File Vault: Full disk encryption the easy way

Posted on by Mike Evans

Immediately after installing Lion I took the risk of switching on File Vault on my MacBook Air. Having used PGP whole disk encryption (WDE) in 2009 I was prepared for some changes and, I imagined, the need to enter another strong password every time I opened the computer. Not so. Installing File Vault now involves little more than flicking the switch.

Apple provides a 24-character key which you absolutely need in case of trouble and which should be stored in a safe place. However, they give you the option of letting them store it for you and will release it on successful answer of three security questions. These you set up at the beginning. It’s all really simple and requires no specialist knowledge. PGP WDE, which is expensive, does require some technical skill and is also more cumbersome in use, requiring a second password which appears after you have logged on every time. I found it pretty intimidating and there was always an irrational fear that something would happen and I would face disaster. With Apple’s new system I don’t even think those thoughts. Maybe I should.

Once the disk is encrypted you never need think about File Vault again. It just does its stuff, unencrypting and re-creating your files as you use them. There isn’t even a need for an extra password. Your existing system password, which I hope isn’t 12345 or something equally stupid, is all you need. In fact, I really don’t notice File Vault in operation but I have the peace of mind that if my computer is stolen I have a strong degree of protection. Your average thief will not even try once he realises the disk is encrypted.

After trying File Vault on the Air I was completely sold and decided to switch on the system on my 27in iMac 3.4GHz. This proved to be more of a problem. I found I could not log in after the obligatory reboot which precedes the encryption process. I tried five times—every time having to accept a new key and re-establish the three security questions—and every time it failed. It was frustrating, but no harm was done.

I gave up, went on my holidays and just this week decided to try again. This time it worked first time, just as it did with my MacBook Air. I cannot think of a plausible explanation for the original problem. It occurred to me that various software updates in the intervening weeks could have put things right. Before switching on File Vault I would recommend making sure all your system software is up to date and, for good measure, it’s wise to check and repair disk permissions. 

The important thing is that I now have File Vault running seamlessly and faultlessly on my two Macs. Protecting a portable, such as the Air, is a no brainer. I regard it as completely essential if you want to secure your confidential data in the event of theft. It is less necessary with a desktop, such as the iMac, but I decided to go with it for ultimate security. In the event of burglary it is just as easy to lose a desktop as a laptop. And since File Vault is totally unobtrusive and transparent, I cannot think of a good reason not to use it.

∞ Permalink