What is FileVault, and how does it protect your data?

The amount of sensitive data we store and use daily in the digital world is increasing rapidly. From financial data to e-wallets, and even information about remote work, the risks of ransomware and other attacks have never been so prevalent. The best way to protect data is to encrypt it so only the person with the decryption key can access it. Fortunately for all Mac users, Apple provides users with an extremely powerful encryption tool. But what is FileVault, anyway? Read on to learn everything you need to know about FileVault on Mac.   

What is FileVault on Mac, and how does it work?

FileVault is designed to encode all the information stored on your Mac. FileVault uses the AES-XTS data encryption algorithm to protect full volumes on internal and removable storage devices. This prevents anyone from accessing your files. When you are using it, information can only be read if you enter your proper login access credentials.

On a Mac, FileVault is offered as an encryption tool that encrypts what you store and create on your device. FileVault also comes built into the hardware on iPhones and iPads, which means that, unlike on a Mac, the feature cannot be turned on and off. Your data is already encrypted automatically by default if you have an iMac Pro or any other Mac with an Apple T2 Security Chip. However, you can also turn on FileVault to further strengthen your encryption.

Stay on top of cyber threats

Get cybersecurity news and lifehacks in our quick-to-the-point newsletter

Join the Newsletter

Done!

Sorry, this email doesn’t look right. Could you double-check it?

We’ve sent you a confirmation email, please take a look.

Thanks for subscribing!

We’ve sent you a confirmation email, please take a look.

Only an administrator can turn FileVault on or off. When you turn on FileVault, you are given options to unlock (or decrypt) the data to use the computer as usual. These options use an iCloud account with its password or a recovery key.

Should I be using FileVault disk encryption?

Is there any reason you should disable FileVault? While many tools, services, and software are available to encrypt your data, FileVault was specially developed by Apple for Mac encryption. This means that the feature has intimate knowledge of what it takes to encrypt and decrypt data on a Mac, making it an excellent choice.

In addition, FileVault uses full-disk XTS-AES-128 encryption with a 256-bit key. This is very robust encryption. The FileVault disk encryption on your Mac is virtually impossible to hack due to the number of combinations required to crack it. Roughly speaking, the fastest computer in the world would take several billion years to guess its way through brute force into a system using AES-128 encryption, even when giving a million keys per second.

Mac and similar FileVault features on iPhone have gained a strong reputation for security. Reports assure that government supercomputers and the FBI have unsuccessfully tried to crack these keys.

Does FileVault affect the performance of a Mac?

FileVault will work fairly quickly and take up few computer resources if you’re running a newer Mac. In the newest Macs, like iMac Pro and others with M1 or T2 chips, the initial first use of FileVault will encrypt the disc almost instantly and later do live encryption on the go, taking up minimal computing resources. Simply put, you will not even notice FileVault is working in the background.

In older Macs, however, things can get slower. Reports claim that FileVault can significantly decrease disk performance in all old Mac models, sometimes cutting disk read times up to 20%. Additionally, it can take anything from 10 to 5 hours or more to encrypt data on an old Mac, depending on the state of the computer and the amount of data in it.

How to use FileVault to protect your data

One of the benefits of FileVault is that it is an intuitive security tool that requires absolutely no knowledge to use. The encryption of all files and data is automatic and takes place in real time. All you have to do is enable FileVault, and the tool will take care of the rest. You can use your computer as you would normally, and if for some reason you wish to pause or stop FileVault from encrypting your files, you can do that as well.

One important thing to remember is that FileVault requires the use of a password or key, so when setting it up, be sure to save your password or recovery key in a safe location. Other than that, FileVault is an autonomous encryption tool that requires no user intervention.

How to check if you have FileVault turned on

Checking whether FileVault is on or off is very easy and can be done in three simple steps.

To check FileVault status:

1. Click on the Apple menu and select System Preferences.
2. Select Security & Privacy.
3. Click the FileVault tab and check the status.

How to enable FileVault

This powerful encryption tool is available right at your fingertips, and you can use it by following four simple steps.

