FileVault?

Discussion in 'OS X El Capitan (10.11)' started by Robdmb, Mar 26, 2016.

  1. Robdmb macrumors member

    Joined:
    Nov 5, 2008
    #1
    Do most people enable FileVault? Any disadvantages/performance hits associated with it? Also, does it have to be enabled at time of system install for best performance or can it be done at any time? Thanks.
     
  2. dianeoforegon macrumors 6502a

    dianeoforegon

    Joined:
    Apr 26, 2011
    Location:
    Oregon
  3. Gregg2 macrumors 603

    Joined:
    May 22, 2008
    Location:
    Milwaukee, WI
    #3
    I haven't taken a scientific survey, but based on reading threads here and elsewhere, my impression is that most people do NOT have FileVault enabled. If you do, don't forget your passwords!
     
  4. dwfaust macrumors 68040

    dwfaust

    Joined:
    Jul 3, 2011
    Location:
    I am here => [•]
    #4
    One should not lose passwords even without FileVault enabled. I understand what you are saying, but if you cannot remember your administrator password, you have bigger issues.

    I do use FileVault for obvious reasons - the whole of my life is contained within the disk - my finances, my personal data, my treasured memories (all backed up multiple times/ways, of course). It needs to be protected securely... so I encrypt my drives.
     
  5. bobr1952 macrumors 68020

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #5
    Totally seamless on my 2012 MacBook Pro--no reason not to use it really.
     
  6. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #6
    There is a disk performance hit, but it is small. Here is a speed test.

    First thing I do on every Mac I buy is turn on FV2. You can do it as part of setup or later if you like. Once it is setup it is very transparent. The big downside it if you lose your password, your data is a goner. Apple does have a way for your to save a recovery key with your AppleID if you want.
     
  7. Alrescha macrumors 68020

    Joined:
    Jan 1, 2008
    #7
    In some of those benchmarks, Filevault is actually faster. But likewise, it is the first thing I turn on after an install.

    A.
     
  8. Ener Ji macrumors member

    Joined:
    Apr 10, 2010
    #8
    I've used Filevault for years. Wouldn't consider going without it. This makes me think of an interesting question, however. I wonder if Apple will ever turn Filevault on by default for new Macs? Perhaps for OS 10.12?
     
  9. Ebenezum macrumors 6502a

    Joined:
    Mar 31, 2015
    #9
    I'm not certain that is wise default choice because there is risk of data loss if user forgets password. At the minimum it should be made absolutely clear for the user during the install and user should be given the option to not use FileVault.
     
  10. Modernape macrumors regular

    Joined:
    Jun 21, 2010
    #10
    The only disadvantage to Filevault (hence the reason I don't enable it), is you have to enter your login password after every wake from sleep or screensaver (unless one of you running it now can update my belief?).
     
  11. steve23094 macrumors 68000

    steve23094

    Joined:
    Apr 23, 2013
    #11
    With all the shenanigans recently I went full crypto not too long ago. FileVault on Macbook and iMac. Encrypted local iPhone and iPad backup, encrypted Time Machine, encrypted NAS', VPN. The whole lot.
     
  12. Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #12
    I use it and think it's great. I do my taxes on my computer, that right there is enough reasons to have it turned on.
     
  13. gnatmm macrumors member

    gnatmm

    Joined:
    May 23, 2015
    Location:
    Italy
    #13
    I moved from a mba 13 to a open box rMB. The new rMB was on Yosemite so I had to upgrade to 10.11.4 before installing my latest time machine backup. I did not check on the new rMB for FV so now i can't turn it on and also find my Mac is not working. Is there a quick fix rather than booting an external drive and create the partition FV needs before turning it on and restoring my data again? Thanks
     
  14. gnatmm macrumors member

    gnatmm

    Joined:
    May 23, 2015
    Location:
    Italy
    #14
    Solved. Recovery Partition Creator is the way. A bit scary but works (still)
     
  15. Mcmeowmers macrumors 6502

    Joined:
    Jun 1, 2015
    #15
    You should actually use your computer for awhile before enabling fv.
     
  16. ABC5S macrumors 68040

    Joined:
    Sep 10, 2013
    Location:
    Florida
    #16
    And this is why I hope Apple introduces Touch ID on any new Mac's. I have to enter the passcode numerous times per day, and this would be a great tool.
     
  17. throAU macrumors 601

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #17
    I have it enabled.

    Disadvantage: instead of 1.4 gigabytes per second SSD transfer speed on my MBP, i now get about 750 megabytes per second read/write.

