To Vault Or Not To Vault?

FileVault, a standard feature on the Mac OS, can be a user’s best friend or worst enemy. Using a security utility that’s built into your Mac’s operating system and can be turned on with a simple click may seem like a no-brainer, but ultimately FileVault is much more complicated than that. It’s worth noting that if before you run a program a warning popup asks “Are you really really really sure you want to do this?” you should be sure– absolutely positive– that you understand exactly what the consequences could be before you click “yes.” Are you actually really really really sure?

FileVault is an encryption program that takes your entire user folder and scrambles it into a sparse image, which is like a virtual hard disk that requires a password or recovery key in order to unscramble it and make it readable again, offering complete protection against data theft. Using a typical user login password on your laptop or desktop without encryption will only protect your data from being seen by someone sitting in front of your computer, whereas someone truly dedicated to gaining access to your information could easily remove your computer’s hard disk and view it on another computer, bypassing any password you’ve set up. A hard disk encrypted by FileVault is completely useless to someone looking to steal your data, as the information becomes 100% unreadable without your password or recovery key. It’s important to note that unless your computer is turned off or locked FileVault is useless; many of us often leave our computers on and unlocked so we can quickly and easily access them, but quick and easy access for the user also means quick and easy access for someone looking to steal data as well.

FileVault does allow for a guest user login on your computer, but this login has access to Safari only. It’s perfect for letting a friend or co-worker use your Mac to look something up or bang out a quick email, but that’s all it will be capable of. If your computer is stolen or lost and anyone does try to use this guest login you’ll be able to remotely lock the computer and send a message saying the device is stolen.

To enable FileVault you’ll need to set up a password, and then Apple will provide you with a randomly generated recovery key– a combination of 24 letters and numbers which would be your last chance at gaining access to your data after losing or forgetting your password, hence the popup warning asking if you’re really really really sure you want to encrypt with Filevault. You want to make sure this recovery key is never EVER lost, which is made a bit easier by Apple offering the option of storing it for you in case you do ever need it retrieved. If both the password and recovery key are lost– or if your operating system fails– ALL data is lost. Forever. Recovery becomes impossible, and everything that you were trying to protect in the first place is gone; FileVault is so secure that there is no technician anywhere that would ever be able to unencrypt your disk to retrieve your data.

The decision to use FileVault ultimately comes down to what type of information is stored on your computer and how you need to utilize that info. The iron-clad protection FileVault offers is often a necessity for a user that has sensitive client or patient data stored, especially on a laptop that could be easily stolen. There are some downsides to this type of protection, though; it means your information becomes unmovable and that you won’t be able to access it from your other devices. For someone who may need quick access to files and emails on-the-go from different devices this could be a trade-off that isn’t worth it; for the casual Mac user who doesn’t have large amounts of info that needs to be kept locked up it almost certainly isn’t worth it.

Look at it this way: would you use a combination safe at home if the only things you planned to put in it were family photo albums? Since it’s unlikely that anyone is ever going to attempt to steal your family photos, by locking them up you’ve taken the risk that you could forget the combination (or that the lock could break and the combination becomes useless) and never again have access to something that’s incredibly valuable to you but was never of importance to anyone else. Is it worth it?

There are other options to keep your data secure that may be better suited to the type of user you are; if a more limited form of security is what you’re looking for you could choose to protect only certain files and folders with encryption and keep the ability to move them to another computer or device, rather than locking up every single piece of information on your computer and rendering it unmovable. Cloud services are also a fantastic way to securely manage your private information and keep maintain portability and quick access, and with Find My Mac you’re also able to easily remotely lock or “wipe” your laptop if it’s lost or stolen.

An additional risk of using encryption like FileVault is the possibility of data corruption; that is, even with the correct password your information could possibly stay scrambled and thus be rendered permanently unreadable and unusable. This is rare and unlikely to happen, but it’s an important reason to back up all your files. Or more accurately it’s ANOTHER reason to back up all your files, because you’re already doing that, right? RIGHT?

The bottom line is that a system as secure and easy to enable as FileVault is a godsend for users who require the highest level of security; lawyers, healthcare professionals, and accountants, for example. For most of us, though, it’s security overkill in which the risk of accidental misuse outweighs any benefit. Would you want to be “that guy” who installs a high tech security system in his home and then accidentally locks himself out? Or forgets to turn it on and leaves the front door wide open? No? I certainly don’t blame you, because I wouldn’t want to be that guy, either.


One comment on “To Vault Or Not To Vault?

  1. Pingback: How to avoid data loss | Data Recovery

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s