OS X Lion: About FileVault disk encryption

This article has been archived and is no longer updated by Apple.
About FileVault

You can use FileVault to protect the files on your disk from being seen or copied. FileVault disk encryption encodes the information stored on your disk so it can’t be read unless the login password is entered.

If you store sensitive information on your computer, you should consider using FileVault disk encryption. For example, if you carry all your company’s financial data on your portable computer, losing it could allow someone to access sensitive data that might hurt your business. If you are logged out of your account when your computer is lost but the data is encrypted, your information is protected.

The disk encryption in Mac OS X uses the government-approved encryption standard, the Advanced Encryption Standard with 128-bit keys (AES-128).

When you turn on FileVault, you are given a recovery key. An administrator can use the recovery key as a safety measure to unlock the disk if the administrator’s login password is forgotten.

To ensure security when you turn on FileVault other security features are also turned on. For example, a password will be required to log in, after waking from sleep, and after leaving the screen saver. After the initial startup only users enabled in FileVault will be able to log in, other users will need an administrator to log in first.

Warning: Don’t forget your administrator password. If you turn on disk encryption and then forget both your login password, your Apple ID, and your recovery key, you won’t be able to log in to your account, and your files and settings are lost forever.

FileVault disk encryption cannot be used with some highly partitioned disk configurations such as RAID disk sets.

Published Date: Oct 31, 2013