OS X Mountain Lion: Encrypt the information on your disk with FileVault

This article has been archived and is no longer updated by Apple.
Encrypt your disk with FileVault

You can use FileVault full disk encryption to encrypt the information on your disk. Encryption encodes the data on your disk so that unauthorized users, apps, or utilities can’t access your information. For more information about FileVault, see this help topic:

About FileVault disk encryption

To set up FileVault, you must have an administrator account. When you turn on FileVault, you will receive a recovery key. You can use this key to unlock your disk if you forget the login password.

When you turn on FileVault disk encryption, the process could take a while depending on how much information you have on your disk. However, you can still use your Mac while the disk is being encrypted.

Warning: Don’t forget your recovery key. If you turn on FileVault and then forget your login password and cannot reset it, and you also forget your recovery key, you won’t be able to log in, and your files and settings will be lost forever.

If you’re using OS X Server, encryption isn’t recommended for the startup disk or any disk that stores service data. If these disks are encrypted, the server can’t restart until you go to the server and enter the password at the server’s keyboard. If you use OS X Server to share an encrypted disk, the disk isn’t available to users until you enter the password at the server’s keyboard.

FileVault disk encryption cannot be used with some highly partitioned disk configurations, such as RAID disk sets.

  1. Choose Apple menu > System Preferences, click Security & Privacy, and then click FileVault.
  2. Click the lock icon to unlock the pane, and then type an administrator name and password.
  3. Click Turn On FileVault.

    If the computer has multiple users, a list of users appears. You can enable a user to allow them to log in after the computer starts up. If they are not enabled, an administrator will need to log in first, before the user can log in.

  4. For each of the users you want to be enabled, click Enable User next to their name, and enter (or have the user enter) the user’s login password, and then click OK.
  5. If the recovery key is hidden, click the triangle next to Show Recovery Key.
  6. Copy the recovery key and store it in a safe place, and then click Continue.
  7. Choose whether you want the added safeguard of storing the recovery key with Apple.

    If the recovery key is stored with Apple, you can retrieve it by contacting Apple Support and answering three questions.

    • If you want to store the recovery key with Apple, click “Store the recovery key with Apple,” and then choose and answer three questions. Apple Support will ask these questions when you contact them. The answers are required to unlock the recovery key, which is encoded, and cannot be read. Be sure they are answers you can easily remember.

    • If you don’t want to store the recovery key with Apple, click “Do not store the recovery key with Apple.”

  8. Click Continue.
  9. Click Restart.

After you restart, encryption begins. It may take some time to encrypt your disk, depending on how much information you have on it. However you can use the computer as usual while the disk is being encrypted.

For more information on securing your computer, see these help topics:

Secure virtual memory

Protect your Mac

Prevent deleted files from being read

Published Date: Sep 4, 2015