Information Security

Filevault instructions

How to configure a Mac to have whole-disk FileVault encryption.

1. From the Apple menu select System Preferences... then select Security & Privacy then click FileVault.

2. If the Security preferences pane is locked, click the lock icon and type in an administrator name and password.

3. Upon selecting Turn On FileVault, if your Mac has multiple user accounts, you will be asked to identify the user accounts that will be allowed to unlock the encrypted drive (to start the computer or recover from sleep or hibernation). Click Turn on FileVault. Warning: Users not enabled for FileVault unlock will only be able to log in to that Mac after an unlock-enabled user has started or unlocked the drive. Once unlocked, the drive remains unlocked and available to all users, until the computer is shut down.

4. After enabling users for disk unlock, you will be shown your recovery key. It look like a series of 24 numbers and capital letters, in groups of four, separated by hyphens.  This key is a backup unlock method provided to you in case the unlock-enabled user password is forgotten. You should highlight and copy this key and save it in a file (this file should not be stored on your computer) or print it out.

5. When you've completed the process of turning on FileVault, you will be prompted to restart your Mac. After restarting, you will notice the login screen appears very quickly then an Apple logo with spinning gear appears after typing in your password. With FileVault enabled, you are now logging in to unlock the drive before the normal OS X Lion start up process. The user account that unlocked the drive will be logged into their own account after start up completes, without needing to log in again.

Warning: If you turn on FileVault and then forget both your login password and your recovery key, you will not be able to log into your account. Your files and settings will be lost forever as we cannot recover encrypted drives.