    So yes, there's a bit of a performance hit associated with it, but my machine is still very very fast.


    edit:
    as you can see, in my case the io hit was almost 50%.

    BUT, it depends how fast your CPU is and how fast your IO is. On a machine with a spinning hard drive there will be basically zero impact. If you have a SATA2 or SATA3 SSD and a post sandy bridge Mac, there's likely zero performance impact. On a New Macbook, late model Macbook Air, or current 13" MBP, the storage is way quicker than the CPU can keep up with for encryption.
     
  18. MRxROBOT macrumors 6502

    MRxROBOT

    Joined:
    Apr 14, 2016
    Location:
    1011100110
    #18
    I wouldn't use my Macbook without it, but then again privacy & security is important to me. With Blackmagic I'm seeing 1409 Write 1811 Read, not much of a performance hit here with 25% disk space available at the moment.

    I don't think anyone can answer this question for you without knowing what Mac this is regarding. Provide more information if you want answers that are are tailored to you and your machine as the answers vary widely.

    Yes FileVault can be enabled at any time.
     
  19. throAU macrumors 601

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #19
    actually, just re-ran the speed test, i'm seeing 933 write, 1243 read.

    Either way, faster than basically any non-PCIe/M2 SSD on the market.
     
  20. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #20
    The question you need to answer is: what is the likelihood that your device might get stolen? If you worry about that risk and you have important personal data on it, then you ought to enable FileVault. If your Mac never leaves the house, you might also want to consider using a firmware password instead. It won’t encrypt your data, but it will prevent anyone from gaining access to your data as long as the HDD/SSD is still in place.

    FileVault can be enabled at any time. Before the installation (by formatting the drive as ‘Mac OS Extended (Journaled, Encrypted)’ or afterwards. The latter is preferred, because the FileVault program will force you to set up a separate recovery key and will enable all user accounts to unlock the drive.

    Touch ID isn’t all that secure. Reproducing fingerprints is possible and I would assume that the likelihood of finding a good sample on your laptop is higher than on your smartphone.
     
  21. Alrescha macrumors 68020

    Joined:
    Jan 1, 2008
    #21
    And why is that?

    A.
     
  22. MRxROBOT, Apr 17, 2016
    Last edited: Apr 17, 2016

    MRxROBOT macrumors 6502

    MRxROBOT

    Joined:
    Apr 14, 2016
    Location:
    1011100110
    #22
    Wrong
    --- Post Merged, Apr 17, 2016 ---
    FileVault is not only for people who think their MacBook is going to get stolen. I'm sure a lot of people's macbook have been stolen that didn't think it would happen to them. But I digress, there are other reasons for encryption and a common one is to protect your data when you pass on your computer. Secure erasing SSDs isn't as secure as it is with HDDs. The surest way of erasing your data short of destroying your drive these days is encrypting it. This will keep your contents secure when you wipe your mac before selling, which lots of people do to help subsidize the cost of a new Mac.

    I on the other hand encrypt my data because I value my privacy & security.
     
  23. NoBoMac macrumors 6502a

    Joined:
    Jul 1, 2014
    #23
    Glad to see that sub-OP figured it out.

    An option, with the caveat that I have not had to try this since I swapped out my HDD for an SSD a few years ago, should be able to "re-install" the OS over the existing install. Will keep user files in-place (read: not wipe that stuff out), but will create the recovery partition that FileVault needs. When I did the disk swap, I ran into the same situation in that I made a clone of the HDD via SuperDuper! which does not image the recovery partition, and merely copied that clone onto the SSD. I too could not re-enable FileVault.
     
  24. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #24
    I agree that I could have been more specific, but I actually implied that when I used the example of theft. Obviously, if you do not want to entrust someone else with your data, then encryption is the only option short of securely erasing the data. My point was that when you are not moving the device around, including giving it to someone, then disk encryption may simply be unnecessary or at least a risk worth taking.

    I could come up with a number of people in my circle of acquaintances that I would not advise to enable encryption, purely because they will forget it and are likely to lose their passwords at some point.

    You could do that before selling it too. For SSDs other options exist, depending on vendor (e.g. full trim).
     
  25. MRxROBOT macrumors 6502

    MRxROBOT

    Joined:
    Apr 14, 2016
    Location:
    1011100110
    #25
    Yes well people who cannot remember a key no more sophisticated than a facebook password should not be encrypting their drives. I guess I should have changed my post to say if you can use Facebook, you can encrypt your drive.


    Encrypting after the fact is not that same as starting with encryption. I can go into more detail if need be.
     

Share This Page