I store everything financial related / document related in 1password. 1password + alfred = awesome combination. I started to use macs in 2014, never had a need for FV.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Do you guys use FileVault?
- Thread starter LarryJoe33
- Start date
- Sort by reaction score
I use 1Password and love it. I wasn’t aware you can save documents in 1PW. Are you guys saying you save docs in 1PW?
Yes (I use it) and No (you don't need to disable it for any reason). I have no issues with it at all.
Zombie thread...
That aside, heck ya! Agreeing with @maflynn.
ANYTHING that I deem sensitive (financial, medical, Keychain, etc) is encrypted.
In the case of Filevault, I use two accounts, one for everyday, second for admin tasks. 16 characters for everyday, 19 for admin. Both semi-random with mix of upper/lower, digits, special characters.Keychain is encrypted, Filevault encrypts disk, add strong Filevault passcodes (ie sign ons), gives me lots of runway to recover from any loss (ie. Several levels of encryption to crack to get to info).
External drives, random 25 character passcode on partitions I store sensitive stuff on...
And if I get electronic notices with my SSN on it (or final copies of my tax returns and support docs), I make a point to black those out via Preview and then generate a whole new PDF of that where the blackout can't be removed. Stopped printing paper copy of docs years ago for this reason: can always recover from cloud and external drive copies (see below).
Anything sensitive copied to cloud, I encrypt with a 25 character random code before uploading.
iOS, different strong passcodes vs Mac (12 chars, upper/lower, special, numbers, TouchID to make life easier). And apps on there that might have secure info and allow passcodes, turn on that with a different code vs device.
Password manager to have copies of all these keys: would need some serious loss of devices to recover.
So, yeah, turn Filevault on. In the age of devices with SSDs, not a performance hit, and gives you a big level of security. (Aside: never thought Filevault was a big hit with spinning disk, and was worth it in the big scheme of things; HDD boot is slow no matter what).
That aside, heck ya! Agreeing with @maflynn.
ANYTHING that I deem sensitive (financial, medical, Keychain, etc) is encrypted.
In the case of Filevault, I use two accounts, one for everyday, second for admin tasks. 16 characters for everyday, 19 for admin. Both semi-random with mix of upper/lower, digits, special characters.Keychain is encrypted, Filevault encrypts disk, add strong Filevault passcodes (ie sign ons), gives me lots of runway to recover from any loss (ie. Several levels of encryption to crack to get to info).
External drives, random 25 character passcode on partitions I store sensitive stuff on...
And if I get electronic notices with my SSN on it (or final copies of my tax returns and support docs), I make a point to black those out via Preview and then generate a whole new PDF of that where the blackout can't be removed. Stopped printing paper copy of docs years ago for this reason: can always recover from cloud and external drive copies (see below).
Anything sensitive copied to cloud, I encrypt with a 25 character random code before uploading.
iOS, different strong passcodes vs Mac (12 chars, upper/lower, special, numbers, TouchID to make life easier). And apps on there that might have secure info and allow passcodes, turn on that with a different code vs device.
Password manager to have copies of all these keys: would need some serious loss of devices to recover.
So, yeah, turn Filevault on. In the age of devices with SSDs, not a performance hit, and gives you a big level of security. (Aside: never thought Filevault was a big hit with spinning disk, and was worth it in the big scheme of things; HDD boot is slow no matter what).
Is this process change the same with OS upgrades? I'm not sure I understand how OS upgrades can boot me to the macOS lock screen while a restart or shutdown will boot me to the FileVault screen where I'll need to enter my login password and it takes a few more seconds to boot. Do macOS updates not "fully reboot"?
There's a reason that macOS ships with FileVault disabled by user selection and primarily it's to ensure full compatibility with programs and future upgrades of the OS. Since the introduction of FileVault, I've either witnessed, read about, or personally experienced FileVault related issues whether initially or over a period of time from FV to FV2. Even the new macOS computers with/without T2 do not install with FV enabled unless you opt out. I don't get the constant adoration of having it since it's been known that those with interest in this would be able to break the encryption itself. Unless you're using this for business/government related use which could cause great financial gains or instability to an infrastructure, then your "files" aren't that special or at risk. The typical theft of your device for gain will come from reselling it which it wouldn't matter about FV being enabled. People who are vehemently claiming that it's necessary have no idea why it would need to be. Even if they have a slight idea; in their best case use scenario, it's still unnecessary. There is only a small portion of users who would require full boot disk encryption and most likely you're not it.
