Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
FileVault?
- Thread starter Robdmb
- Start date
- Sort by reaction score
FileVault: What Is It and Should You Use It? - techtalkamerica.com
http://techtalkamerica.com/filevault-what-is-it-and-should-you-use-it/
http://techtalkamerica.com/filevault-what-is-it-and-should-you-use-it/
I haven't taken a scientific survey, but based on reading threads here and elsewhere, my impression is that most people do NOT have FileVault enabled. If you do, don't forget your passwords!
One should not lose passwords even without FileVault enabled. I understand what you are saying, but if you cannot remember your administrator password, you have bigger issues.
I do use FileVault for obvious reasons - the whole of my life is contained within the disk - my finances, my personal data, my treasured memories (all backed up multiple times/ways, of course). It needs to be protected securely... so I encrypt my drives.
There is a disk performance hit, but it is small. Here is a speed test.
First thing I do on every Mac I buy is turn on FV2. You can do it as part of setup or later if you like. Once it is setup it is very transparent. The big downside it if you lose your password, your data is a goner. Apple does have a way for your to save a recovery key with your AppleID if you want.
In some of those benchmarks, Filevault is actually faster. But likewise, it is the first thing I turn on after an install.
A.
I'm not certain that is wise default choice because there is risk of data loss if user forgets password. At the minimum it should be made absolutely clear for the user during the install and user should be given the option to not use FileVault.
With all the shenanigans recently I went full crypto not too long ago. FileVault on Macbook and iMac. Encrypted local iPhone and iPad backup, encrypted Time Machine, encrypted NAS', VPN. The whole lot.
I moved from a mba 13 to a open box rMB. The new rMB was on Yosemite so I had to upgrade to 10.11.4 before installing my latest time machine backup. I did not check on the new rMB for FV so now i can't turn it on and also find my Mac is not working. Is there a quick fix rather than booting an external drive and create the partition FV needs before turning it on and restoring my data again? Thanks
I have it enabled.
Disadvantage: instead of 1.4 gigabytes per second SSD transfer speed on my MBP, i now get about 750 megabytes per second read/write.
So yes, there's a bit of a performance hit associated with it, but my machine is still very very fast.
edit:
as you can see, in my case the io hit was almost 50%.
BUT, it depends how fast your CPU is and how fast your IO is. On a machine with a spinning hard drive there will be basically zero impact. If you have a SATA2 or SATA3 SSD and a post sandy bridge Mac, there's likely zero performance impact. On a New Macbook, late model Macbook Air, or current 13" MBP, the storage is way quicker than the CPU can keep up with for encryption.
I wouldn't use my Macbook without it, but then again privacy & security is important to me. With Blackmagic I'm seeing 1409 Write 1811 Read, not much of a performance hit here with 25% disk space available at the moment.
I don't think anyone can answer this question for you without knowing what Mac this is regarding. Provide more information if you want answers that are are tailored to you and your machine as the answers vary widely.
Yes FileVault can be enabled at any time.
I don't think anyone can answer this question for you without knowing what Mac this is regarding. Provide more information if you want answers that are are tailored to you and your machine as the answers vary widely.
Yes FileVault can be enabled at any time.
actually, just re-ran the speed test, i'm seeing 933 write, 1243 read.
Either way, faster than basically any non-PCIe/M2 SSD on the market.
Either way, faster than basically any non-PCIe/M2 SSD on the market.
The question you need to answer is: what is the likelihood that your device might get stolen? If you worry about that risk and you have important personal data on it, then you ought to enable FileVault. If your Mac never leaves the house, you might also want to consider using a firmware password instead. It won’t encrypt your data, but it will prevent anyone from gaining access to your data as long as the HDD/SSD is still in place.
FileVault can be enabled at any time. Before the installation (by formatting the drive as ‘Mac OS Extended (Journaled, Encrypted)’ or afterwards. The latter is preferred, because the FileVault program will force you to set up a separate recovery key and will enable all user accounts to unlock the drive.
Touch ID isn’t all that secure. Reproducing fingerprints is possible and I would assume that the likelihood of finding a good sample on your laptop is higher than on your smartphone.
FileVault can be enabled at any time. Before the installation (by formatting the drive as ‘Mac OS Extended (Journaled, Encrypted)’ or afterwards. The latter is preferred, because the FileVault program will force you to set up a separate recovery key and will enable all user accounts to unlock the drive.
Touch ID isn’t all that secure. Reproducing fingerprints is possible and I would assume that the likelihood of finding a good sample on your laptop is higher than on your smartphone.
Wrong
[doublepost=1460910898][/doublepost]
FileVault is not only for people who think their MacBook is going to get stolen. I'm sure a lot of people's macbook have been stolen that didn't think it would happen to them. But I digress, there are other reasons for encryption and a common one is to protect your data when you pass on your computer. Secure erasing SSDs isn't as secure as it is with HDDs. The surest way of erasing your data short of destroying your drive these days is encrypting it. This will keep your contents secure when you wipe your mac before selling, which lots of people do to help subsidize the cost of a new Mac.
I on the other hand encrypt my data because I value my privacy & security.
Last edited:
Glad to see that sub-OP figured it out.
An option, with the caveat that I have not had to try this since I swapped out my HDD for an SSD a few years ago, should be able to "re-install" the OS over the existing install. Will keep user files in-place (read: not wipe that stuff out), but will create the recovery partition that FileVault needs. When I did the disk swap, I ran into the same situation in that I made a clone of the HDD via SuperDuper! which does not image the recovery partition, and merely copied that clone onto the SSD. I too could not re-enable FileVault.
I agree that I could have been more specific, but I actually implied that when I used the example of theft. Obviously, if you do not want to entrust someone else with your data, then encryption is the only option short of securely erasing the data. My point was that when you are not moving the device around, including giving it to someone, then disk encryption may simply be unnecessary or at least a risk worth taking.
I could come up with a number of people in my circle of acquaintances that I would not advise to enable encryption, purely because they will forget it and are likely to lose their passwords at some point.
You could do that before selling it too. For SSDs other options exist, depending on vendor (e.g. full trim).
Yes well people who cannot remember a key no more sophisticated than a facebook password should not be encrypting their drives. I guess I should have changed my post to say if you can use Facebook, you can encrypt your drive.
Encrypting after the fact is not that same as starting with encryption. I can go into more detail if need be.