you don't have a reason to encrypt your data, why use it?

S-

Bear
Jun 9, 2013, 05:41 PM
Well, using FileVault makes sense ONLY if you need it. If you don't have a reason to encrypt your data, why use it?

S-That is true. However, my web browser has cookies for how many sites that have my credit card on file? The passwords for my email ar eon the keychain. Since I get my bills electronically, I have copies of those bills on my computer.

All in all, someone can have a lot of personal info on a computer. Enough to allow for credit card fraud or identity theft. I'd rather not take the risk.

JohnDoe98
Jun 9, 2013, 06:56 PM
Constantly? How often do you sleep or restart your Mac?

Constantly. I have a laptop and move a lot during a given day. I don't sit 9-5 in an office.

----------

Disk encryption without a password to login/decrypt would be rather pointless though, unless you were able to use a token or key of some sort which isn't supported by FileVault2.

I guess I assumed that anyone wanting to secure their computer would expect to have to use a password of some sort.

Agreed, but I'm just pointing out for some usages and for convenience, Filevault is not recommended. Only if you think you need a high level of security would you use it. So I was responding to the OP and the one I responded to at the same time. I'm not worried about losing or having my laptop stolen so for me its a waste to add in that extra security.

----------

Huh? I think it goes without saying that if one enables encryption, some sort of login PW will be required. No different than a normal login PW operationally.

Sure, but the point is Filevault is not transparent compared to having it off. There is a noticeable impact of turning it on. Now if your aim is security, there by all means turn it on so as you point out, operationally its no different than if you have auto-login and similar features turned off.

----------

I think what was meant is going from a auto login no PW setup to file fault is not so transparent..... extra steps are now required.

Exactly. And so I was suggesting unless you need strong security, it's a serious inconvenience.

----------

That is true. However, my web browser has cookies for how many sites that have my credit card on file? The passwords for my email ar eon the keychain. Since I get my bills electronically, I have copies of those bills on my computer.

All in all, someone can have a lot of personal info on a computer. Enough to allow for credit card fraud or identity theft. I'd rather not take the risk.

Yeah but the cookies don't show the entire CC and in order to get keychain to reveal the passwords you must enter your administrator password, so all the important information is encrypted anyway.

Weaselboy
Jun 9, 2013, 07:41 PM
Agreed, but I'm just pointing out for some usages and for convenience, Filevault is not recommended. Only if you think you need a high level of security would you use it. So I was responding to the OP and the one I responded to at the same time. I'm not worried about losing or having my laptop stolen so for me its a waste to add in that extra security.

Not recommended by who? You? So you felt the need to point out that having FV2 encryption turned on would require typing in a PW? Do you honestly think anybody reading this would not know that? (<< these are rhetorical questions)

A "high level of security". How about any security at all. Apple was nice enough to provide an admin PW reset utility on the Recovery HD partition, so all anyone needs to reset your password is a command-r boot to recovery.

Sure, but the point is Filevault is not transparent compared to having it off. There is a noticeable impact of turning it on. Now if your aim is security, there by all means turn it on so as you point out, operationally its no different than if you have auto-login and similar features turned off.

Most users at least have a login PW, and for those users FV2 is no change at all. I will repeat what I said earlier, my assumption is anybody wanting to encrypt their disk is already at least using a login PW, so this is not a change at all.

Exactly. And so I was suggesting unless you need strong security, it's a serious inconvenience.

Typing in a PW is a "serious inconvenience"? Really? (<< this is also a rhetorical question)

JohnDoe98
Jun 9, 2013, 08:16 PM
Not recommended by who? You?

Right, by the community within these forums, of which I am a part.


So you felt the need to point out that having FV2 encryption turned on would require typing in a PW? Do you honestly think anybody reading this would not know that? (<< these are rhetorical questions)

Did you even read the OP? It struck me as a post by someone rather unfamiliar with what this feature even is in its most basic sense. That is the audience to which the responses in this thread should be aimed at. Coming in a thread acting superior is smug and being rather unhelpful toward the novices asking for the help in the first place is rude.


Most users at least have a login PW,

Source?


and for those users FV2 is no change at all.

Agreed, now what about everyone else? The questions by the OP were general and not asking about particular cases.


I will repeat what I said earlier, my assumption is anybody wanting to encrypt their disk is already at least using a login PW, so this is not a change at all.

Great, now instead of making assumptions how about you start actually answering the OP? Should the average joe desire to encrypt their disk, should they not use the auto-login features? Why or why not? Identify theft is real, but for most responsible adults the chances of their systems getting physically hijacked by someone is rather low.


