Apple’s MacBook laptops have become increasingly desirable and successful, making them a prime target for thieves. Now that Mac OS X includes integrated and efficient full disk encryption, I recommend that everyone with a MacBook enable it. It’s easy, nonintrusive, and a potential lifesaver if your machine is stolen!
Why Encrypt Your MacBook?
Like so many features in Mac OS X, Apple did not invent full disk encryption. What they did was make it simple to set up and non-intrusive on a daily basis. Setting up FileVault 2 is quick and painless, with just a few clicks. Once FileVault is set up, you never have to bother with it!
But if your MacBook is stolen, knowing the data is encrypted will really bring peace of mind! Consider all the valuable personal information on your computer: Banking and health information, passwords, personal correspondence and photos, and so much more. The information on your computer is much more valuable and dangerous than the computer itself!
The iconic MacBook has become a status symbol to be sure. Even though Apple does not pay for product placements, MacBooks are everywhere in movies and on television. And a walk-through any coffee shop shows just how much of a status symbol these computers have become. I have even seen people stick Apple logos on generic PC’s just for the perceived cachet!
I won’t argue that MacBooks are intrinsically more valuable than PC laptops, but I imagine that this massive exposure makes them a prime target for thieves. After all, thieves are people too and they are going to think that any computer with that kind of image is going to be worth something on the resale market! And they would be right, since MacBooks hold their value much better than PC laptops and usually cost more as well.
When it comes to identity theft, MacBooks are an even better target. After all, anyone willing to spend so much money on a flashy laptop has got to have more to steal, right? Hopefully, by now, you are scared out of your wits that someone is going to steal your MacBook. Because that’s a real possibility!
Protect Your Identity and Your Data By Encrypting Your MacBook!
Apple has included FileVault encryption in versions of Mac OS X in back to version 10.3 “Panther” in 2003. But until Mac OS X 10.7 “Lion” was released in 2011, it was a hassle and only a partial solution. Back then, I didn’t recommend FileVault and instead used third-party full-disk encryption software.
Now that “Lion” and “Mountain Lion” are here, FileVault 2 has become a “must-have” in my opinion. Although I’m not sure it’s really necessary for desktop computers, since they tend to stay put behind locked doors, there is no excuse not to use FileVault on your MacBook laptop.
What about performance? Encrypting data requires some heavy duty calculations, but modern Apple computers include hardware offload thanks to the Intel AES-NI instruction set. All current Apple computers, including every model of MacBook with a Core i5 or Core i7 processor, support hardware acceleration of FileVault 2 encryption. Although there is some performance lost with FileVault encryption, it’s nothing you would notice in day-to-day usage.
This is especially true when using a SSD-equipped MacBook. Although many SSDs have trouble maintaining performance and reliability when encryption is enabled, Apple specifically chose encryption-compatible SSDs from Toshiba and Samsung for the MacBook Air and MacBook Pro. If you use a third-party SSD, however, do some research to see if it will have issues with full-disk encryption.
How to Enable FileVault 2 Encryption in Mac OS X
Enabling FileVault 2 encryption in Mac OS X “Lion” or “Mountain Lion” is simple.
- Close any applications and files; FileVault 2 requires one reboot to set up.
- Open System Preferences and click on “Security & Privacy”
- Click “FileVault”
- Click on the padlock icon, authenticate with your password, and click “Turn On FileVault…”
- If you have multiple users, you will be asked to authenticate with their passwords so they will be able to access the drive as well.
- FileVault will generate a “recovery key” which can be used to access the drive if you forget your password. You will not need this on a daily basis, but you should keep it in a safe place in case you ever have to use it!
- Apple can store your recovery key on their servers so you will be able to recover it using your Apple ID. I chose not to do this since Apple IDs can be stolen by scammers.
- That’s it! Just click “Restart” and your computer will quickly reboot. You can go back to using it normally afterward – all encryption happens in the background!
- If you’re interested in checking on the status of the encryption, you can open Terminal and type “diskutil cs list” to show CoreStorage status. As long as it is working, it will show “Converting”. Once it’s done, this will read “Complete.”
Hardware acceleration and fast SSD performance means that the background work of encrypting your drive won’t impact normal operation and won’t take too long. My 15″ MacBook Pro with Retina (mid 2012) took just 33 minutes to encrypt its 256 GB Samsung SSD while I performed other light tasks.
For more details, see this Apple whitepaper, Best Practices for Deploying FileVault 2
Once you encrypt your MacBook’s drive with FileVault 2, you’ll never even know it’s there. But if you ever lose your machine, you can rest easy knowing that your data is safe. Considering how well this solution performs and that it is included free of charge, there is no reason not to use it!
It is important to also encrypt any other locations where you store personal information, especially portable hard drives used for Time Machine backups! In another article, I will describe the process for encrypting external drives without losing data.