Let me start this with a simple question. Do you use Apple’s built-in FileVault encryption tool? It’s the one in System Preferences > Security & Privacy, in the FileVault tab. I do not. Why?
FileVault secures the data on your disk by encrypting its contents automatically.
That part sounds good, and FileVault uses what is known as full disk XTS-AES 128-bit encryption (tech speak for very tough encryption). FileVault encrypts the Mac’s entire disk. Apps and files are decrypted on the fly and it happens so fast you’re not likely to see any difference.
FileVault 2 is tough, free, and built in to OS X Mavericks. All you need is your system password and a safe place to put the Recovery Key. You know, just in case.
So, why don’t I use FileVault? First, I don’t have files that are all that valuable or that are not backed up elsewhere or that I worry about if someone else gets them. Second, Apple says it best:
WARNING: You will need your login password or a recovery key to access your data. A recovery key is automatically generated as part of this setup. If you forget both your password and recovery key, the data will be lost.
That whole ‘data will be lost‘ part bothers me. However, I do have some files which I want to encrypt and store. For that I found a free friend already living on my Mac. It’s the Disk Utility app in the Applications > Utilities folder.
Instead of encrypting the whole disk drive as FileVault does, Disk Utility, something of a Swiss Army Knife tool for Mac disks, can create, convert, backup, compress and encrypt disk images. Think of a disk image as a magical folder where Disk Utility is the wizard.
Disk images can be created to store whatever files and folders of files you have, all locked up nice and tidy with compression, encryption, and a password. Setup disk images in whatever size you want (they can be resized as needed).
Add a Name to the disk image. Select a Size. Choose a file format. Select from the encryption options. And, that’s about it; you’re ready to go. What I do with sensitive files that I don’t want someone else to have is to put them on a disk image, encrypt it, add a password, and store it as a backup on my Mac (or, server or Dropbox). The whole process is simple once you’ve done it a few times. It’s totally free, very Mac-like, as safe as you’re likely to get, and built in to each Mac.
Plus, there’s not the ever present danger in FileVault of losing a password and recovery key and being locked out of your Mac forever.