Last edited:
The T2 is encryption for on-the-fly. The FV is not the T2 encryption method. FV encrypts data at rest or stored.
https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdf
Yep, on T2 equipped File Vault is nothing more than a requirement to type password before the drive is decrypted. But not long time ago on High Sierra you could login just by typing 'root' as username and hitting enter without any password. If Apple missed that makes you wonder what else did they miss. I prefer forcing a password before decryption - enabling File Vault.
Never said that users can't enable FV. I stated that issues can arise from having FV enabled and if you're willing to deal with the troubleshooting related to boot drive encryption. For the majority of users, FV is not necessary. You're not getting anything but a placebo effect that some would attribute to a peace-of-mind. In reality, your data is not being highly targeted and sought after by anyone that could actually use what is collected. Most people like to think they're special but unless you're in the top 1% of wealthy individuals, high-ranked or influential government official, storing a great deal of illegal or valued data, etc., then this has no added benefit to your life and use. The grouping of all those in the set of computer users would still comprise less than 1% of users who should have boot disk encryption enabled. LOL. If this was necessary, then it would have been implemented by default in the Windows (used by most organizations which have data to protect) and Unix-based OS. It isn't because for most of the world, it is unnecessary. Those that require it can enable it in those OS. If it were at that point that you're targeted because you fall in that less than 1% of all computer users, then those people would have physical access and already can break the encryption of the volume after a period of time. That would be their motive. Most people's worst case scenario is their computer being stolen, wiped, and resold or used by the thief. Most data isn't collected in this manner because of needing physical access and if physical access is required, then there are more security precautions in place to let you know that it's needed.
You're missing the point, this is Macbook Pro forum, a laptop forum. And what you wrote above is why File Vault should be enabled. Laptops get stolen or lost frequently - there you have your physical access.
LOL. I primarily use a MBP for developement and have other computers with different OS. Most people who own a MBP probably do not need it for the "Pro" use which includes me. I own many Apple products and probably will purchase them in the future. But the grandiose nature of the user base who try to argue for something Apple-related is ABSURD. You are not that special and neither are most macOS users whereby their boot disk would require FileVault being enabled.
Please do explain how leaving a laptop at the airport is somehow limited to Apple only. You don't need to be 'special' to have a random schmuck go through your data if he holds your laptop in his hands. And thank you, this is the first time I was called "Apple user base", I'm usually classified as Apple hater on this forum.
Oh, and if I lose my unencrypted laptop with company data, I get fired. And then sued - it's in my contract.
Most people lock their residences/cars/public lockers/etc before leaving. They keep their behinds covered too. The nerve of those ordinary people! Who the heck do they think they are?!
Your analogy for comparison is just as irrational. The two have no correlation to the type of security implemented and required. So, I'll presume you to be another ridiculous Apple enthused elitist. The majority of the group which have the characteristics of being classified into the top 1% of the world don't use Apple computers. Those that do may require boot drive encryption. You aren't one of them.
My analogy is no more irrational than your basing the needs of people you don't even know on conjecture. Next time you go out, don't forget to keep your car unlocked and your behind showing. Bet it'd suit you just fine.
Damn, you do have an agenda, don't you? Just to make sure I double checked, and I am in the 1% of the world most wealthy people by income. Ufff, what a relief, I can legally use File Vault and Bitlocker. Just so you know, you need annual income of $32k to join the club.
I don't need to know the people individually. They are grouped according to average use and types of data. So, full boot disk encryption isn't a requirement for the majority of users. The problem is the argument about you not knowing the difference between required and unnecessary. Never said that a person shouldn't. I said they aren't required because they don't fall within those which would have a requirement. Since, you don't fall within the requirements then you don't have a need. You're only doing it to satisfy something else, a placebo for peace-of-mind. Again, I don't work on data or have personal data that file encryption is the most that maybe necessary. Full boot disk encryption is overkill and has been pushed for quite a while to use as a means for promoting an OS is "more secure" than another. You're more likely to end up in the category of people that would require this than the likelihood of your data now being used for malicious or financial gains. What's the probability that you're going to be in the top 1% of those who have financial records and other sensitive data to protect from being targeted by others? Probably close to 0%. Therefore, the probability that you need (require) full boot disk encryption now is even less.
