FileVault2 - Who's using it

Discussion in 'Mac OS X Lion (10.7)' started by maflynn, May 26, 2012.

?

Who is (or was) using FileVault2

  1. I initially used it but disabled it (explain why below)

    2 vote(s)
    7.4%
  2. I want my data safe so I have it enabled

    14 vote(s)
    51.9%
  3. I'm not concerned so I don't use it

    11 vote(s)
    40.7%
  1. Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #1
    Given the maturity of Lion, who has opted to use FileVault2?

    If you used it but then disabled it, why did you turn it off?
     
  2. macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #2
    I've been using encryption for over 4 months now for my internal disk, my Time Machine disk and a couple of external data disks.

    The initial disk encryption process seems very resilient. you can actually sleep or shutdown the machine in the middle of it and it will pick back up. In my case, I had a third party device driver crash the system (not related to the encryption process) during the encryption process. The system recovered fine.

    I would recommend only enabling encryption on one drive at a time and wait for it to finish.

    I of coursed used system preferences to enable FileVault2 and to also encrypt the Time Machine disk. For the other external drives since they had data on them, I used diskutil to convert them to encrypted disks.
     
  3. thread starter Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #3
    Interesting info regarding the resiliency of FV

    I came across this thread http://forums.macrumors.com/showthread.php?t=1376080 where the owner of a MBA had his laptop stolen from his house. I'm rethinking not using it and was curious to know how many folks here are using it or were and if they stopped why did they
     
  4. Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #4
    I don't use it. Any data I want to secure goes in a TrueCrypt volume.
     
  5. thread starter Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #5
    That's another option as well that I'm considering but given the ease of FV its difficult to dispute
     
  6. Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #6
    I've been using TrueCrypt for years. A big limitation of FV (for me anyway) is the lack of cross-platform. Most of my sensitive data is on external hard dives that I can easily use on any machine. If you use only one machine, or at least only use Macs, then FV is probably fine.
     
  7. macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #7
    Can you even use TrueCrypt for your boot drive? I'd stick to FileVault 2 on the boot volume to keep things simpler. And also probably on the Time Machine drive.

    And as for external drives, if you're using Macs only why risk having OS X patches being incompatible with the TrueCrypt drivers? Although if you need data portability, TrueCrypt does make sense.
     
  8. Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #8
    I don't think you can. Honestly, I don't have a reason to encrypt my boot drive. Maybe I should just because I can, but I personally have nothing on my boot drive worth encrypting.
     
  9. macrumors 65816

    Joined:
    Jan 1, 2008
    #9
    I've used Filevault2 on my boot drive and Time Machine drive since day one. I'll eventually migrate my external drives as time goes by. No issues so far.

    A.
     
  10. macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #10
    Passwords to email accounts? IM Accounts? Passwords to web sites? Copies of tax returns?
    Possibly enough information for someone to (help) do an identity theft possibly? Your address book?

    There's more on ones computer than most people realize.
     
  11. Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #11
    Nope, nope, and nope.

    • I have some junk email accounts, but the only two that have anything of value are encrypted exchange servers that require tokens to access and I do not store mail locally.
    • No instant messenger.
    • I never save passwords to websites.
    • Tax Returns are stored on encrypted external drives and only accessed via a LiveCD.
    • Address book is stored on an encrypted exchange server that requires a token to access.

    I'm very security conscious, yet still haven't had a need to use FV. I'm sure it works fine. I just haven't had a need.
     
  12. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #12
    I've taken a different approach -- encrypted DMG files (which behave like drives). I tried FileVault2 back with a Lion Developer's Preview and decided against the overhead and potential risk. Among the encrypted DMG, 1Password, and KeyChain everything I want to protect is encrypted.
     
  13. thread starter Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #13
    I can understand not wanting to use beta software for encryption but as I stated in my post, Lion has been out for a while now and no real reports of issues with FV2.

    I take this approach, using encrypted DMGs but I find that unless you are very disciplined slowly your sensitive files will make their way into the documents folder and not in the encrypted folder.
     
  14. macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #14
    FileVault 2 (unlike the original FileVault) has very little overhead. So unless you're running your system at the edge, it shouldn't matter.

