Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

FileVault

G

golfing bob

macrumors member
Original poster
Mar 23, 2011
51
3
I have a Mid 2010 13" Macbook Pro. I have had several issues (After upgrading from snow leopard to Yosemite) and the most recent was trying to log in. With help from this forum I am back up and running. (Thanks to all who responded). After I turned Fire Vault off all is well. My question is what risk do I take with Fire Vault Off? I am correct that if Fire Vault is on after you log in it is now accessible from the internet and it only protects when the computer is off?? Just need to understand how it works.

Thanks,

Bob
 
FileVault is an encryption system for the computer. Having it off just means that if your computer falls into the wrong hands, someone could access the drive and get your files from it. Either directly by logging in as you or by hooking it up as a secondary device to another computer and accessing it that way.

With FileVault turned on, the only way to access your files on the drive is by logging in as you with the proper password. Otherwise there is no way to access the files on it.
 
If your computer is on and you are logged in, your HD is not totally secure via FileVault 2.

One of the members here pointed the following out to me, and I have implemented it into my usage.

Open up Terminal and input ...

sudo pmset -a destroyfvkeyonstandby 1

Now go to Preferences > Screen Saver > Hot Corner > Pick a corner from the options and you have several options from the drop down menu. I chose put display to sleep. Still under Preferences > Security and Privacy > General > make sure require password after sleep or screen saver is set to immediately.

Once that is done, and you activate the hot corner you made by moving the cursor to that particular corner when you are stepping away from the computer, the FileVault password is removed from RAM and will have to be entered (again) to gain access to the computer.

You can revert back to system default anytime by replacing the 1 with a 0

sudo pmset -a destroyfvkeyonstandby 0
 
SandboxGeneral said:
FileVault is an encryption system for the computer. Having it off just means that if your computer falls into the wrong hands, someone could access the drive and get your files from it. Either directly by logging in as you or by hooking it up as a secondary device to another computer and accessing it that way.

With FileVault turned on, the only way to access your files on the drive is by logging in as you with the proper password. Otherwise there is no way to access the files on it.
Click to expand...

How does this affect backup strategies?

Will tome capsule create an encrypted or non encrypted copy?

I think of setting this up, but need to have a non encrypted copy somewhere.
 
gpspad said:
How does this affect backup strategies?

Will tome capsule create an encrypted or non encrypted copy?

I think of setting this up, but need to have a non encrypted copy somewhere.
Click to expand...

You can encrypt the drive that TM backs up to with FileVault and you can encrypt the TM backups themselves in the options for 'selecting disk's' for TM or do both.
 
BasicGreatGuy said:
If your computer is on and you are logged in, your HD is not totally secure via FileVault 2.

One of the members here pointed the following out to me, and I have implemented it into my usage.

Open up Terminal and input ...

sudo pmset -a destroyfvkeyonstandby 1

Now go to Preferences > Screen Saver > Hot Corner > Pick a corner from the options and you have several options from the drop down menu. I chose put display to sleep. Still under Preferences > Security and Privacy > General > make sure require password after sleep or screen saver is set to immediately.

Once that is done, and you activate the hot corner you made by moving the cursor to that particular corner when you are stepping away from the computer, the FileVault password is removed from RAM and will have to be entered (again) to gain access to the computer.

You can revert back to system default anytime by replacing the 1 with a 0

sudo pmset -a destroyfvkeyonstandby 0
Click to expand...

For additional security, this should also be paired with setting hibernatemode to 25 rather than 3, like so.

sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25

Hibernatemode's default setting is 3, which means it will save the contents of RAM to the disk, but will leave the memory powered. When set to 25, hibernatemode will still save the contents of RAM to the disk, but will remove power to RAM. Powering down the memory modules is a slightly safer approach than just destroying the keys alone.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back