Is FileVault Disk Encryption Good or Bad?

/

The other way a reader emailed me asking whether it’s a good idea to turn on FileVault on her Mac.

Well, let’s admit it — this is a topic that has been debated again and again, and still it doesn’t seem to have a consensus among macOS users.

Just take a quick look at this forum thread, and this one in Apple Discussion…you’ll understand what I mean.

So, is FileVault disk encryption good or bad? What’s the best practices to follow if possible? That’s what I’m going to cover in this post.

But first, here are some opinions from authorities:

FileVault Is Good

Data security is the top reason for using it, and that’s what the feature was designed for, according to Apple, FileVault 2 full-disk encryption uses XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk.

So, if your Mac has stored tons of highly private and sensitive information — it’s probably a good idea to have FileFault turned on as always. Because you never know what would happen to your Mac machine, e.g. one day you may need to resell or donate it, or in worst situation the machine got stolen.

BackBlaze had a great point in this:

FileVault protects your data from prying eyes. If you’re using your computer to access sensitive data, or if you just don’t want your information to fall into the wrong hands, FileVault gives you peace of mind you won’t have otherwise.

FileVault Is Probably Not Good

The main concerns include: performance, password, and data safety.

First of all, if you’re using an older Mac that loads with a spinning hard drive rather then an SSD (unless you’ve upgraded it), then having it turned on would probably cause more slowdowns or hangs.

As Jim Tanous put in TekRevue:

Another issue to consider is performance. Because the Mac will have to encrypt and decrypt data as the user calls for it, there will be a slight performance hit when it comes to reading and writing data.

On the other hands, you’ll need to set a password for the drive, and have to enter it to mount it. These days I believe you already have enough passwords, adding an extra one (different from other passwords) means more risk — you may forget it. And if that happens, it’s a disaster for all the data and content saved in the drive.

My personal take

You see? We can’t say it’s absolutely good or bad to encrypt Mac disk with this built-in feature.

Personally, I prefer not to turn it on. That’s why you see this on my MacBook Pro. Go to  > System Preferences > Security & Privacy.

I have disk encryption turned off 🙂

However, that doesn’t mean I don’t value data security. You may consider set up and enable Find My Mac, and if your Mac is too old to perform well and you want to recycle it, do these things to make sure the new owner has no access to your data (yes, data recovery is possible, see my previous post here).

Last yet most important, no matter what you choose — enable or disable the encryption option, always make timely backups of your Mac data. That’s the golden rule of protecting yourself from data disaster in the digital age.

Leave a Comment