Benefits of using FileVault vs just a strong password.

Discussion in 'Mac Basics and Help' started by HarryPot, Aug 4, 2014.

  1. HarryPot macrumors 6502a

    Joined:
    Sep 5, 2009
    #1
    I've been reading about the benefits of FileVault 2.

    But I'm still unsure what the benefits of encryption are if the encryption is just as strong as the password I have for my account.

    Supposing right now I use a very strong password, without FileVault 2, no one would be able to read my data unless they know my password.

    If I activate FileVault, wouldn't the same be true? What added security do I receive?
     
  2. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    Location:
    Brobdingnag
    #2
    If I steal your computer or its disk drive, I can easily connect just the hard drive to my computer, disable permissions (it's trivial, and doesn't require your login password), and your super-strong login password suddenly has no value at all. I can read any unencrypted file located anywhere on the disk, even ones stored in your home folder. You may think I can't do this, or that I need to know your login password, but I can definitely do it without that password, and it's simple to demonstrate using any disk drive in an external case.

    If I did the above and you have FileVault enabled, then I need to know the FV password before I can see anything at all on your hard disk. That's because the entire HD is encrypted, and without knowing that password, I can't access anything at all on the disk.
     
  3. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #3
    In addition to the method chown33 mentioned, it is also ridiculously easy to reset the password in OS X. Just read this for a guide.

    If I stole your Mac I would command-r boot to recovery and it takes about 30 seconds to reset the password then I reboot and login to YOUR account with the new password I selected, and I am into all your business!

    If you enable Filevault it prevents this. IMO everybody should turn on Filevault as soon as they setup a new Mac. There is a very small hit in disk speeds, but it is not noticeable, particularly on newer Macs.
     
  4. HarryPot thread starter macrumors 6502a

    Joined:
    Sep 5, 2009
  5. Tumbleweed666 macrumors 68000

    Tumbleweed666

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #5
    What happens to previous non encrypted TM backups if I turn on FV ?
    TIA.
     
  6. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #6
    Nothing. TM does not care if you have FV on or not. TM encryption is handled separately and similarly it does not care if you have FV on or not either.

    When you run a TM backup the "vault" is open, so TM sees it as just another unencrypted drive volume.
     
  7. Tumbleweed666 macrumors 68000

    Tumbleweed666

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #7
    OK I'm being a bit dim here. Does that mean the TM backup is not encrypted even i FV my main disk?

    So to get everything encrypted I switch it on on both disks, is that correct?
     
  8. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #8
    You got it... exactly. :)

    You need to go into this screen in TM prefs and check the box.

    Think of FV like a letter inside an envelope. FV is like if you locked the sealed envelope. Once you unseal the envelope (enter password in FV) the letter is still sitting there unencrypted inside with no changes to it. FV works the same way, once you login and "open the vault" all the data is just sitting there normally unencrypted. You can back it up, copy it to USB drives, email files to friends etc just like normal.

    [​IMG]
     
  9. terryblyth macrumors regular

    Joined:
    Jan 19, 2008
    Location:
    Walton-on-Thames, UK
    #9
    Are there any downsides to using FileVault? I'm thinking particularly speed?

    If not, I'm surprised more people don't use it.
     
  10. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #10
    There's a small performance penalty but not much. Encrypting the data in this day and age is a must and I recommend to the OP to consider this along with a strong password.
     
  11. Tumbleweed666 macrumors 68000

    Tumbleweed666

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #11
    Excellent, thanks to all.

    So I'm thinking best thing to do is switch on encryption on both disks last thing at night and let it get on with encrypting without any distraction?

    And prior to that take a full CCC 'clear' copy onto another disk and hang onto that for a week or two before doing a secure erase on it.
     
  12. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #12
    Like maflynn said, there is avery small read/write speed hit, but it is small. Here is a benchmark.

    When you turn on FV it will reboot and you can see a progress bar as it encrypts. You can fully use the computer while it is doing that if you need to. It does not need to be left alone.
     
  13. 556fmjoe macrumors 65816

    556fmjoe

    Joined:
    Apr 19, 2014
    #13
    The slight performance hit is not noticeable. The only other downside might be that you will lose your data on the drive if you forget your password and lose the recovery key (I deliberately don't save the recovery key), but forgetting that password is not likely since you'll use it relatively frequently.

    Most people don't use it because they don't take any security precautions beyond the defaults. They either don't know about it, don't care, or don't see how it would help. If it was up to me, FV would be the default on all installs, unless explicitly disabled.
     

Share This Page