By creating a user account and password, you automatically enable an initial layer of security on your Mac. If you want to be extra cautious, consider using encryption: When you encrypt your drive, you essentially make it impossible to read for those without the means to decrypt it.
Apple latest Mac operating system, OS X 10.7 Lion includes FileVault 2, the latest version of Apple’s method of file protection. FileVault 2 is designed to encrypt your hard drive. As long as your files are saved to the internal drive, they’ll be safe.
In this how-to, we’ll go through the steps on activating FileVault 2 for your Mac’s internal startup drive.
Before we begin the encryption process, your Mac’s internal startup drive must have Lion’s Recovery HD partition, which appears if you formatted your drive using the GUID partition scheme, as well as a single partition or multiple partitions created with Boot Camp Assistant. If you’ve partitioned your drive in a different way, you need to back up your data, erase and repartition your drive, and then re-install Lion, restoring your files, apps, and data afterwards.
To verify that the Recovery HD partition is on your Lion startup drive, restart your Mac and hold down the Option key. This will launch Startup Manager (pictured, top), where Recovery HD will appear if it is installed. You can also launch the Terminal, type diskutil list and press Return. A list (pictured, bottom) of your hard drives and partitions will appear.
To access FileVault 2, go to your System Preferences and double-click the Security & Privacy pane. Then click the FileVault tab. To start the process, you’ll need to click the padlock in the lower left corner and enter an administrator password.
Click the Turn On FileVault button, and you’ll be asked to enable each user account by entering each user’s password. A user who isn’t enabled can log in only if an enabled user has started, or the drive itself is unlocked (an unlocked drive is accessible to all users until the Mac is put to sleep or is shut down). Enter these passwords, and then click Continue.
After you enable users, you’ll be given a recovery key, which you should record and keep in a safe place. It’s the only way to decrypt your drive if you forget your password. Click Continue.
You have the option to have Apple store the recovery key. To retrieve it, you must provide the answers to three preset questions exactly as you typed them at this point. Don’t make your answers so convoluted that there could be several different variants of the answer. Keep it simple.
You can also choose to not have Apple store the recovery key.
When you’re done, click Continue.
The next step is to start the encryption process, which will require a restart. This can take several hours; fortunately, the encryption process occurs in the background, so you can still continue working. That said, it’s better to avoid anything processor- or disk-intensive while Lion is encrypting your drive, since your system and application performance will be adversely affected.
Once the initial encryption process is done, you’re all set. Lion will automatically decrypt any files you need to use and encrypt any new files you create. Apple says the performance impact should be “imperceptible.”
One important note: When using FileVault 2, Recovery HD will not appear in Startup Manager. You can still boot into the Recovery HD partition by pressing command-R while your Mac starts up.
Author: Roman Loyola, Senior Editor
Roman has covered technology since the early 1990s. His career started at MacUser, and he's worked for MacAddict, Mac|Life, and TechTV.