Jul 10 2015

Encryption for Everyone: Part 1 OS X

Information Security is evolving at an exponential rate.  What cut it 10 years ago would make today’s cybersecurity analysts cringe.  We will cover other aspects of keeping you safe from threats in future posts, but for now let’s focus on your physical hardware and more specifically encrypting your data.  If your laptop is lost or stolen you are at risk of someone inserting a USB stick, booting an operating system (ie. Linux)  and making your entire hard drive unencrypted and fully viewable.  At this point anyone could go through or copy your personal folders and data….no passwords needed.

This is where disk encryption comes in to solve the problem or at the very least, makes it much harder for anyone to retrieve your personal data.

Depending on your setup, there are several different options.  All will do a fine job of protecting your data at rest and add another layer of security to your defenses.  If you’re like most of us, you carry around a keychain to gain access to your home, automobile, work, etc. So why not implement the same layer of security on your hard drives?

OS X (Mac) – FileVault 2

PC – Bitlocker

PC with no TPM chipBitlocker with USB key

Linux – Veracrypt

FileVault 2 – The Apple Solution

Apple’s first stab at disk encryption didn’t go so well.  The original FileVault was slow and unreliable. Also, it would only encrypt home directories leaving the rest of the Mac unencrypted. Luckily, with the release of OS X Lion, FileVault 2 was implemented which improved performance and most importantly encrypted the entire hard drive.


  1. Open System Preferences and select Security and Privacy.
  2. Select FileVault and then click Turn On FileVault

Once you’ve entered your password and confirmed, you are presented with FileVault 2’s version of the master password – called the recovery key. This is absolutely crucial to keep safe, so crucial that Apple even offers to store it on their servers so that in the event you lose or misplace it, you can contact Apple to access your drive.



Activating FileVault 2:

Once you’ve completed the setup, you will need to restart your Mac. It can take some time to encrypt the disk and you are required to plug your machine into a power adapter.


Note:  This process will take a while to complete.  It is best to perform the data encryption when you will not be using it.  In most instances the hard drive will take about a half hour to an hour to complete.

Remember that protection is nothing if you set your password to something easy to guess or figure out. At the end of the day, the weakest link in any security system is the human layer.  Make sure your password is a mixture of upper and lower case letters, numbers and symbols. Memorize it, but don’t use something memorable.  Stay safe (and encrypted) out there!