FileVault recommended or not?

I've been using FileVault on a couple of machines for quite a while now.
I've yet to have any problems but of-course you should always have a backup regardless of whether you use FileVault or not.

Performance wise I notice no difference at all, benchmark wise I lose a couple of MB/s but nothing major. Visually the only difference is the login screen which appears before the OS boots on startup.

The one thing to be careful of is if you have moved your home directory to another drive, and then attempt to encrypt the drive containing the home directory.

 

Bold, exactly, just a day or so ago someone did just that, could not login, got an Error.

 

Works fine. Very minimal impact to performance. I also have my Time Machine and other external drives encrypted.

Also, you can sleep and shutdown the computer if you need to while the disk is being encrypted. The encryption process will continue when you start the system back up.

 

I disagree. It is only transparent if you already have your mac setup not to auto-login and always prompt you for a password on boot ups and resuming from sleep. For many of us that is annoying and we don't want to have to constantly punch in the password, that seems like a good reason not to use it.

 

Constantly? How often do you sleep or restart your Mac?

 

Disk encryption without a password to login/decrypt would be rather pointless though, unless you were able to use a token or key of some sort which isn't supported by FileVault2.

I guess I assumed that anyone wanting to secure their computer would expect to have to use a password of some sort.

 

I think what was meant is going from a auto login no PW setup to file fault is not so transparent..... extra steps are now required.

 

I think other than the password, it is transparent. And unless someone is sleeping or rebooting their Mac every 5 minutes, I don't think it's an issue.

For example, my machine gets slept when I go out and when I go to sleep. If I'm going to be gone for more than a day, I will shut the iMac down. I have to enter my password maybe 2 or 3 times in a normal day.

JohnDoe98 made it sound like you had to enter your password frequently, which isn't true for a lot of people.

 

Well, using FileVault makes sense ONLY if you need it. If you don't have a reason to encrypt your data, why use it?

S-

 

That is true. However, my web browser has cookies for how many sites that have my credit card on file? The passwords for my email ar eon the keychain. Since I get my bills electronically, I have copies of those bills on my computer.

All in all, someone can have a lot of personal info on a computer. Enough to allow for credit card fraud or identity theft. I'd rather not take the risk.

 

Constantly. I have a laptop and move a lot during a given day. I don't sit 9-5 in an office.

----------

Agreed, but I'm just pointing out for some usages and for convenience, Filevault is not recommended. Only if you think you need a high level of security would you use it. So I was responding to the OP and the one I responded to at the same time. I'm not worried about losing or having my laptop stolen so for me its a waste to add in that extra security.

----------

Sure, but the point is Filevault is not transparent compared to having it off. There is a noticeable impact of turning it on. Now if your aim is security, there by all means turn it on so as you point out, operationally its no different than if you have auto-login and similar features turned off.

----------

Exactly. And so I was suggesting unless you need strong security, it's a serious inconvenience.

----------

Yeah but the cookies don't show the entire CC and in order to get keychain to reveal the passwords you must enter your administrator password, so all the important information is encrypted anyway.

 

Right, by the community within these forums, of which I am a part.

Did you even read the OP? It struck me as a post by someone rather unfamiliar with what this feature even is in its most basic sense. That is the audience to which the responses in this thread should be aimed at. Coming in a thread acting superior is smug and being rather unhelpful toward the novices asking for the help in the first place is rude.

Source?

Agreed, now what about everyone else? The questions by the OP were general and not asking about particular cases.

Great, now instead of making assumptions how about you start actually answering the OP? Should the average joe desire to encrypt their disk, should they not use the auto-login features? Why or why not? Identify theft is real, but for most responsible adults the chances of their systems getting physically hijacked by someone is rather low.

Yes. Anything that isn't automatic is an annoyance and inconvenience. Why do you think Apple implemented auto-login and resumes and auto-save features in the first place? Because users found the alternatives cumbersome. Again get off your high horse.

 

Some of the community does recommend FileVault. So therefore it's you not recommending it.

 

Yes of course, though my recommendation or non-recommendation is user-specific. I suppose I should have been clearer. What I meant to imply was that anyone who is a member of the community is welcome to share their opinion in this thread, and so the rhetorical question asked by the other poster, trying to suggest I had no place commenting here, was ridiculous. Thanks for the clarification though.

 

I turned on FileVault a few months ago and I haven't seen a single problem yet.
When I'm travelling, I always shut down my macbook when not in use, so in case it gets stolen, the thief will not have access to my sensitive data (including work data). Performance-wise I am also yet to see a difference, even though BlackMagic Test tells me I lost around 30Mb/sec in write speeds, which I consider an acceptable trade-off for higher security.

So I recommend turning it on.

 

Having to type your password a few times a day is not a serious inconvenience. Having to recover from a stolen system where someone used the information on an unencrypted drive is a very serious inconvenience.

Give me a person's system where they have cookies and possibly automatic logins in their browsers for shopping sites and a mail client that has the passwords it needs in the keychain and I'd be able to change the passwords on the websites via password recovery to the person's email and then I would have access to shopping with their credit cards.

 

Fair points. And given portables are easier and likelier to be stolen, perhaps there is greater incentive to use FileVault on them, but for most desktops to get access to them you'd have to break into the house, apartment, office, etc. to get that kind of access. Also, half decent sites require you answer security questions before proceeding with password recovery.

In any case, my guess is many of us live in civilized countries where the crime rates are extremely low, and so if you aren't careless, the chance of getting your system stolen are highly unlikely.

 

How would you access their keychain if they had shut down or logged out?

 

If they have automatic login, then applications which use the keychain can get to their passwords to access services. This is why I specified that mail passwords had to be on the keychain, so Mail could fetch mail.