SLIDESHOW

Use Lion's FileVault 2 to encrypt your Mac's internal drive

Apple latest Mac operating system, OS X 10.7 Lion includes FileVault 2, the latest version of Apple’s method of file encryption. In this how-to, we'll go through the steps on activating FileVault 2 for your Mac's internal startup drive.

Protect your data

By creating a user account and password, you automatically enable an initial layer of security on your Mac. If you want to be extra cautious, consider using encryption: When you encrypt your drive, you essentially make it impossible to read for those without the means to decrypt it.

Apple latest Mac operating system, OS X 10.7 Lion includes FileVault 2, the latest version of Apple’s method of file protection. FileVault 2 is designed to encrypt your hard drive. As long as your files are saved to the internal drive, they’ll be safe.

In this how-to, we’ll go through the steps on activating FileVault 2 for your Mac’s internal startup drive.

Step 1: Proper partitioning

Before we begin the encryption process, your Mac’s internal startup drive must have Lion’s Recovery HD partition, which appears if you formatted your drive using the GUID partition scheme, as well as a single partition or multiple partitions created with Boot Camp Assistant. If you’ve partitioned your drive in a different way, you need to back up your data, erase and repartition your drive, and then re-install Lion, restoring your files, apps, and data afterwards.

To verify that the Recovery HD partition is on your Lion startup drive, restart your Mac and hold down the Option key. This will launch Startup Manager (pictured, top), where Recovery HD will appear if it is installed. You can also launch the Terminal, type diskutil list and press Return. A list (pictured, bottom) of your hard drives and partitions will appear.

Learn more about Lion Recovery and Recovery HD.

Step 2: Security and Privacy

To access FileVault 2, go to your System Preferences and double-click the Security & Privacy pane. Then click the FileVault tab. To start the process, you’ll need to click the padlock in the lower left corner and enter an administrator password.

Step 3: Enable users

Click the Turn On FileVault button, and you’ll be asked to enable each user account by entering each user’s password. A user who isn’t enabled can log in only if an enabled user has started, or the drive itself is unlocked (an unlocked drive is accessible to all users until the Mac is put to sleep or is shut down). Enter these passwords, and then click Continue.

Step 4: Recovery key

After you enable users, you’ll be given a recovery key, which you should record and keep in a safe place. It’s the only way to decrypt your drive if you forget your password. Click Continue.

Step 5: Apple stores your recovery key

You have the option to have Apple store the recovery key. To retrieve it, you must provide the answers to three preset questions exactly as you typed them at this point. Don’t make your answers so convoluted that there could be several different variants of the answer. Keep it simple.

You can also choose to not have Apple store the recovery key.

When you’re done, click Continue.

Step 6: Encrypt your files

The next step is to start the encryption process, which will require a restart. This can take several hours; fortunately, the encryption process occurs in the background, so you can still continue working. That said, it’s better to avoid anything processor- or disk-intensive while Lion is encrypting your drive, since your system and application performance will be adversely affected.

Once the initial encryption process is done, you’re all set. Lion will automatically decrypt any files you need to use and encrypt any new files you create. Apple says the performance impact should be “imperceptible.”

One important note: When using FileVault 2, Recovery HD will not appear in Startup Manager. You can still boot into the Recovery HD partition by pressing command-R while your Mac starts up.