Security Review: Mac OS X FileVault Encryption

Last Updated: Jan 17, 2017 @ 12:42 pm

There’s sensitive information on everyone’s computer – whether you’re a business owner recording your finances, a high-school kid keeping a diary, or a housewife writing your first novel. Every single one of us needs security for our data. So it would be nice if computer operating systems came with data encryption built in.

As of Mac OS X 10.10 “Yosemite”, Apple computers now do. And not only is OS X’s encryption feature FileVault pretty good, it’s enabled by default when you set up your Mac. Here’s the ExpressVPN review.

High-strength encryption built-in

With FileVault enabled, all of the files on your Mac’s start-up disk are encrypted at disk level using the Advanced Encryption Standard, with 128-bit blocks and a 256-bit disk encryption key. These are the encryption standards recommended by the U.S. National Institute of Standards and Technology (NIST).

If someone removes your Mac hard disk and puts it in another computer, they won’t be able to access your files without your password (which is the same as your OS X login password). Your files are pretty darn safe.

Secure enough to worry the FBI

Your files are so safe, in fact, that when Apple started enabling FileVault by default the FBI tried to step in. FBI Director James Comey said the move “has the potential to create a black hole for law enforcement, ” as even Apple themselves “won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, email, and recordings stored within.”

Bad for law enforcement, maybe, but good for your data security.

I/O performance hit

Of course, there’s a performance penalty with FileVault. Your Mac’s processor has to decrypt and encrypt files on the fly as it reads and writes to your hard disk, and that takes work.

Estimates for older Macs from 2011 suggest a performance hit of as much as 20-30%. But on newer Macs with faster Intel processors, the speed dip is much less significant. In ExpressVPN’s test on a 2014 MacBook Pro with Core i5 processor, everyday apps suffered no noticeable lag. More demanding apps, like Photoshop or Final Cut Pro, might be affected.

How to turn on FileVault

filevault screenshot

If you don’t already have FileVault enabled, or you want to check if you do, just go to Settings > Security & Privacy in OS X. There’s a tab for FileVault right there, where you can switch the encryption service on or off easily.

When you switch FileVault on, you’ll need to restart your computer to begin the encryption process. It might take a while to encrypt the entire contents of your start-up disk, but you can still use your computer while that’s going on in the background. In our test on almost-full 128 GB solid-state drive, the process took around 40 minutes.

Verdict: FileVault is a great addition to OS X

If you want to keep your Mac files safe and top-performance isn’t that important to you, File Vault is a great option. Even better, it’s built into new Macs so you can switch it on or off as you please. Give it a try and see how it works for you.

Click here to read more ExpressVPN reviews

Click here to go back to ExpressVPN’s internet privacy guides

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>