To activate Filevault:

1. Choose the Apple menu , then System Preferences, and select Security & Privacy , then FileVault.
2. Click on the Lock icon and enter your administrator login and password. Then select Turn On FileVault and enter your password again if prompted.
3. Now select how you want to unlock the disk. You will be given two options:
   • iCloud account: Click “Allow my iCloud account to unlock my disk” if you already use iCloud. Click “Set up my iCloud account to reset my password” if you don’t already use iCloud.
   • Recovery key: Click “Create a recovery key and do not use my iCloud account.” Write down the recovery key and keep it in a safe place.
4. Finally, select Continue and follow the steps to activate FileVault.

Keep in mind that this feature does not encrypt in Sleep mode. Your Mac also needs to be plugged in, so if you get an error while encrypting, ensure that your Mac is properly connected to power. If there are several accounts on your Mac, you might see a message indicating that users must type in their passwords before they can unlock the disk. For each user, click the Enable User button and enter the user’s password. User accounts that you add after turning on FileVault are automatically enabled.

How long does it take to encrypt a MacBook?

As previously mentioned, the encryption of a MacBook will depend on the model, year, and amount of data on it. Newer MacBook models with little to no data stored will execute encryption almost instantly, while the same process in older models with significant amounts of data can take hours.

Apple does not provide a specific timeframe for encryption, probably due to the many variables involved in the process. One thing is sure — newer chips have accelerated Apple’s encryption speed significantly.

How to unlock your Mac with a recovery key

Generating a recovery key can be an excellent way to improve your security. You can also use it to unlock your Mac and regain access to your Apple ID. Your recovery key will be a randomly generated 28-character code.

Before committing to this method, consider that the creation of a recovery key means your alternative account recovery method will be turned off. Additionally, you are entirely responsible for your recovery key, as Apple will not store it anywhere. You have to take note of it and save it somewhere you will not lose it and where no one else will have access to it.

To generate a recovery key on your Mac.

1. Go to System Preferences > Apple ID > Account Details. You might need to enter your Apple ID password.
2. Click Security.
3. In the Recovery Key section, click Turn On.
4. Click Use Recovery Key.
5. Write down your recovery key and keep it in a safe place.
6. Click Continue.
7. Confirm your recovery key by entering it on the next screen.

To unlock your Mac with your recover key:

1. Restart or log out of your Mac. You should see a login page prompting your password, along with the Shut Down, Restart, and Sleep options at the bottom.
2. If you do not see a question mark in the password field, enter your password (up to three times). Otherwise, click on the question mark.
3. Click “Restart and show password reset options.”
4. Next, choose to enter your FileVault recovery key. 
5. Select a user for which you want to reset the password, then click Next.
6. Enter your new password information, then click Next.
7. When the password reset is completed, click Restart.

What to do if you’ve lost your FileVault recovery key

When you generate your recovery key, it is a good idea to print it out or write it down in several places. Give a copy to a family member or a friend you trust for safekeeping. Never share your key over messages or save them in your email to avoid breaches in case your account is hacked. Keep your recovery key in a secure location, and don’t save it within your devices.

That said, despite all the tips and warnings that Apple provides, it is nevertheless common for users to lose their recovery keys. Fortunately, you can easily create a new recovery key if you are logged in to your Apple ID with another device, such as your iPhone.

To do this:

1. Sign in to your Apple ID account page at appleid.apple.com.
2. Sign in with your password and trusted device.
3. In the Sign-In and Security section, navigate to Recovery Key > Change Recovery Key.

If you are not signed with any other device or cannot access your Apple ID, you will not be able to create a new recovery key or regain the one you used. This means you will lose all access to your files and have to create a new Apple ID to use your devices.

The encryption of data in rest, in transit, and in use is the most effective defense against cybercriminal threats. As a built-in, easy-to-use, powerful security tool, FileVault brings state-of-the-art encryption technology to all Mac users. And while the encryption capacity of older Macs’ was not fully developed, new chips and new models have proven that Apple FileVault encryption is effective, has many benefits, and requires no special knowledge.