Typing in a PW is a "serious inconvenience"? Really? (<< this is also a rhetorical question)

Yes. Anything that isn't automatic is an annoyance and inconvenience. Why do you think Apple implemented auto-login and resumes and auto-save features in the first place? Because users found the alternatives cumbersome. Again get off your high horse.

Bear
Jun 9, 2013, 09:47 PM
Right, by the community within these forums, of which I am a part.
....Some of the community does recommend FileVault. So therefore it's you not recommending it.

JohnDoe98
Jun 9, 2013, 10:05 PM
Some of the community does recommend FileVault. So therefore it's you not recommending it.

Yes of course, though my recommendation or non-recommendation is user-specific. I suppose I should have been clearer. What I meant to imply was that anyone who is a member of the community is welcome to share their opinion in this thread, and so the rhetorical question asked by the other poster, trying to suggest I had no place commenting here, was ridiculous. Thanks for the clarification though.

kot
Jun 10, 2013, 02:59 AM
I turned on FileVault a few months ago and I haven't seen a single problem yet.
When I'm travelling, I always shut down my macbook when not in use, so in case it gets stolen, the thief will not have access to my sensitive data (including work data). Performance-wise I am also yet to see a difference, even though BlackMagic Test tells me I lost around 30Mb/sec in write speeds, which I consider an acceptable trade-off for higher security.

So I recommend turning it on.

Weaselboy
Jun 10, 2013, 05:27 AM
(snip)

I have interacted with 2012Tony2012 in several threads and he is quite bright. I am very confident he understands a PW entry will be required if he uses Filevault. Of course, that is just me all up here on my high horse.

Bear
Jun 10, 2013, 08:58 AM
...
Exactly. And so I was suggesting unless you need strong security, it's a serious inconvenience.
...Having to type your password a few times a day is not a serious inconvenience. Having to recover from a stolen system where someone used the information on an unencrypted drive is a very serious inconvenience.

Give me a person's system where they have cookies and possibly automatic logins in their browsers for shopping sites and a mail client that has the passwords it needs in the keychain and I'd be able to change the passwords on the websites via password recovery to the person's email and then I would have access to shopping with their credit cards.

JohnDoe98
Jun 10, 2013, 09:23 AM
Having to type your password a few times a day is not a serious inconvenience. Having to recover from a stolen system where someone used the information on an unencrypted drive is a very serious inconvenience.

Give me a person's system where they have cookies and possibly automatic logins in their browsers for shopping sites and a mail client that has the passwords it needs in the keychain and I'd be able to change the passwords on the websites via password recovery to the person's email and then I would have access to shopping with their credit cards.

Fair points. And given portables are easier and likelier to be stolen, perhaps there is greater incentive to use FileVault on them, but for most desktops to get access to them you'd have to break into the house, apartment, office, etc. to get that kind of access. Also, half decent sites require you answer security questions before proceeding with password recovery.

In any case, my guess is many of us live in civilized countries where the crime rates are extremely low, and so if you aren't careless, the chance of getting your system stolen are highly unlikely.

Modernape
Jun 10, 2013, 09:24 AM
Give me a person's system where they have cookies and possibly automatic logins in their browsers for shopping sites and a mail client that has the passwords it needs in the keychain and I'd be able to change the passwords on the websites via password recovery to the person's email and then I would have access to shopping with their credit cards.

How would you access their keychain if they had shut down or logged out?

Bear
Jun 10, 2013, 09:27 AM
How would you access their keychain if they had shut down or logged out?If they have automatic login, then applications which use the keychain can get to their passwords to access services. This is why I specified that mail passwords had to be on the keychain, so Mail could fetch mail.

2012Tony2012
Jun 10, 2013, 06:32 PM
I have interacted with 2012Tony2012 in several threads and he is quite bright. I am very confident he understands a PW entry will be required if he uses Filevault. Of course, that is just me all up here on my high horse.

Thank you :D

I am turning on FV today ;)

And can FV hard drive be backed up normally using CCC?

ColdCase
Jun 10, 2013, 11:45 PM
Just a minor annoyance when FV is active, you cannot "safe boot". You first have to turn FV off, let it decrypt the drive, then you can safe boot. You can envision some pathologies with miss behaving computers that won't boot to the point you can turn FV off, but those issues are rare. This is the only reason in my book to not use FV on a laptop... although disk intensive video encoding does noticeably slow down.

As far as CCC, if you run the backup defaults, CCC reads the files on your internal drive and stores them decrypted on you backup. If you want your backup encrypted, you need to change the defaults (not that familiar with CCC here, it may have an encrypt function). If you are cloning with CC, the encrypted disc image is cloned, so the backup is also encrypted.