Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

absolut_mac

macrumors 6502a
Original poster
Oct 30, 2003
934
0
Dallas, Texas
I used to use PGP for Mac. Updates on the Mac side were slow, but always followed a few months after PC updates. Then they got bought out by Symantec. Support and updates have been very poor on the Mac side and I'm sure that they lost a LOT of customers because of it. Me included. One would have thought that they would've stepped up to the plate after the NSA/google/MS etc backdoor scandals.

No big deal, I switched to TrueCrypt and was very happy with it as it delivered almost exactly the same options as PGP - virtual drives, whole disk encryption etc. Now that support for that has ended what other comparable and reliable options are available for the Mac these days?

FWIW even if I used a PC there's absolutely no way that I would trust MicroSoft's Bit Locker!!
Thanks in advance for your help.
 

absolut_mac

macrumors 6502a
Original poster
Oct 30, 2003
934
0
Dallas, Texas
Use FileVault 2. Built into OS X.

Thanks for your reply.

Two questions about FileVault 2 - can you create virtual disks and encrypt jump drives with it (most jump drives only include Windows encryption software)? How does enabling FileVault 2 affect other accounts on the same Mac? Do they use the same log-in password as me or can I create separate log-in passwords for them?

On my very old Mac Mini (2nd generation but now replaced with a 2012 model) PGP's secure shredding of large files was considerably faster than the original FileVault. Even now, shredding large files securely in the trash takes forever with my upgraded Mini.
 

0983275

Suspended
Mar 15, 2013
472
56
Thanks for your reply.

Two questions about FileVault 2 - can you create virtual disks and encrypt jump drives with it (most jump drives only include Windows encryption software)? How does enabling FileVault 2 affect other accounts on the same Mac? Do they use the same log-in password as me or can I create separate log-in passwords for them?

On my very old Mac Mini (2nd generation but now replaced with a 2012 model) PGP's secure shredding of large files was considerably faster than the original FileVault. Even now, shredding large files securely in the trash takes forever with my upgraded Mini.

FileVault2 only offers full disk encryption for your Mac and it uses the same login as your account, the difference is that you log in before OS X boots instead of after, as for virtual disks, you can use Disk Utility to create encrypted containers, you can also use the same utility to encrypt external drives.
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,073
15,497
California
Two questions about FileVault 2 - can you create virtual disks and encrypt jump drives with it (most jump drives only include Windows encryption software)?

Yes. You can create an encrypted sparse bundle disk image using Disk Utility.

To encrypt an external drive or USB key you just right click it then select encrypt. Done. It must in the Mac OS Extended format of course.

How does enabling FileVault 2 affect other accounts on the same Mac? Do they use the same log-in password as me or can I create separate log-in passwords for them?

When you turn on FV2 it encrypts the entire disk and any account you allow access to can open the "vault" and login to the Mac. You can create as many login accounts as you want and give them each their own password.

On my very old Mac Mini (2nd generation but now replaced with a 2012 model) PGP's secure shredding of large files was considerably faster than the original FileVault. Even now, shredding large files securely in the trash takes forever with my upgraded Mini.

If you have FV2 on, using secure empty trash is a bit redundant since the user trash folder is inside the user space anyway and on the encrypted partition. The only upside I can see to doing a secure empty is it would make it more difficult for one of your other users to try and recover things from your trash if they had a desire to try that. I never use it.
 

absolut_mac

macrumors 6502a
Original poster
Oct 30, 2003
934
0
Dallas, Texas
...When you turn on FV2 it encrypts the entire disk and any account you allow access to can open the "vault" and login to the Mac. You can create as many login accounts as you want and give them each their own password.

Thanks for your informative responses.

My only concern is with the additional accounts for my family because most of them prefer simple passwords and once they log-in then I assume that anyone logging into that account will have access to the whole HD. Or am I misinterpreting the above?
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,073
15,497
California
Thanks for your informative responses.

My only concern is with the additional accounts for my family because most of them prefer simple passwords and once they log-in then I assume that anyone logging into that account will have access to the whole HD. Or am I misinterpreting the above?

Once any user logs in the "vault" is open. Beyond that a user can only directly access files in their own user space. There is a way for users who have an "admin" account to use the sudo command to access other users files. You can prevent that by only giving those other users a "standard" account when you set them up.

So what I would do is give yourself an admin account then everybody else a standard account. Then they could never access your files or each other's files. Also, they could not install software to make certain system changes.
 

maflynn

macrumors Haswell
May 3, 2009
73,419
43,308
Thanks for your informative responses.

My only concern is with the additional accounts for my family because most of them prefer simple passwords and once they log-in then I assume that anyone logging into that account will have access to the whole HD. Or am I misinterpreting the above?

They would have access to the drive from the sense that it would decrypted for them, once they log in, then its up to OS X's file/folder permissions to grant or restrict access.

As Weasleboy stated, you can use a standard account for them, but if I understand your point, your family is using simple passwords and thus negating the power of FV. I'd recommend a stronger password setup if you're worried about that.
 

flynz4

macrumors 68040
Aug 9, 2009
3,242
126
Portland, OR
Thanks for your informative responses.

My only concern is with the additional accounts for my family because most of them prefer simple passwords and once they log-in then I assume that anyone logging into that account will have access to the whole HD. Or am I misinterpreting the above?

You can select which user accounts unlock the full drive encryption. So you can set it up such that only your account can unlock the drive... hence, you must sign in first. Then you log out (but not shut down)... and the rest of your family can log-in. Hence:

Dad - Strong pw - Unlock yes - Admin yes
Mom - Weak pw - Unlock no - Admin no
Son - Weak pw - Unlock no - Admin no

Alternately... create yet one more account (I'll call it Crypt)... that anyone can use to unlock the machine. Hence, if they need to reboot the machine and you are not home... they have to type in a complex password once.

Crypt - Strong pw - Unlock yes - Admin no
Dad - Strong pw - Unlock yes - Admin yes
Mom - Weak pw - Unlock no - Admin no
Son - Weak pw - Unlock no - Admin no

/Jim
 

absolut_mac

macrumors 6502a
Original poster
Oct 30, 2003
934
0
Dallas, Texas
Thanks for all your very helpful responses.

It's too much hassle for me to change my current set up for all my family members and their accounts, but hopefully I'll be getting the new Mac Mini soon. Like too many others on this forum I'm eagerly anticipating September 9th for info on it.

I'll definitely enable FileVault 2 when I upgrade to the new machine :)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.