Protect data on your Mac with FileVault
If you have a Mac with Apple silicon or an Apple T2 Security Chip, your data is encrypted automatically. Turning on FileVault provides an extra layer of security by keeping someone from decrypting or getting access to your data without entering your login password. If you use a Mac that doesn’t have Apple silicon or the T2 chip, you need to turn on FileVault to encrypt your data.
To set up FileVault, you must be an administrator. When you turn on FileVault, you choose how you want to unlock your startup disk if you ever forget your password:
iCloud account and password: This choice is convenient if you use iCloud or plan to set it up—you don’t need to keep track of a separate recovery key.
Recovery key: The key is a string of letters and numbers that’s created for you—keep a copy of the key somewhere other than your encrypted startup disk. If you write the key down, be sure to exactly copy the letters and numbers shown. Then keep the key somewhere safe that you’ll remember—but not in the same physical location as your Mac, where it can be discovered. If your Mac is at a business or school, your institution can also set a recovery key to unlock it.
WARNING: Don’t forget your recovery key. If you turn on FileVault and then forget your login password and can’t reset it, and you also forget your recovery key, you won’t be able to log in, and your files and settings will be lost forever.
On your Mac, choose Apple menu > System Settings, click Privacy & Security in the sidebar, then click FileVault on the right. (You may need to scroll down.)
Click Turn On.
You might be asked to enter your password.
Choose how to unlock your disk and reset your login password if you forget it:
iCloud account: Click “Allow my iCloud account to unlock my disk” if you already use iCloud. Click “Set up my iCloud account to reset my password” if you don’t already use iCloud.
Recovery key: Click “Create a recovery key and do not use my iCloud account.” Write down the recovery key and keep it in a safe place.
If your Mac has additional users, their information is also encrypted. Users unlock the encrypted disk with their login password.
If there’s an Enable Users button, you must enter a user’s login password before they can unlock the encrypted disk. Click Enable Users, select a user, enter the login password, click OK, then click Continue.