Using FileVault for Mac OS X

 

FileVault creates an encrypted disk version of your User file. Because of this, it is recommended that you move your iTunes and iPhoto libraries out of your home directory and into the shared folder.

 

1. Move your iTunes and iPhoto libraries into /Users/Shared. FileVault takes your entire home folder and encrypts it into one big file; by moving iPhoto, iTunes, and movie files out, you can keep the size of this file down and improve reliability. In iTunes, go into Preferences: Advanced, and select where to keep your iTunes Library. Make sure you check the box that says ‘Keep iTunes Music Library Organized’. Then go into Advanced: Consolidate Library, and iTunes will move all your files for you. For iPhoto, just move your iPhoto Library. The next time you launch iPhoto, it will ask you to point it towards your library.
2. Create a maintenance user account with administrative privileges. In System Preferences, just click on Accounts and add the user there — make sure it’s an Administrator account. You could name it ‘Maintenance’, and gave it a secure passphrase. This account is critical – without it, if your FileVault gets corrupted, you are in serious trouble.
3. Backup your entire hard drive with TSM (Tivoli Storage Manager). Backing up your hard drive protects you against the risk of losing data through the process of disk encryption.
4. Make sure TSM is set for incremental backups. Incremental backups keep track of changed files, while a whole drive backup is merely a clone. The risk of having only a clone is that your backup might be corrupt, and without the copies of your files you won’t be able to restore.
5. Go into System Preferences; click on Security. Set a master password for your computer; your NetID password is a good choice. Make sure you have a copy of this password and DO NOT FORGET IT; this might be the same as the Maintenance password, since they both provide control over your computer (albeit in different ways). Record the password and store it somewhere safe.
6. Check the settings on the bottom to: a) Require a password to wake this computer, b) Disable automatic login, and c) Use secure virtual memory.
7. Click the button at the top to Turn on FileVault.
8. This can take a while. Wait.
9. Once complete, your Security preferences should look like this screenshot:

That’s it!

Every now and then, usually after you’ve added or deleted a lot of files, your Mac will prompt you to recover extra space from your encrypted drive. Make sure you have the time to let this run – it could take as long as 20 minutes, but it usually finishes in 5 minutes. You do not want to turn your Mac off during this process.

Make sure you keep your backups up to date.

 

FileVault Concerns:

Once you have enabled FileVault, you will no longer have access to mapped hard drives and printers. If you use your Mac at work accessing remote printing services, FileVault is probably not the solution for you. To regain access to mapped drives, you could use FTP to access them from a second account on the Mac that does not have FileVault enabled.