Encryption Software - what are the options now?

Discussion in 'Mac Apps and Mac App Store' started by absolut_mac, Aug 22, 2014.

  1. absolut_mac macrumors 6502a

    absolut_mac

    Joined:
    Oct 30, 2003
    Location:
    Dallas, Texas
    #1
    I used to use PGP for Mac. Updates on the Mac side were slow, but always followed a few months after PC updates. Then they got bought out by Symantec. Support and updates have been very poor on the Mac side and I'm sure that they lost a LOT of customers because of it. Me included. One would have thought that they would've stepped up to the plate after the NSA/google/MS etc backdoor scandals.

    No big deal, I switched to TrueCrypt and was very happy with it as it delivered almost exactly the same options as PGP - virtual drives, whole disk encryption etc. Now that support for that has ended what other comparable and reliable options are available for the Mac these days?

    FWIW even if I used a PC there's absolutely no way that I would trust MicroSoft's Bit Locker!!
    Thanks in advance for your help.
     
  2. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #2
    Use FileVault 2. Built into OS X.
     
  3. absolut_mac thread starter macrumors 6502a

    absolut_mac

    Joined:
    Oct 30, 2003
    Location:
    Dallas, Texas
    #3
    Thanks for your reply.

    Two questions about FileVault 2 - can you create virtual disks and encrypt jump drives with it (most jump drives only include Windows encryption software)? How does enabling FileVault 2 affect other accounts on the same Mac? Do they use the same log-in password as me or can I create separate log-in passwords for them?

    On my very old Mac Mini (2nd generation but now replaced with a 2012 model) PGP's secure shredding of large files was considerably faster than the original FileVault. Even now, shredding large files securely in the trash takes forever with my upgraded Mini.
     
  4. Idarzoid macrumors 6502

    Joined:
    Mar 15, 2013
    #4
    FileVault2 only offers full disk encryption for your Mac and it uses the same login as your account, the difference is that you log in before OS X boots instead of after, as for virtual disks, you can use Disk Utility to create encrypted containers, you can also use the same utility to encrypt external drives.
     
  5. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #5
    Yes. You can create an encrypted sparse bundle disk image using Disk Utility.

    To encrypt an external drive or USB key you just right click it then select encrypt. Done. It must in the Mac OS Extended format of course.

    When you turn on FV2 it encrypts the entire disk and any account you allow access to can open the "vault" and login to the Mac. You can create as many login accounts as you want and give them each their own password.

    If you have FV2 on, using secure empty trash is a bit redundant since the user trash folder is inside the user space anyway and on the encrypted partition. The only upside I can see to doing a secure empty is it would make it more difficult for one of your other users to try and recover things from your trash if they had a desire to try that. I never use it.
     
  6. absolut_mac thread starter macrumors 6502a

    absolut_mac

    Joined:
    Oct 30, 2003
    Location:
    Dallas, Texas
    #6
    Thanks for your informative responses.

    My only concern is with the additional accounts for my family because most of them prefer simple passwords and once they log-in then I assume that anyone logging into that account will have access to the whole HD. Or am I misinterpreting the above?
     
  7. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #7
    Once any user logs in the "vault" is open. Beyond that a user can only directly access files in their own user space. There is a way for users who have an "admin" account to use the sudo command to access other users files. You can prevent that by only giving those other users a "standard" account when you set them up.

    So what I would do is give yourself an admin account then everybody else a standard account. Then they could never access your files or each other's files. Also, they could not install software to make certain system changes.
     
  8. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #8
    They would have access to the drive from the sense that it would decrypted for them, once they log in, then its up to OS X's file/folder permissions to grant or restrict access.

    As Weasleboy stated, you can use a standard account for them, but if I understand your point, your family is using simple passwords and thus negating the power of FV. I'd recommend a stronger password setup if you're worried about that.
     
  9. flynz4 macrumors 68040

    Joined:
    Aug 9, 2009
    Location:
    Portland, OR
    #9
    You can select which user accounts unlock the full drive encryption. So you can set it up such that only your account can unlock the drive... hence, you must sign in first. Then you log out (but not shut down)... and the rest of your family can log-in. Hence:

    Dad - Strong pw - Unlock yes - Admin yes
    Mom - Weak pw - Unlock no - Admin no
    Son - Weak pw - Unlock no - Admin no

    Alternately... create yet one more account (I'll call it Crypt)... that anyone can use to unlock the machine. Hence, if they need to reboot the machine and you are not home... they have to type in a complex password once.

    Crypt - Strong pw - Unlock yes - Admin no
    Dad - Strong pw - Unlock yes - Admin yes
    Mom - Weak pw - Unlock no - Admin no
    Son - Weak pw - Unlock no - Admin no

    /Jim
     
  10. absolut_mac thread starter macrumors 6502a

    absolut_mac

    Joined:
    Oct 30, 2003
    Location:
    Dallas, Texas
    #10
    Thanks for all your very helpful responses.

    It's too much hassle for me to change my current set up for all my family members and their accounts, but hopefully I'll be getting the new Mac Mini soon. Like too many others on this forum I'm eagerly anticipating September 9th for info on it.

    I'll definitely enable FileVault 2 when I upgrade to the new machine :)
     

Share This Page