Last week I wrote a few tips about disk encryption, but I didn’t write about what to do with the startup disk on your Mac. I cannot think of any reason you shouldn’t encrypt your startup disk after the release of Mac OS X Lion. Apple has made it just to easy for you to encrypt your drive. It is quick, fast and easy. I’ll show you how today.
The quick, fast and easy part actually depends on how your Mac is configured, because on a Mac with a solid state drive it will be very fast. However, my 27-inch iMac with a standard hard disk drive was relatively fast, but not as fast as my 13-inch MacBook Air. The added protection of full disk encryption from FileVault 2 was worth the wait.
Here are the steps to turn on full disk encryption on your Mac running Mac OS X Lion:
- Open System Preferences and open Security & Privacy.
- Unlock the Security & Privacy preferences by clicking the lock in the bottom left hand corner. Enter your administration accounts password when prompted.
- Click the FileVault tab.
- Click Turn On FileVault.
Take note of the recovery key you are presented. I’d write it down, double-check what you wrote down and secure the written recovery key in a safe and secure place. Don’t forget about where you put it!
- You’ll be prompted to decide if you want to store the recovery key with Apple or not. I usually select not to do that since I’d rather be in complete control of any future recoveries. That is why it is important to keep that recovery key and not misplace it. Click on Do not store the recovery key with Apple.
- When prompted to restart your Mac click the provided Restart button that appears.
- Log back into your Mac.
At this point Mac OS X Lion will encrypt your disk while you work. If you want to periodically check it just go back to the Security & Privacy preferences pane. You’ll see the status of the process which includes estimated time remaining for completion.
Here are a few things to note about this process:
If you select the option to Store the Recovery Key with Apple you will be asked to setup three security questions. You’ll need to know the answers to these or Apple will not be able to help you with the recovery. This option also mentions the possibility that “fees may apply” and something about “subject to support eligibility. ” That probably means that if you don’t have AppleCare you might be asked to pay for service. My suggestion above in the steps to use encryption on your startup disk will always be free.
If you have multiple accounts on your Mac you maybe prompted to select the accounts that are allowed to startup your Mac. You’ll note that the startup screen changes after encryption is turned on. This is due to the fact that your Mac is using a new trick. The trick is that it uses the Recovery HD partition to do the initial boot, verifies you when you log in and then completes the startup using the encrypted drive. It’s all really slick and transparent. Apple did a good job with this.