Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

FileVault 2 encrypts your whole Mac, and Disk Utility can encrypt parts

Glenn Fleishman | Feb. 13, 2015
In last week's column, I explained the use and benefit (and some of the drawbacks) of turning on full-disk encryption (FDE) with Apple's built-in FileVault 2.

Apple offers a full step-by-step set of instructions for creating an encrypted disk image. I'd suggest picking the higher level of encryption, 256-bit AES. You can use an encrypted disk image on top of FileVault 2; the two technologies don't conflict.

I also suggest using the sparse bundle image format, which only occupies as much disk space as required for the actual files stored plus a little overhead, instead of the full size you specify for the image. That is, specify 10GB and use only 100MB, and the image is just a bit over 100MB. The "bundle" part means that the image is silently divided up into a number of files, which allows easier backup of just portions of the image when the disk is unmounted. Otherwise, an encrypted disk image can change considerably based on small changes, making incremental updates consume more archiving storage and bandwidth.

You set a password for the disk image's encryption, which is required every time you want to mount and use it. Storing it in the keychain is an option at creation and any time you mount the disk, but it adds risk if you're concerned about someone having access to your running, unlocked computer at any point. If you're confident that your machine is always under your control or shut down when not, then keeping the password in the keychain removes a step — and makes it more likely you'll pick a longer or stronger password, if we're honest.

As with other forms of encryption, lose or forget the password (and it's not stored in the keychain) and your files are lost forever.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.