    And passwords for encrypted DMGs can wind up on the keychain as well, which would of course negate the security you get by using encrypted DMGs. And I suspect using encrypted DMGs would have the same or more of a performance impact than FileVault 2 does.
     
  15. thread starter Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #15
    Agreed, that you're information is still exposed though the usefulness of that data may not be as great as your tax returns or bank statement (at least to most of the thieves).

    I'm going to use FV2 because
    1. It is seamless
    2. it protects the entire volume
    3. it has a good track record at this time.

    The downsides of FV2 is performance, not accessing the volume outside of OSX.

    I'll probably turn it on later today and let it run all day/night. I've spent the last few days cleaning up my boot drive freeing up space. My only issue is that I have a dual boot system and I frequently access my data from from my Lion partition.
     
  16. macrumors 68000

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #16
    I started using TrueCrypt as well--very nice program indeed. :)
     
  17. macrumors 6502

    RoelJuun

    Joined:
    Aug 31, 2010
    Location:
    Netherlands
    #17
    Had encryption enabled on my iMac using FV but after a clean install I didn't bother to activate it again. All passwords and administration files are stored in an encrypted dmg-file.
     
  18. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #18
    If you use FileVault2 you are still protected by only a single password, the same situation as encrypted DMGs with password saved in the keychain. The performance impact of encrypted DMGs is less because only sensitive information is encrypted. The operating system, application programs, and non-sensitive data are clear.

    Also I know that any backups I make will have the sensitive data encrypted since I'm backing up the DMG as a file. I really don't know without investigating what happens to backups with FileVault2. I expect the backup volumes would have to be encrypted as well and since I back up to drives connected to a Snow Leopard Server system FileVault2 isn't available there.
     
  19. macrumors 65816

    Joined:
    Jan 1, 2008
    #19
    FileVault is going to read and rewrite every block on the disk, whether you have data there or not. Empty or full, it's going to take a long time.

    If you intend to use FileVault on new external volumes, you can format them as encrypted using Disk Utility - which only takes a minute or two. Unfortunately, this does not work for boot volumes.

    A.
     
  20. thread starter Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #20
    I know, I expect it to take all day and even into the night. That's why I was cleaning up, removing unwanted or unnecessary files.

    Nope, I don't use external volumes, I have a NAS and the format of that is such that I cannot and will not encrypt that but the data on that is not sensitive
     
  21. macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #21
    My point is that if your system disk is not encrypted and your encrypted DMG password winds up on the keychain, that DMG loses its protection.

    What we need is to see real performance impact numbers for an encrypted boot volume. And we also need to see performance impacts for encrypted DMGs. One should also probably include mount and dismount times (including user interaction for this to happen).

    I feel that for myself, the impact of managing encrypted DMGs is more overhead than the minor performance impact of encrypting the whole disk.

    Yes, the backup volume would need to be encrypted as well for proper protection. My Time Machine disk is encrypted.
     
  22. thread starter Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #22
    Agreed, my encrypted DMG's password is NOT in the keychain for that very reason.
     
  23. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #23
    I don't see the point. When you log in all the disk becomes effectively unencrypted with FileVault II. So if a thief knows your login then can access the entire disk contents. With the encrypted DMGs with passwords in the Keychain (which is also encrypted) you again get access to everything if the login is known, and if the login is not known the keychain and the DMGs remain encrypted and unaccessible. The only difference is that there is no security for the unencrypted portions of the drive, but I already will grant that.
     
  24. macrumors P6

    Weaselboy

    Joined:
    Jan 23, 2005
    #24
    I have Keychain setup with a different password than the login password. So even if somebody somehow gets past the login password, they still won't be able to get account passwords etc from Keychain.

    I use FV2 with EFI password protected and a separate keychain password.
     
  25. thread starter Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #25
    I'm not sure I understand your question.

    The issue is that if someone stole my laptop then they would not be able to log into my laptop because FV2 has encrypted. They won't have access to keychain and other objects, or am I misunderstanding your post?

    As for my encrypted dmg, it only gets mounted if I enter the correct password which is not stored in the keychain
     

Share This Page