Is your Mac really secure?

Lets speak of the unspeakable - your MacBook, iMac or any other Mac gets stolen.  It is safe, right?  Your Mac has a password and you have to enter that password when you boot it up or wake it from sleep, right?  So, what’s to worry about?


First, a password only works on a booted system.  If a thief attaches your Mac to another Mac (using yours as an external drive) he can peer right into your hard drive without a password!  He can read or write anything on your hard drive.  It takes about 3 minutes to get into your Mac, no password required.

Your Mac has a full-disk encryption system built into it called FileVault.  You have to turn this system on, however, it does not come enabled from Apple.  This system encrypts your entire hard drive, so no matter what system is viewing it, it cannot be seen or even mounted as an external drive without the encryption password!  The encryption password happens to be your Mac user password that you use to log into your Mac or when you update software.  So, it is really transparent to you and after the encryption process is done (a few hours) your Mac behaves like it did before*, only now it is safe!  * One exception is that after turning on FileVault, you will have to use your user password to start your Mac and to get back into it after it goes to sleep, but you should be doing this, anyway.

The encryption algorithm Apple uses is a Department of Defense-level 128bit AES encryption.  If you forget your password, even the engineers at Apple cannot get into your drive.  Don’t worry, though, if you forget your user password you can unlock it with your iCloud login (AppleID). 

So, let’s get started!  You have to have OS X Lion (10.7.0) or higher running on your Mac (Apple menu > About this Mac).  Make sure your Mac has nothing running and do a fresh restart before you begin.  Do not open any other apps after the Mac restarts.  If they open automatically, quit them using ⌘-Q.

Go to the Apple menu > System Preferences > Security & Privacy > FileVault.  Click the padlock in the lower left corner to unlock the settings on that page.  Next, click the Turn on FileVault button in the upper right of that window.  I highly recommend you use your iCloud AppleID to unlock FileVault if you forget your user password, but that is your choice.

Let’r rip!  A small drive like a 320GB one takes about an hour.  A 2TB drive in an iMac I did once took 23 hours.  The Mac will ask to be restarted .  The cool thing is that once the process starts you can use your Mac as you normally would while it is encrypting your drive!  Just don’t shut your Mac down until it is done.  You can come back to System Preferences > Security & Privacy > FIleVault to check on its progress.

So, what are you waiting for?  There appears to be no downside to doing this and should be done to virtually all MacBooks.  Doing it to your home-bound Macs depends on how much risk you can tolerate with them.