How to use FileVault to secure your Mac from a manual password reset

 To prevent unauthorized access and just curious eyes, in OS X, as in all modern operating systems, the user’s passwords are used. Most makovodov use it, of course, thus ensuring the security of your account, which will not be logged in until you enter the user’s password. It’s sad, but there are various ways that you can reset the administrator password and access all the information stored on your computer.

Users, for whom data security is not in the last place, will certainly want to insure themselves against such things and prevent the possibility of unauthorized access to personal information. This can be done with the built-in FileVault encryption mechanism.

* * *

The essence of this method is that when you turn on FileVault the password will need to be entered before the account is loaded, and this in turn makes it impossible to use known methods of password reset (Single User Mode, boot from an external disk, etc.). Using FileVault is perhaps the easiest way to circumvent all these attempts, since in addition to encrypting data on the disk, it necessarily requires entering a password at the early stages of the system boot. And this is exactly what we need!

For clarity, we simplify all of the above and see what the inclusion of the Mac looks like before and after activating FileVault:

  • Before. Download> Single User Mode> Reset Password> Login as root user
  • After. Download> Requesting a FileVault password to access

FileVault is extremely easy to configure and is included in the system settings of OS X:

Screenshot of 2014-01-11 at 19.34.12

1. We open Settings and go to the section Protection and Security, tab FileVault.

2. Click on the lock icon and enter the password that is required to enable encryption.

3. If you have multiple accounts – choose which of them will use encryption.

Screenshot of 2014-01-11 at 19.35.37

4. Securely save the recovery key – if you forget the password, without a key it will be impossible to access your data.

Screenshot of 2014-01-11 at 19.37.48

5. Choose whether to store (in encrypted form) the recovery key on Apple servers or not. If so, we select three questions and indicate the answers to them. On them, Apple identifies you, the case of contacting them when the key is lost.

6. Restart the computer to apply the changes and enable encryption.

However, it is important to understand the risks and limitations that will entail the use of full disk encryption. Here we mean the possible drop in the speed of reading the disc and the inability to restore your data by anyone, in case of losing the password. But I think this is not a problem, if you decided on such a serious step as the inclusion of disk encryption – by definition you should be a cautious user and securely store your passwords. Therefore, the use of FileVault can hardly be recommended to the average user, in contrast to makovodov, who impose special requirements for security. If you belong to the latter, I would advise you to enable FileVault and take full advantage of the encryption. In addition, it is very useful to develop the habit of always blocking your Mac, even if you leave the workplace for a few minutes.

The primary encryption of my 120 GB SSD, filled with little more than half – took about 40 minutes.

Screenshot of 2014-01-11 at 19.42.11

For performance reasons, FileVault encryption is best used on Macs with solid state SSDs, although with normal hard disks it also works quite well (but some users notice a significant drop in read / write speed in this case).

* * *

As you can see, Apple once again confirms the consistency of its operating system, which includes all the necessary tools. FileVault is an excellent data encryption service that provides additional security benefits.

If you have any questions, do not hesitate to ask in the comments. I will always be glad to hear your opinion!

Loading...