OS X Mavericks: Encrypt the information on your disk with FileVault

This article has been archived and is no longer updated by Apple.
Encrypt the information on your disk with FileVault

You can use FileVault to encrypt the information on your disk. Encryption encodes the data on your disk so that unauthorized users, apps, or utilities can’t access your information. For more information about FileVault, see:

About FileVault disk encryption

To set up FileVault, you must be a user the can administer the computer. When you encrypt a disk using FileVault, a recovery key is created as a safeguard. If you forget your login password, you can use the recovery key to unlock the encoded contents of a disk. The recovery key should not be physically stored with the computer where it can be discovered.

When you turn on FileVault, the encryption process could take a while, depending on how much information you have on your disk. However, you can still use your Mac while the disk is being encrypted.

Warning: Don’t forget your recovery key. If you turn on FileVault and then forget your login password and cannot reset it, and you also forget your recovery key, you won’t be able to log in and your files and settings will be lost forever.

The FileVault recovery key replaces the Apple ID password reset for recovering from a forgotten password, and you will no longer be able to use the Apple ID password to reset your password.

If you’re using OS X Server, encryption isn’t recommended for the startup disk or any disk that stores service data. If these disks are encrypted, the server can’t restart until you go to the server and enter the password at the server’s keyboard. If you use OS X Server to share an encrypted disk, the disk isn’t available to users until you enter the password at the server’s keyboard.

FileVault disk encryption cannot be used with some highly partitioned disk configurations, such as RAID disk sets.

  1. Click the lock icon to unlock the pane, and then type an administrator name and password.
  2. Click Turn On FileVault.

    If your Mac has multiple users, a list of users appears. You can allow users to log in after the computer starts up. If you don’t, an administrator must log in before the user does.

  3. For each user you want to allow to log in, click Enable User, enter (or have the user enter) the user’s login password, then click OK.
  4. If the recovery key is hidden, click the triangle next to Show Recovery Key.
  5. Copy the recovery key and store it in a safe place, then click Continue.
  6. Choose whether you want the added safeguard of storing the recovery key with Apple.

    If the recovery key is stored with Apple, you can retrieve it by contacting Apple Support and answering three questions.

    • If you want to store the recovery key with Apple, click “Store the recovery key with Apple,” then choose and answer three questions. Apple Support will ask these questions when you contact them. The answers are required to unlock the recovery key, which is encoded and cannot be read. Be sure they are answers you can easily remember.

    • If you don’t want to store the recovery key with Apple, click “Do not store the recovery key with Apple.”

  7. Click Continue.
  8. Click Restart.

After you restart, encryption begins. It may take some time to encrypt your disk, depending on how much information you have on it. However you can use your Mac as usual while the disk is being encrypted.

For more information about securing your Mac, see:

Secure virtual memory

Protect your Mac

Prevent deleted files from being read

Published Date: Oct 20, 2015