Encrypted Backups??

Discussion in 'Mac Basics and Help' started by tabosko, Nov 2, 2017.

  1. tabosko, Nov 2, 2017
    Last edited: Nov 2, 2017

    tabosko macrumors newbie

    Joined:
    Sep 1, 2013
    #1
    Hello all,

    I'm running into a lot of conflicting info on this so thought I would ask here. I recently had to back up my laptop (via time machine). My drive at the time was encrypted via file vault. When I restored I noticed that no prompt to unlock the backup was given and the restore itself was not encrypted.

    From what Im reading on forums, it would appear that time machine backups are not encrypted by default? You can encrypt them but you can't restore a encrypted backup cause time machine does not recognize them. That just sounds like pissing in the wind to me to backup protected data in a unprotected matter. So if this is the case, what is the resolution? Encrypt the drive you store your backups too? Does CCC keep the back up encrypted and will the mac allow you to restore it if so?

    Thanks
     
  2. Mikael H macrumors 6502a

    Joined:
    Sep 3, 2014
    #2
    There's a tick box for encrypting backups in Time Machine. Time Machine can restore backups it has encrypted as long as you know the pass phrase to them.

    Are there examples of people who've encountered problems? Probably. But the tick box wouldn't exist if Apple didn't consider the feature production ready.

    Some advice:
    If you haven't tried restoring from your backup, you don't have a backup.
    If you don't have two backup copies, you don't have a backup.
    If you don't store one backup copy off-site, you don't have a backup.
     
  3. Fishrrman macrumors P6

    Fishrrman

    Joined:
    Feb 20, 2009
    #3
    Something to think about before you encrypt your backup:

    Most folks will "go to the backup" in a moment of need or crisis.
    At that point, anything "in the way" that makes the backed-up files difficult to "get at" could interfere with getting to them.

    I've seen posts here from folks who had encrypted their drives, and then had some kind of problem, and then.... couldn't get to their data.

    I want backups that are EASY to mount and use in a moment of need.

    If you're that concerned about security, perhaps it's best to have a physical safe in which to store a backup drive...
     
  4. hobowankenobi macrumors 6502a

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #4

    To this point, if you have physical control of the volume you back up to, it is a good question: does it need to be encrypted?

    Only you can answer, depending on the kind of data, and your assessment of the risk of loss or theft.

    If you CAN control the volumes to your satisfaction (lock them up when not in use, etc.), then I would agree...encryption can be a burden to both backup and restore.

    If on the other hand, the data is sensitive enough, or the lack of control of the volumes is a real risk, you should work out and get comfortable with encryption. That means doing multiple test backups and restores so you are sure of the process and outcome.
     
  5. ZapNZs macrumors 68020

    ZapNZs

    Joined:
    Jan 23, 2017
    #5
    You can restore from an encrypted Time Machine backup - at least ones made with HFS+/GUID. By default, IIRC the 'Encrypt backups' checkbox is not selected.

    CCC plays very well with encryption. With CCC, there are two options that I personally know of to make a bootable, encrypted drive capable of a full system-level restore: 1) format the drive unencrypted HFS/GUID, then use CCC to clone the Recovery HD, after cloning then encrypt the [non-Recovery HD] VOLUME, and then make the CCC backup - [IIRC, when you boot into a backup made this way, I believe you will need to enter your password twice], or, 2) format the drive unencrypted HFS+/GUID, make the CCC to the unencrypted drive + clone the Recovery HD, boot into the CCC-made clone, enable FileVault 2 and allow it to encrypt the drive.

    Option 2 is arguably the safer way because you are forced to then verify that everything works correctly, but obviously this can take much longer given if you are cloning to a standard consumer-grade HDD, the FV2 encryption process can be pretty darned slow. I've done a restore from an encrypted CCC backup using option 2 and it worked flawlessly - no differently than as is the case with making the backup clone, when restoring an encrypted backup clone to a device, the restoration to the destination will not be encrypted (i.e., you have to manually reenable FV2 on the destination after completing the restore.)

    While I also use Time Machine, I personally prefer Carbon Copy Cloner for doing a full system restore simply because my experience with CCC has been rock solid over what must now be close to a decade of use.
     
  6. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #6
    To be safe, turn encryption on for your hard drive, _and_ for your Time Machine backup.

    When you restore a Time Machine to an unencrypted machine (for example after buying a new Mac), the backup is unencrypted. You can turn on encryption before or after the restore. "Before" would be better in case your Mac gets stolen after the restore and before the encryption.
     

Share This Page

5 November 2, 2017