Without disk encryption, the person who has physical access to a computer can get access to all the data stored on this computer’s fixed (HDD or SSD) disks, including documents and emails stored in the local copy of the users’ mailbox. This is particularly relevant to portable computers in case they are lost or stolen.
Starting with version 10.7, Mac OS X has a full disk encryption technology called FileVault built into the operating system. This document presents the configuration steps to enable FileVault to encrypt the fixed disks in your Mac computer. Before deciding whether to encrypt the disk or not, please note the following side effects of disk encryption.
Side effects of disk encryption
Disk encryption makes it impossible to access the data on the disk without first decrypting it. This has the side effects that you may be unable to access your date in case:
- You forget your password
- Your computer hardware is damaged
- Your computer’s firmware is updated
- You want to access your disk from a different computer
At the same time, the recovery key may be used to decrypt the disk.
It is essential to save the recovery key, and store it in a secure place. It is also essential to properly back up all important data stored on your computer's hard drive.
Manual configuration or Mac Self-Service configuration ?
Filevault can be manually configured through System Preferences. In that case you will have to keep safely the recovery key by yourself. If you lose it, and if you forget your password no one will be able to access your hard drive anymore.
To avoid this kind of situation you can use FileVault package on Mac Self-Service, which will allow you to configure Filevault easily and, the most importantly, will store your recovery key in a safe place.
In case of need (if you forget your password for example) you will be able to get your recovery key by requesting to Service-Desk.
More information about recovery is available on this page.