Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

kat.hayes

macrumors 65816
Original poster
Oct 10, 2011
1,448
52
About to setup a new Mac, are there any reasons to not have File Vault turned on? As long as I do not obviously forget my password, what are the downsides, to using it? Does it slow performance at all during boot, usage, backup, etc.?

Thanks in advance.
 
Too many corrupted floppies and HD's in the 80's and 90's.
I want my recovery problems for dinged drives to be as simple as possible.
That said, I think the last drive to die on me was 6 years ago.
 
Too many corrupted floppies and HD's in the 80's and 90's.
I want my recovery problems for dinged drives to be as simple as possible.
That said, I think the last drive to die on me was 6 years ago.

But you keep backups, of course. So why wouldn't you enable FileVault?
 
  • Like
Reactions: Basic75
But you keep backups, of course. So why wouldn't you enable FileVault?
If the NSA goes after me, I'm dead even with FileVault. They'd at least pin me for running that stoplight on my bike back on Flag Day 1968.
Otherwise, I'm in a pretty low threat environment, and have noticed over the years that Apple tends to screw up occasionally (see APFS and Time Machine threads). I want no part of that. I do keep lots of non-encrypted backups. I even check boot from the backups when they contain a System copy.
 
Unless you are running an Mac Pro 5.1 planning on upgrading to Mojave, turn it on.

If your machine gets stolen, without the FileVault password, the data is useless to the thief.
 
I will not use Filevault or any other type of encryption on ANY of my drives (with one exception, mentioned later).

I -WANT- my data to be "easy to get at".

I've seen too many posts from others, who have encrypted their drives and then... something goes wrong... and then... they can no longer "get through to" their data any more.

Not worth the risk, in my opinion.

If you have some files that you absolutely want to keep confidential, then create a small .dmg file that is password-protected and keep them there. It can be easily accessed from the desktop. This leaves the non-confidential stuff (i.e., the rest of the drive) "in the clear", without the potential problems of encryption.

I mentioned above that I -DID- encrypt one drive.
It's a modestly-sized USB flashdrive that I keep in my car, which serves as my "off-site" backup for my main files.
In this case, if the car were to be stolen or broken into, and the flashdrive stolen, the data on it can't be read. But... it's "only a backup", and if anything goes wrong with it, I can just re-create it on a new flashdrive.

But my regular Macs... in the house... no encryption.
Works for me.
 
I would use it anyway but I have no choice as all my computers contain my business / customer data so I'm pretty much obliged by data protection laws to use Filevault on my Macs and BitLocker on my Windows machines.

I've never had a single issue with it on any of my Macs
 
I will not use Filevault or any other type of encryption on ANY of my drives (with one exception, mentioned later).

I -WANT- my data to be "easy to get at".

I've seen too many posts from others, who have encrypted their drives and then... something goes wrong... and then... they can no longer "get through to" their data any more.

Not worth the risk, in my opinion.

If you have some files that you absolutely want to keep confidential, then create a small .dmg file that is password-protected and keep them there. It can be easily accessed from the desktop. This leaves the non-confidential stuff (i.e., the rest of the drive) "in the clear", without the potential problems of encryption.

I mentioned above that I -DID- encrypt one drive.
It's a modestly-sized USB flashdrive that I keep in my car, which serves as my "off-site" backup for my main files.
In this case, if the car were to be stolen or broken into, and the flashdrive stolen, the data on it can't be read. But... it's "only a backup", and if anything goes wrong with it, I can just re-create it on a new flashdrive.

But my regular Macs... in the house... no encryption.
Works for me.

Well, that’s your call, misguided though it may be.
 
I will not use Filevault or any other type of encryption on ANY of my drives (with one exception, mentioned later).

I -WANT- my data to be "easy to get at".

I've seen too many posts from others, who have encrypted their drives and then... something goes wrong... and then... they can no longer "get through to" their data any more.

Not worth the risk, in my opinion.

If you have some files that you absolutely want to keep confidential, then create a small .dmg file that is password-protected and keep them there. It can be easily accessed from the desktop. This leaves the non-confidential stuff (i.e., the rest of the drive) "in the clear", without the potential problems of encryption.

I mentioned above that I -DID- encrypt one drive.
It's a modestly-sized USB flashdrive that I keep in my car, which serves as my "off-site" backup for my main files.
In this case, if the car were to be stolen or broken into, and the flashdrive stolen, the data on it can't be read. But... it's "only a backup", and if anything goes wrong with it, I can just re-create it on a new flashdrive.

