Kissell - Take Control of FileVault

Welcome to Take Control of FileVault, version 1.1, published in January 2015 by TidBITS Publishing Inc. This book was written by Joe Kissell and edited by Scholle McFarland.

This book explains how to use Mac OS Xs FileVault feature for encrypting the data on your Mac. It also explains how to encrypt additional internal and external disks, create encrypted backups, remotely erase a lost or stolen Mac, and perform advanced FileVault tasks on the command line.

If you want to share this ebook with a friend, we ask that you do so as you would with a physical book: lend it for a quick look, but ask your friend to buy a copy for careful reading or reference. Discounted classroom and Mac user group copies are available.

Copyright 2015, alt concepts inc. All rights reserved.

You can access extras related to this ebook on the Web (use the link in , near the end; its available only to purchasers). On the ebooks Take Control Extras page, you can:

• Download any available new version of the ebook for free, or buy any subsequent edition at a discount.
• Download various formats, including PDF, EPUB, and Mobipocket. (Learn about reading on mobile devices on our Device Advice page.)
• Read the ebooks blog. You may find new tips or information, links to author interviews, and update plans for the ebook.

If you bought this ebook from the Take Control Web site, it has been added to your account, where you can download it in other formats and access any future updates. However, if you bought this ebook elsewhere, you can add it to your account manually; see .

To review background information that might help you understand this book better, such as finding System Preferences and working with files in the Finder, read Tonya Engsts free ebook Read Me First: A Take Control Crash Course, available for free on the Web or as a standalone ebook in PDF, EPUB, and the Kindles Mobipocket format.

Version 1.1 of this book is a minor update mainly to address changes to the way FileVault works in OS X 10.10 Yosemite (while retaining instructions for earlier versions of OS X) and to respond to reader inquiries. The main changes are as follows:

• Answered two new questions in
• Updated the topic to include changes in Yosemites behavior regarding mandatory password entry, clarify FileVaults behavior with scheduled events and S.M.A.R.T. monitoring, and mention the absence of Recovery HD in Startup Manager when FileVault is active
• Significantly revised to explain the new way Yosemite handles recovery options (when you lose or forget your password)
• Added a sidebar explaining what to do
• Described the new way of handling EFI Login and standard login screens in Yosemite, in
• Added several minor clarifications in
• Changed a third-party software recommendation from WinZip to BetterZip 2 in

Anyone who keeps sensitive or confidential information on a Macwhether thats business secrets, private medical records, love letters, or a personal journalmay worry that their information could fall into the wrong hands. Thats especially true for those of us who rely on Mac notebooks, and all the more so if we travel internationally.

FileVault is a Mac OS X feature that enables Mac users to securely encrypt all their data so that its completely unreadable to anyone who doesnt have the right passwordincluding thieves, people who happen upon lost computers, and snooping coworkers or roommates. Its Apples attempt to make it as easy as possible to protect your data.

Apple introduced FileVault in 10.3 Panther, but at that time it had significant bugs, didnt play well with Time Machine, and was limited to encrypting ones home folderamong other problems. Starting with 10.7 Lion, Apple completely revamped FileVaultthe name remains, but the underlying technology is totally different. FileVault 2 (as the current version is officially known) encrypts everything on your disk, and does so in a far more secure, robust, and user-friendly way.

Note: Apple now refers to the original version of FileVault as Legacy FileVault. In this book, except when I need to make an explicit distinction, Ill use the term FileVault to refer to FileVault 2.

I like, use, and recommend FileVault. Its easy to set up and provides excellent protection for the data on your disk (or SSD). But Ive discovered an astonishing amount of misinformation and outdated advice about FileVault on the Web; and from talking to ordinary Mac users, Ive become convinced that most people still dont understand how FileVault works. Some people put too little faith in FileVault, assuming it has weaknesses that it doesnt, while others put too much faith in FileVault, assuming it protects your data in ways that turn out to be impossible.

And, although basic setup is a piece of cake, once you go beyond the basics, questions arise with surprisingly hard-to-find answers, such as:

• Does FileVault protect my external drives too?
• If I back up a Mac with FileVault enabled, are my backups automatically encrypted?
• Can Appleor someone else, such as law enforcement or security researchersbypass (or hack) FileVault encryption?
• Is my data still safe if Im logged in? If Im logged out? If my Mac is asleep?

In this book, I get to the bottom of such questions once and for all. Ive done lots of experiments, pored over Apples documentation and developer materials, and compiled what I believe to be the most complete, accurate, and up-to-date explanation of FileVault.

My goal is to demystify FileVault. I want you to understand what it does and doesnt do, how best to use it, and how it interacts with other activities (such as backups, Power Nap, and Find My Mac). I also point out FileVaults limitations and explain when alternatives or supplements may be a good idea.

Everything in this book works with OS X 10.9 Mavericks and 10.10 Yosemite. Most of it also applies to 10.7 Lion (in which FileVault 2 was introduced) and 10.8 Mountain Lion. A few minor things have changed along the way, but anyone with Lion or later should find the instructions here useful. (To check for updates or corrections to this book, visit this books and click the Blog tab.)