I know I should use some type of encryption with my mobile susceptible MBP but I have had a bad experience when I tried to turn it on. Do you use it and if so, do you need to shut it off every time you upgrade or patch the OS?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Do you guys use FileVault?
- Thread starter LarryJoe33
- Start date
- Sort by reaction score
not noticeably. but I am using a 2016 MacBook Pro. Also, I never noticed it slowing down performance or boot on my previous 2012 rMBP
I have tested with and without File Vault... zero difference. No system slow down at all.
It changes your boot process slightly, as you need to provide a password to allow decryption of your boot drive. The login screen will appear shortly after power up. Once you’ve provided your account password, booting will continue normally.
File en/decryption uses hardcoded silicon paths in intel’s CPU so it doesn’t add extra processing time to data read/write processes. Think of it like hardware video decoding. There is no thinking involved per se, the data just flows down predetermined pathways.
Absolutely - enabled and configured so only a recovery key can unlock it so my iCloud account can not be used to do this. I use FV2 with both my internal SSDs and any external drive that I do not constantly store in my tool-resistant high-security safe. It has virtually no impact on performance. It is very secure. It has proven to be extremely reliable. Provided the User understands the implications (i.e., they are SOL if they forget their password, cant find the key, and have disabled iCloud reset) and understands the importance of keeping good backup habits, I do not think there is a single downside to FileVault.
FV2's seamless integration and reliable operation over HFS+ is one of the reasons I will not be upgrading to High Sierra anytime soon, until several months (or even a year) have passed and its functionality is shown to work equally well as FV2 w/ HFS+, which is flawless.
FV2's seamless integration and reliable operation over HFS+ is one of the reasons I will not be upgrading to High Sierra anytime soon, until several months (or even a year) have passed and its functionality is shown to work equally well as FV2 w/ HFS+, which is flawless.
FV works on High Sierra by leveraging APFS built-in encryption, if I understand this correctly. No problems so far. The reduced FS latency is noticeable and the space saved because of the copy-on-write architecture is insane.
Yes, I use it. why give a thief my personal, information if my laptop gets stolen. The reward vs performance hit is slanted too heavily in the reward column. I'm not seeing any appreciable performance difference, but its one factor in keeping my data safe.
I'm sure it will be awesome with better speeds, better reliability, improved security, and even greater consistency. It's just a bit too early for me at this point, as I like to see a time lapse of consistency that's longer than HS' current point.
I totally agree that being careful is the wisest course of action in these matters.
I have several Macs -- and no encryption on any of them.
I don't keep anything of a sensitive nature on my MacBooks. There are some emails and pics, but nothing that needs to be "protected".
I've seen a number of posts right here on MacRumors from folks who had either encrypted their data with Filevault or set a firmware password, and then... couldn't "get to it". They either forgot the password or something else went wrong.
In that case, goodbye to the data.
Or in the case of a firmware password, could be goodbye to the entire Mac (unless they could document to Apple that they were in fact the owners).
Having said all that, I -do- keep one "bare" SSD with Filevault enabled on it, that I use for a CCC cloned backup that I keep in my car (my "off-site" backup). If someone steals the car, all they'll get is "a drive", and not the data that was on it.
So... my thoughts regarding encryption are that unless you really, really need it for a solid reason -- it's something better off left alone. My opinion only.
I don't keep anything of a sensitive nature on my MacBooks. There are some emails and pics, but nothing that needs to be "protected".
I've seen a number of posts right here on MacRumors from folks who had either encrypted their data with Filevault or set a firmware password, and then... couldn't "get to it". They either forgot the password or something else went wrong.
In that case, goodbye to the data.
Or in the case of a firmware password, could be goodbye to the entire Mac (unless they could document to Apple that they were in fact the owners).
Having said all that, I -do- keep one "bare" SSD with Filevault enabled on it, that I use for a CCC cloned backup that I keep in my car (my "off-site" backup). If someone steals the car, all they'll get is "a drive", and not the data that was on it.
So... my thoughts regarding encryption are that unless you really, really need it for a solid reason -- it's something better off left alone. My opinion only.
I am kind of the same profile as Fishrrman. I really don't keep any data on my internal SSD. All my data is stored in iCloud and Amazon Cloud. I literally have just the OS and Apps. Emails stay on the server.
What I am most worried about is my passwords. I use LastPass and also have plenty stored in Wallet from when I didn't use LastPass. This includes my Financial institutions. All this said, I think you would have to hack into the lock screen to be able to launch Safari to get to my passwords? In addition, last pass autofills everything for me, so a thief could have a ball on Amazon.
I wonder how secure the lock screen security is?
What I am most worried about is my passwords. I use LastPass and also have plenty stored in Wallet from when I didn't use LastPass. This includes my Financial institutions. All this said, I think you would have to hack into the lock screen to be able to launch Safari to get to my passwords? In addition, last pass autofills everything for me, so a thief could have a ball on Amazon.
I wonder how secure the lock screen security is?
Apple obviously trust their implementation of FV2 (AES-XTS) since it's on by default in new installations and with AES-NI baked into the CPU it's nice and fast. This is a huge contrast to Microsoft who don't even offer encryption for the cheap seats/licenses. Bitlocker is ok but I like FV much more.
I encrypt anything and everything especially it's under warranty. Sometimes you get an external enclosure and have to send it in for warranty work. The disk might be fine so they replace the enclosure, now your data is chillin' in the refurbished section. Many vendors do not do zero write.
Now that Apples newest Macs come with the flash modules built into the motherboard, I wouldn't own one without FV enabled.
Encrypted or not, adequate backups are mandatory.
I encrypt anything and everything especially it's under warranty. Sometimes you get an external enclosure and have to send it in for warranty work. The disk might be fine so they replace the enclosure, now your data is chillin' in the refurbished section. Many vendors do not do zero write.
Now that Apples newest Macs come with the flash modules built into the motherboard, I wouldn't own one without FV enabled.
Encrypted or not, adequate backups are mandatory.
I turned on FileVault briefly and found that the functionality of guest account is affected. So no for me.
Sorry I don't really understand your question.
But if you use FileVault, the guest account can only access to safari, many other functionalities are blocked, rendering that account unusable. Set a Guest user account, turn on/off your FileVault, you will see the difference.
It is horrible. Apple was even so kind as to provide a way around it built in. command-r boot to recovery then in Terminal from the Utilities menu enter resetpassword and follow the prompts.
Now that said, this resets the login password, so anybody can login, but it will not reset the Keychain password, so that will still be locked and tied to your old password.
You can stop this by enabling a firmware password that would stop others from booting to recovery.
Not using FV2, storing all my sensitive data in 1password. Also FV2 causes issue with using eGPU.
You do not store any financial information on your computer, i.e., taxes, bills, banking statements, credit card info? I know 1Password can store bank account numbers and login info, but at least in my case, i do my taxes on my computer, and also have personal information, i.e., credit cards, loans, etc etc that should be protected.