FileVault.
Its name gives you the impression of something involving security for your Mac. But what exactly is FileVault in the Mac OS X system and how can it benefit you as a Mac User with one or more Macs?
The answer, really depends on you, in regards to just how secure you want to make your Mac computer or Mac portable notebook.
Apple Inc., defines FileVault, as a file protection system, as a built-in feature, which can prevent others from seeing or copying your files by using encrypted files in your Home Folder.
-
**ENCRYPTION STANDARD FOR FILE VAULT**
FileVault creates a separate
volume for your home folder and encrypts the contents of it using the latest government-approved encryption standard, the Advanced Encryption Standard with 128-bit keys (AES-128).
Now before you start going into brain scramble trying to understand
this encryption standard, I will simplify the term, defining
AES-128, as "a very secure cryptic (hidden meaning) system of code",
designed to make your files inaccessible, through a very strong
password structure.
--------------------------------------------------------------------------------------------------
**SPARSE DISK IMAGE**
When created, in Mac OS X 10.3 Panther and Mac OS X 10.4 Tiger, what FileVault does is create a "Sparse Disk Image" or in plain terms, it is a single image file which holds all of the files and folders and content of a Home Folder (in regards to FileVault) in single disk image.
The primary purpose of the Sparse Disk Image made by FileVault, is to place all Home Folder content in one encrypted image, plain and simple.
--------------------------------------------------------------------------------------------------
** BASIC SETUP FOR FILE VAULT**
Setting up FileVault is not that difficult to setup.
All you have to do is click on the Apple menu icon located in the upper left corner of your screen and select System Preferences
* You will now be taken to the System Preferences window
* Click on Security.
The Security window will now appear, with three tabs:
General, FileVault and Firewall.
Click on the FileVault tab.
Now you will see the FileVault window.
This is the main window you will need to access in order to setup FileVault to encrypt your Home Folder and all its contents.
** Screen shot of FileVault for:
Mac OS X 10.3 Panther /10.4 Tiger
------------------------------------------------------------------------------------------------
** Screen shot of FileVault for:
Mac OS X 10.5 Leopard /10.6 Snow Leopard
------------------------------------------------------------------------------------------------
Make very sure you are reading the instructions which Apple has provided for FileVault, because you are now about to encrypt your Home Folder which, contains all of your files, folders and applications. In other words, your entire User account and its contents.
So before you even proceed to turn on FileVault, make sure you first create a Master Password.
This is is a very important step you should complete first, in the event you forget the password for your FileVault account you are about to setup on your Mac.
This way, in the event you forget your FileVault password, the Master Password is like your root password, there no more a low level account password, like the Master Password in regards to your FileVault account.
As a result, this is why I stress the importance of creating a Master Password.
Once you have created your Master Password, proceed to turn on FileVault and follow the onscreen prompts to encrypt your Home folder.
This FileVault encryption process can take awhile, so try to perform this procedure when you do not have any need to work on your Mac, or can leave it unattended for a few hours or more.
Once it is done your entire Home Folder will be encrypted.
(Remember, store that FileVault password somewhere safe!)
-------------------------------------------------------------------------------------------------
** FINAL WORD ABOUT THE MASTER PASSWORD**
Keep in mind, you are not required to setup a Master Password, in order to use FileVault, but let's face the facts here. WE ALL have forgotten a password or two (or 3, 4, or 20!) at some time in our overall computing/web surfing experiences. I know I have.
The last thing you want to do, is encrypt all your important files and folders and then forget the password for the FileVault account you setup AND the Master Password as well
So what am I saying about the Master Password?
***ITS IMPORTANT!!***
Hence, if you do decide to create a Master Password, please make sure to write it down, type it, stencil it, put it on 3x5 card and throw it in your home safe or the safe deposit box at your bank (or anything else you can think of), to protect this Master Password for future use as needed.
To forget this important password on top of forgetting the password to your FileVault (will use "FV" for sake of space, for most of the remainder of this tip) account is just plain not good.
The most common issue Mac users have is not the usability of FileVault.. It's forgetting the FV password.
A final word from Apple Inc. about this, to drive my point home:
"If the computer’s administrator doesn’t know the master password, and
the user of the FV-protected account has forgotten the login
password, the home folder and it’s contents are lost."
Since FileVault provides
encryption, none of the password reset options work provided by Apple work. Your password IS your Encryption Key, so without it, your access to your Home Folder is gone. You will need to
perform an Erase and Install from your system disk.
So if you are the Mac computer administrator and the user, you can see how this can turn out with a forgotten Master Password for FileVault
--------------------------------------------------------------------------------------------------
**FIRMWARE PROTECTION FOR YOUR MAC **
One other security feature in Mac OS X that I would be remiss not to provide some details about its use, is Firmware Protection.
Firmware Protection, is a low level protection designed to prevent other users from using the Single User Mode, with various scripting tricks using the UNIX based command line, in order to gain unauthorized access to your computer.
Open Firmware Protection is password protection option by Apple, (and not enabled) for the firmware of your Mac. When enabled, it will require a password from you before you can even reach the Desktop. Even more security in lieu of FileVault. But be forewarned, Apple does not recommend you activate this feature.
Another warning here as well: If you have forgotten the password for this protection as well, then there
is no way to get around this but for one exception. Review the link I have provided below.
Review it, study it and know what you can with Firmware Protection, so you can know how to properly reset it as well as set it.
Here is that link for you regarding Setting up firmware protection for
your Mac and more:
Setting up Firmware Protection in Mac OS X-------------------------------------------------------------------------------------------------
I hope this Mac OS X tip from FixYa support has helped educate you on how to better, secure your Macs, sensibly and safely.
Stay tuned for more helpful tips and tricks from the Mactechtrainer!
Thanks!
Regards,
-Mactechtrainer
-------------------------------------------------------------------------------------------------
**HELPFUL LINKS***
From Apple Regarding FileVault:
For Mac OS X 10.4:
About Mac OS X 10.4 PasswordsResetting FileVault Password for Encrypted Home Folder-------------------------------------------------------------------------------------------------
*For Mac OS X 10.5 Leopard:
Resetting FileVault Password for Encrypted Home Folder-------------------------------------------------------------------------------------------------
For Mac OS X 10.6 Snow Leopard:
About Mac OS X 10.6 PasswordsMac OS X 10.6 - About FileVaultHow to: Encrypting your Home Folder with FileVaultMac OS X 10.6: Reset the password for a FileVault-encrypted home folder-------------------------------------------------------------------------------------------------
Bonus Link :
Repairing a FileVault Protected Home Folder
×