SEARCH

How-To Geek

How to Encrypt Your Mac’s System Drive, Removable Devices, and Individual Files

mac-os-x-encryption-tools

Macs offer excellent built-in encryption support, whether you want to encrypt your entire hard drive, removable drives, or just create an encrypted container for only your most important files. It’s all built in.

These features are hard to come by on Windows without third-party software, with BitLocker only available on Professional versions of Windows and BitLocker To Go only available on Enterprise editions. Windows 8.1 is now encrypting system drives by default, but only on new PCs.

Encrypt Your System Drive

RELATED ARTICLE
HTG Explains: What is Encryption and How Does It Work?
Encryption has a long history dating back to when the ancient Greeks and Romans sent secret messages by substituting letters only decipherable with a secret key. Join us for a quick history lesson and learn more about how encryption works. [Read Article]

The FileVault feature allows you to encrypt your Mac’s entire hard disk. When you enable File Vault, your files are stored on disk in an encrypted, seemingly scrambled format. Someone who gains access to your Mac, removes your hard drive, and attempts to view your files won’t be able to do it without your encryption key. (Normally, anyone with physical access to your Mac could remove its hard drive and view your files because they’re stored in an unencrypted form.)

You can choose user accounts that have the ability to unlock your disk. When you turn on your Mac, you’ll have to sign in with one of those user accounts before your drive is unlocked. Your drive will be locked again when you shut down your Mac.

To enable FileVault, click the Apple icon on the menu at the top of your screen, select System Preferences, and click the Security & Privacy icon. Click the Turn On FileVault option to enable and configure FileVault.

encrypt-mac-system-disk-with-filevault-2

FileVault will also provide you with a recovery key you can use to unlock your disk if you ever forget your user account’s password. You’ll want to note this recovery key and keep a copy of it in a secure place.

Once you’re done configuring FileVault, your Mac will restart and begin encrypting its hard drive.

mac-filevault-recovery-key

Encrypt Removable Devices

Mac OS X allows you to encrypt an entire drive, like a USB drive or external hard drive. The contents of the drive will be encrypted with a passphrase you choose and no one will be able to access them without that passphrase. It functions like BitLocker To Go on Enterprise editions of Windows, but it’s available to all Mac users.

To encrypt a drive, simply open the Finder and connect the drive to your Mac. Ctrl+click or right-click the drive in the Finder sidebar and select the Encrypt “Drive Name” option.

encrypt-a-removable-flash-drive-on-mac

The disk will be encrypted once you enter your password of choice — be sure to use a secure one! You may have to wait several minutes for the contents of your disk to be encrypted, depending on the size of your drive and its speed.

Don’t lose your password! If you do, you won’t be able to access any files on the encrypted drive.

create-a-password-to-encrypt-a-flash-drive-on-mac

Encrypt Specific Files

RELATED ARTICLE
How to Create an Encrypted File Container (Disk Image) on a Mac
Macs don’t need third-party utilities like TrueCrypt to create a secure, encrypted container for your sensitive files. You can create... [Read Article]

You can encrypt individual files by creating an encrypted file container, or disk image. Whenever you want to work with your encrypted files, you’ll mount the disk image and enter your password. The files will be available to use and any files you save to the disk image will be encrypted. When you unmount the disk image, the files will be locked and no one will be able to access them unless they have your encryption password.

This is a simple method for encrypting files. You don’t have to encrypt any entire devices; you just have to use a single container file. Better yet, the encrypted disk image you create can be synchronized online using a service like Dropbox or Google Drive. You’ll have an online copy and can synchronize it between your computers, but no one will be able to access your files without your encryption key. You won’t have to worry about your sensitive data being compromised if you use a secure password.

Follow our guide to creating and using an encrypted disk image for more information. Remember, if you lose your password, you won’t be able to mount your disk image and access the files inside!


Other encryption utilities like the venerable TrueCrypt will also work on a Mac, but you don’t need them as badly as you do on a Windows PC. These encryption tools are integrated into Mac OS X.

Image Credit: Titanas on Flickr

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 03/17/14

Enter Your Email Here to Get Access for Free:

Go check your email!