FileVault

FileVault is one of OS X’s most powerful security features. Understanding what it does, however, may take a little slogging.

As you know, the accounts system is designed to keep people out of one another’s stuff. Ordinarily, for example, Chris isn’t allowed to go rooting through Robin’s email and files.

Until FileVault came along, though, there were ways to circumvent this protection system. A sneak or a showoff could start up the Mac in FireWire disk mode, for example, or even remove the hard drive and hook it up to a Linux machine or another Mac.

In each case, he’d then be able to run rampant through everybody’s files, changing or trashing them with abandon. For people with sensitive or private files, the result was a security hole bigger than Kim Kardashian’s bank account.

FileVault is an extra line of defense. When you turn on this feature, your Mac automatically encrypts (scrambles) everything on your startup hard drive—not just what’s in your Home folder. Every time you create or save a new file, it, too, is insta-encrypted.

Note

FileVault uses something called XTS-AES 128 encryption. How secure is that? It would take a password-guessing computer 149 trillion years before hitting pay dirt. Or, put another way, slightly longer than two Transformers movies.

This means that unless someone knows (or can figure out) your password, FileVault renders your files unreadable for anyone but you and your computer’s administrator—no matter what sneaky tricks they try to pull. (You can, if you like, authorize other account holders to get in, too.)

You won’t notice much difference when FileVault is turned on. You log in as usual, clicking your name and typing your password. Only a slight pause as you log out indicates that OS X is doing some housekeeping on the encrypted files: freeing up some space and/or backing up your home directory with Time Machine.

Here are some things you should know about FileVault’s protection:

• It’s useful only if you’ve logged out. Once you’re logged in, the entire drive is unlocked and accessible. If you want the protection, then be sure to log out before you wander away from the Mac.

• An administrator can access your files, too. According to OS X’s caste system, anyone with an Administrator account can theoretically have unhindered access to his peasants’ files—even with FileVault on—if that administrator has the master password (the recovery key) described below.

• FileVault relies on the Recovery HD partition. You can read about this secret chunk of your hard drive on FileVault. For now, the point is that if you’ve deliberately reformatted your hard drive in some nonstandard way, you may not be able to use FileVault.

• FileVault can encrypt external drives, too—even flash drives. The controls to do this, though, are in a different place—not in System Preferences at all. Instead, open Disk Utility (in your Utilities folder). Erase the external drive using Mac OS Extended (Journaled, Encrypted) format. (And, yes, you have to erase the drive before you can encrypt it.)

• You can turn FileVault off at any time. Just revisit the FileVault pane in System Preferences. (It takes time to decrypt your drive, but you can keep right on working.)

To turn FileVault on, proceed like this:

1. In System Preferences, click Security & Privacy, and then click FileVault. Click the, authenticate yourself, and then click Turn On FileVault.

   Now, remember, FileVault encrypts all your files. If you forget your Mac account password—well, that would be bad.

   Yeah, yeah, the peons with Standard accounts forget their account passwords all the time. But with FileVault, a forgotten password would mean the entire hard drive is locked forever. So Apple gives you, the technically savvy administrator, a back door, for use in that situation.

   It offers to let you use your iCloud password (your Apple ID password) as the back door. That’s a much more reasonable one than the alternative, the recovery key.

   The recovery key is a long, complicated override password like UK84-LVT5-YFX9-XN3K-LT53-PL9N. It gives you another way to unlock the encrypted drive, even without knowing the account holder’s password.

2. Choose the backdoor method you prefer: “my iCloud account” or “recovery key.” Click Continue.

   If you chose the recovery key, the Mac now shows it to you: a long, complicated string of numbers and letters and hyphens. Write it down in a place you’ll never lose it! Then click Continue.

   Either way, a list of account holders now appears (Figure 11-13, top). The button next to each one, Enable User, might sound like you’re about to lead someone into drug addiction, but it’s actually your chance to specify who else can unlock the disk by logging in.

   Note

   If an account has no password, you have to add one first. Click the Set Password button that appears.

3. For each person you want to be able to log into this Mac with her own password, click Enable User. Type in that person’s password and click OK. When you’re finished, click Continue.

   (Anyone to whom you don’t give access can still use the Mac—but only after persuading an administrator to come over and type in his name and password.)

   UP TO SPEED: Password Hell

   In OS X, you have quite a few different passwords to keep straight. Each one, however, has a specific purpose:

   Account password. You type this password in at the normal Login screen. You can’t get into anyone else’s account with it—only yours. Entering this password unlocks FileVault, too.

   Administrator password. You’re asked to enter this password whenever you try to install new software or modify certain system settings. If you’re the only one who uses your computer (or you’re the one who controls it), your administrator password is your account password. Otherwise, you’re supposed to go find an administrator (the parent, teacher, or guru who set up your account to begin with) and ask that person to type in his name and password once he’s assessed what you’re trying to do.

   Recovery key. Think of this password as a master key. If anyone with FileVault forgets her account password, the administrator who knows the master password can unlock the account. This master password also lets an administrator change an account’s password right at the login screen, whether FileVault is turned on or not.

   Root password. This password is rarely useful for anything other than Unix hackery; you know who you are.

4. Click Restart.

   When you log in again, the Mac begins the process of encrypting your entire hard drive. This process takes a long time (the FileVault pane in System Preferences shows you the estimated remaining time), but you can keep using your Mac in the meantime. In theory, you won’t feel much of a slowdown at all while the encrypting is going on. You can even restart or shut down the computer.

   You shouldn’t notice any speed hit as you work with an encrypted disk, either. You’ll notice only a few small security-related changes. For example, you’ll be asked for your password every time you wake the computer or exit the screensaver.

Note

Actually, there’s one more change. When FileVault is turned on, you won’t see the icon for the Recovery HD appear when you hold down the Option key at startup. It’s still there, though, and you can still start up with the Recovery HD by pressing ⌘-R as your Mac starts up.

Figure 11-13. Top: You have to explicitly give permission to each person you want to allow to log into your FileVault-protected Mac. Also, you won’t get away with no-password accounts for this trick; Jane, shown here, won’t be able to unlock the disk at all. Click Enable User to add a password to this account. Bottom: Here’s your recovery key: a skeleton key that can get you into your encrypted Mac even if the idiot administrator forgets his password. (You have no idea how often this happens.)