FileVault is one of OS X’s most powerful security features. Understanding what it does, however, may take a little slogging.

As you know, the accounts system is designed to keep people out of one another’s stuff. Ordinarily, for example, Chris isn’t allowed to go rooting through Robin’s email and files.

Until FileVault came along, though, there were ways to circumvent this protection system. A sneak or a showoff could start up the Mac in FireWire disk mode, for example, or even remove the hard drive and hook it up to a Linux machine or another Mac.

In each case, he’d then be able to run rampant through everybody’s files, changing or trashing them with abandon. For people with sensitive or private files, the result was a security hole bigger than Kim Kardashian’s bank account.

FileVault is an extra line of defense. When you turn on this feature, your Mac automatically encrypts (scrambles) everything on your startup hard drive—not just what’s in your Home folder. Every time you create or save a new file, it, too, is insta-encrypted.


FileVault uses something called XTS-AES 128 encryption. How secure is that? It would take a password-guessing computer 149 trillion years before hitting pay dirt. Or, put another way, slightly longer than two Transformers movies.

This means that unless someone knows (or can figure out) your password, FileVault renders your files unreadable for anyone but you and your computer’s administrator—no matter what sneaky tricks they try to pull. (You can, ...

Get OS X El Capitan: The Missing Manual now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.