[doublepost=1553872404][/doublepost]
[doublepost=1553872404][/doublepost]
You're correct about me incorrectly using the statistic "the top 1% of the most wealthy". I should have been more precise with that data since this would include every impoverished, third-world country. However, at this point you're just playing semantics to make yourself believe you're winning an argument. That in itself doesn't matter to me. The argument is that you don't need (require) FV. Enable it if you want but it doesn't change the fact of you still not needing it.
If you don't know for a fact whether a specific person is using his computer for handling sensitive data, ie where he falls, then that's conjecture. End of story. Your entire premise is tied to knowing where a certain person falls within a certain statistic group with certain data security requirements.
If you don't know that, then well that's conjecture. Lumping people you don't know together based on guessing and chance is just that. I know for a fact that I use my computer for handling sensivity data because my work dictates that I do that. Lots of my colleagues do. It's not as rare as you make it out to be.
Has nothing to do with people being elitist, just you making another baseless assumption without factual knowledge.
If you don't know that, then well that's conjecture. Lumping people you don't know together based on guessing and chance is just that. I know for a fact that I use my computer for handling sensivity data because my work dictates that I do that. Lots of my colleagues do. It's not as rare as you make it out to be.
Has nothing to do with people being elitist, just you making another baseless assumption without factual knowledge.
I wrote above that I would look for another job and attorney if I lose my laptop without encryption enabled, so I really have no idea why you keep saying I don't need it. I do need it. Besides, what is the 'overkill' in enabling it? It doesn't cost anything. And we're not talking about targeted attacks, those don't need physical access, but about random person having possession of your data. And nowadays any data can be sold and used against any person or entity, be it to steal identity or gain competitive advantage. And no - you don't need to be 1% of whatever to be a victim, not a target, but a victim of random act based on stolen/lost data.
Not long ago somebody bought an iPhone using my ebay account. No, I wasn't targeted as the most wealthy ebay user, just my email/password was of the hundreds of millions stolen during one of the data breaches (linkedin probably according to haveibeenpwned.com) and I had the same combo for ebay. What would be the probability of being randomly targeted as one of hundreds of millions stolen credentials? Now imagine somebody has all my data from a lost/stolen laptop. And again - enabling encryption has no downsides, negligible performance drop with software based Bitlocker, none at all with T2 equipped Macs.
Avoiding identities being stolen alone is worth the extra security measures an OS may offer to virtually everyone. But no, here let me decide for you what you really need or don't need. I don't even have to know who you are or what you do for a living. I'm just gonna assume that your data privacy loss will have no repurcussions whatsoever, because...you're most likely an average joe with an elitist mentality.
Everyone has an opinion. However, most people's data aren't at risk of being used if their computer was stolen. If you have an organization issued notebook and/or signed an agreement that the information you are working on is sensitive enough that it requires full boot disk encryption, then this is part of the group I mentioned. The average, general home and small business user doesn't require it which is the majority of people. It's kind of strange that you have such an important job with sensitive data, that you would be trolling over encryption of a boot disk. My information was divulged from a profile, as well. Umm...which has nothing to do with this scenario. That was remotely, along with, the majority of data breaches and other means of infiltration. Even in a situation whereby your information was used, then OS boot disk encryption wouldn't even be a factor that could have protected you. I'm not obtuse to the point that I ever said anything related to it never being useful. Again, the majority of users of macOS do not require FV being enabled for a boot disk. Their dear pictures of family, home movies, movies, music, old/current tax, financial records aren't at risk of being used, even with the very small probability that their computer was stolen.
Why are they not at risk? Because their data wasn't targeted and isn't special except only to them. It has little to no value for someone else that stole their notebook or recipients thereafter.
File encryption for that data and not the entire OS disk would be plenty for those situations. Most users do not require an OS boot disk that's been encrypted. Of course, you can only convince those general users, which probably includes you, after they are in a situation whereby the difference between retrieving data by a legitimate service for a non-encrypted boot drive and one that has been encrypted is very, very costly between the two in the scenario that the encryption keys are damaged and/or you forgot the password. The bits are indecipherable and there are very, very few who may even have the means to recover it. Highly impossible. The cost and risk to the user is complete loss of data, performance hit, possible intermittent or incompatible issues with programs, and so forth. The pros of it are just that the user felt "more secure". When in reality them and their data is not that important because of having no value to those who would actually know how to use the data for gain or malicious reasons. Again, if it were that important to have a full boot disk encryption, then operating systems other than macOS who've been using this sort of method would have pushed to make it a requirement well before Apple. macOS comprises roughly 10% of the OS market share. Have you convinced yourself that this OS has been secured and improved on much more than all others? You would be wrong.