But my regular Macs... in the house... no encryption.
Works for me.
Your logic seems disconnected—unwilling to use encrypted disks but willing to use encrypted disk images.
 
  • Like
Reactions: Weaselboy
I received my new mini today, and I'm also in the initial setup process. I'm wondering the same: FileVault ON or OFF? I believe I prefer it OFF, but that decision is difficult because it cannot be done later!

I keep several backups on non-encrypted external devices, that could be stolen too (as my old non-encrypted computer). Why should I encrypt the Mac itself? (because it has more value for the thief?). FileVault have a small performance hit, startup may be a *bit* slower, and if something goes wrong with the encryption, the whole SSD is dead (or the files are all messed up). Hmmm...

EDIT: Okay, I chose OFF. Too late, and too bad for the future...
 
Last edited:
I received my new mini today…
You just stated a lot of misinformation about FileVault, probably based on how it used to work. Things are different now.

The SSD is modern Macs is always encrypted. It doesn’t impact performance. The key is held is the Secure Enclave, and you have no control or connection to it.

When you turn on FileVault, the key becomes associated with your user password. A person after your data has to know your user password.

Now ask yourself, “which is more secure?”

P.S. You can always turn on FileVault later in System Settings. It’s easy and instantaneous.
 
The "I have nothing to hide" is surprising. Apparently very few people use their computing devices to manage their financial assets. If my encrypted computers are lost or stolen, I have piece of mind that no one is getting into my financials. Or primary email account, which can open up access to all your other accounts.
 
  • Like
Reactions: chabig
I'd strongly advise against using FileVault unless what you're using the computer for is incredibly steal-worthy.

The last line of Cham2000 is why.
if something goes wrong with the encryption, the whole SSD is dead (or the files are all messed up). Hmmm...

Computers have issues all the time. Maybe you haven't won the lottery yet, but a couple months ago, I had a friend who's Macbook pro wouldn't turn on.
I pulled the SSD and all her data was still there.
She bought a new mac and I handed her a USB stick. All saved.
If filevault was enabled, I believe, it's not just password protected, it's locked to the hardware plus password protected.
 
I'd strongly advise against using FileVault unless what you're using the computer for is incredibly steal-worthy.

The last line of Cham2000 is why.


Computers have issues all the time. Maybe you haven't won the lottery yet, but a couple months ago, I had a friend who's Macbook pro wouldn't turn on.
I pulled the SSD and all her data was still there.
She bought a new mac and I handed her a USB stick. All saved.
If filevault was enabled, I believe, it's not just password protected, it's locked to the hardware plus password protected.
Does she maintain timely backups of her files? In a newer Mac, there's no option to pull the internal storage. Not being able to recover files from an encrypted disk is a very poor excuse for not keeping backups of your important files. And if they aren't important, well, it doesn't matter that the data is unrecoverable.
 
  • Like
Reactions: chabig
I'd strongly advise against using FileVault unless what you're using the computer for is incredibly steal-worthy.
Your rationale for this statement isn't supportable. The SSD on all modern Macs (anything with a T2 chip or Apple Silicon) is encrypted by hardware whether you want it to be or not. If the SSD dies, the machine won't boot. If the machine fails, the SSD data is lost anyway.

Many of the anti-FileVault statements were true before the era of T2s and Apple Silicon, but no more. Backing up is the only way to protect data.
 
I'm assuming Apple Silicon's Target Disk mode (Mac share something something) would also be unusable if FileVault was enabled as well. So while you can't remove the drive, you could successfully copy data without logging in.
 
I'm assuming Apple Silicon's Target Disk mode (Mac share something something) would also be unusable if FileVault was enabled as well. So while you can't remove the drive, you could successfully copy data without logging in.
Target disk mode is now in the startup options and it's called "Share disk", but you must enter an administrator password into the target machine before it can be seen.

 
Thanks for the comments. I finaly opted to set OFF FileVault. I wasn't aware that we could turn it ON later.
 
Your rationale for this statement isn't supportable. The SSD on all modern Macs (anything with a T2 chip or Apple Silicon) is encrypted by hardware whether you want it to be or not. If the SSD dies, the machine won't boot. If the machine fails, the SSD data is lost anyway.
This^1000

And to stress this fact, from the mouth of Apple themselves:


On a Mac with Apple silicon, Data Protection defaults to Class C (see Data Protection classes) but utilizes a volume key rather than a per-extent or per-file key—effectively re-creating the security model of FileVault for user data.
 
  • Love
  • Like
Reactions: marzer and chabig
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.