Should I Encrypt My Mac?
If you’re concerned about the security and privacy of your files you definitely should consider encrypting your Mac. However, there are a couple of things to consider before you begin the process. Please take these potential risks and drawbacks into consideration before you attempt any encryption.
First, while encryption won’t slow down your Mac’s performance, it will slow its read/write speed as it will need to encrypt and decrypt data on the fly. This could result in files taking longer to open or save than you might be used to.
Second, if something goes wrong you could lose access to your data or even lose your data entirely, so you might want to back up your Mac before you start. That way if something does go wrong you’ll just have to restore your backups. If you encrypt your Mac, forget your password, and misplace your recovery key, you could get locked out of your system. Additionally, if your Mac uses the T2 chip and part of the chip is damaged, your encrypted files could be lost.
What Does Encrypting Your Mac Mean?
Encryption is a common method used to make your digital files more difficult for outside parties such as hackers or government agencies to decipher and read. It uses an algorithm to scramble data, which can then be unscrambled by the intended recipients using a unique key.
Encrypting your Mac is similar to network encryption and End-to-End encryption, only the intention is to keep your local files confidential rather than to protect them during an upload or download. If anyone were to access your computer against your wishes or without your knowledge, they would need to decrypt the data first in order to be able to read it.
Encrypting Your Mac Using FileVault
In order to encrypt your entire Mac system, you’ll need to turn on FileVault.
Open your Mac’s System Preferences by clicking on the icon in the top-left corner, then selecting System Preferences from the pulldown menu. Click Security & Privacy. In Security & Privacy, select the FileVault tab. Click Turn On FileVault. You may have to click the Lock icon in the bottom-left and input your password in order to make changes to FileVault’s settings first. Type in your system password to begin the encryption process. FileVault will provide you with a recovery key to use in the event you forget your system administrator password. Press Continue. FileVault will begin to encrypt your Mac in the background. Depending on how much data you have stored on your Mac, it could take anywhere from moments to several days for FileVault to complete the process. You will be able to use your Mac as usual while this happens. Once FileVault has finished encrypting your system, you’ll see a FileVault is turned on message in the FileVault tab. Restart your Mac to finish the process. To decrypt your Mac after enabling FileVault, follow the above steps and select Turn Off FileVault from the FileVault tab in Security & Privacy. Then, click Turn Off Encryption to confirm. You will need to input your system password to complete the process. As with enabling FileVault, you may need to click the Lock icon in the bottom-left corner of the window and input your system password in order to make any changes.
Encrypting External Drives With Your Mac
To encrypt an external drive, you’ll first need to make sure the drive’s been formatted as Mac OS Extended (Journaled) using Disk Utility. Once the drive has been formatted you will be able to encrypt/decrypt it.
You will need to input your system password to complete the process. As with enabling FileVault, you may need to click the Lock icon in the bottom-left corner of the window and input your system password in order to make any changes.
Plug the external drive into your Mac. The icon representing your external drive will appear on your Mac’s desktop. You can also open any folder or open your Macintosh HD and find the Locations or Devices category in the left-side column of the window. Right-click (or press and hold the Control key and click) on the external device you want to encrypt, then select Encrypt from the pull-down menu. You will be prompted to choose a password, verify the password (i. e. , enter the password a second time), and type a password hint. Once you have entered the required information, click Encrypt Disk to encrypt the device with your chosen password. It may take a few moments to complete the encryption process. To decrypt your encrypted external drive, follow the above steps and click Decrypt in the pull-down menu, then input the password you chose for encryption.
Can You Encrypt a File on Mac?
Encrypting separate files on your Mac is a little more involved, and uses the Disk Utility app rather than FileVault. You’ll need to create an encrypted disk image (DMG) file and store the files you want to encrypt inside of it.
Go to Applications, then Utilities, and then open Disk Utility. In Disk Utility, click the File pulldown menu and highlight New Image, then select Blank Image. Enter a Save As name for the DMG file, and a Name for the disk image when it’s opened (i. e. , “mounted” to the hard drive as though it were an external drive). Choose the size of the DMG file (this can be adjusted later). The size you choose for the DMG file will be the maximum amount of space you’ll have to store your data inside of it. Select Mac OS Extended (Journaled) as the format. Select 128-bit or 256-bit AES for the encryption. 128-bit will read/write faster but is not as secure as 256-bit AES. These should be set by default, but make sure Partitions is set to Single partition - GUID Map and that Image Format is set to read/write disk image. Click Save, then create and verify a password for the DMG when prompted. The mounted DMG file will appear on your Mac’s desktop as a separate drive, as well as in the left-hand column of any opened folder under Locations or Devices. To encrypt files, drag and drop or copy and paste them into the mounted DMG file. All files stored inside the mounted disk image will be encrypted automatically. Close or “unmount” the disk image by right-clicking on the drive icon and selecting Eject from the pull-down menu, or by dragging and dropping the drive icon into the Trash icon at the bottom of the screen. The . dmg file for the disk image can be found in the folder where you saved it during image creation, which is Documents by default. To “mount” the DMG file and make it accessible again, locate it (the name you set for Save As in Step 4) and then open it. This will cause the mounted disk image to appear on your Mac’s desktop once more. To decrypt files stored in your encrypted disk image, drag and drop or copy and paste them out of the mounted drive.
Is Mac Encrypted By Default?
Whether or not your Mac is encrypted out of the box depends on the model. Several Macs released in 2018 and later come with Apple’s T2 security chip installed, which does provide automatic drive encryption. Older models that do not have the T2 chip will not have encryption enabled by default. You can find a comprehensive list of Mac models that use the T2 chip on Apple’s website.
To check if your Mac has the T2 chip installed, click the icon in the top-left corner of the screen while holding down the Option key. This will enable the System Information option at the top of the menu.
Click System Information, then under Hardware in the left-hand column select either Controller or iBridge (this will depend on your version of macOS). The window to the right of the Hardware column will show “Model Name: Apple T2 chip” if you do have the chip installed.