Security :: Macintosh OS X Encryption

Printer-friendly version

Before proceeding, seek the support of your ITC.

Do not encrypt the only copy of protected data. Mobile devices have a greater exposure to damaging environments, and data on these devices, encrypted or not, can suddenly become unrecoverable.

Encrypting your home folder with FileVault

You can turn on FileVault to encrypt the information in your home folder. Encryption scrambles the data in your home folder so that unauthorized users, applications, or utilities can’t access your data.

You must be an administrator on your computer, or you must get an administrator's help, to set up FileVault and turn on FileVault for your home folder.

When you turn on FileVault for the first time, your home folder is encrypted. While your home folder is being encrypted, you won’t be able to log in to your account or use your computer to do other tasks. The process could take a while, depending on how much information you have in your home folder.

Before you begin, make sure you have enough free space on the hard disk that contains your home folder. You need as least as much free space as your home folder currently occupies. For example, if your home folder is 20 MB, make sure you have at least 20 MB of available space. This space is needed temporarily during the encryption process.

WARNING: Your ITC must create a master password that acts as a safety net in case you forget your regular login password. If you can't remember either of these passwords, the information in your home folder will be lost forever.

When you drag files into the trash and then empty it, the data of the files may remain on the hard disk for quite a time and certain tools can recover this information. To insure your data is cleaned out and can never be recovered, FileVault can do a secure erase when you remove files. Secure erase actually overwrites the files that are deleted, destroying all the data from the files.

To set up FileVault on your computer:

  1. Choose Apple menu > System Preferences, click Security, and then click FileVault.
    Open the FileVault pane of Security preferences
  2. If the Security preferences pane is locked, click the lock icon, and then type an administrator name and password.
  3. If the Security preferences pane shows that a master password hasn’t been set, click Set Master Password, and then type a password in the Master Password box.
  4. Type the password again in the Verify box.
  5. Type a hint in the Hint box to help you remember the password.
  6. Click OK.
  7. Click “Turn on FileVault.” If you want to be sure your deleted files can never be recovered, click “Use secure erase.”
  8. Click “Turn on FileVault.”

You are logged out of your account during the encryption process. When the encryption process is finished, log back in to your account. Your home folder icon changes to show that it’s protected by FileVault.