Getting Started with Mac Encryption


mac encryption

In the modern world, encryption is becoming more and more of a pressing issue. As governments have become more enthusiastic about surveilling their citizens, folks concerned for the safety of their data would do well to take encryption seriously. Fortunately, it’s easy to get started with Mac encryption without too much complexity.

First, What is Encryption?

`mac encryption rot 13

Encryption is the process by which sensitive data is hidden from prying eyes. If you’ve ever used a substitution cipher to pass a simple message to a friend, you’ve used encryption.

Digital encryption is just a much more advanced version of this same concept. The idea is that, without a “key,” an adversary can’t read any encrypted material.

Encrypt Your Mac’s Whole Hard Drive with FileVault

mac encryption filevault

Encrypting your Mac’s hard drive is drop-dead simple with macOS’s FileVault. This operating system feature makes it easy for users to encrypt their Mac’s entire hard drive at once. This way, an adversary read access data on your hard drive without a computer’s password. The encryption is unlocked with your user password, so you don’t even need to remember additional passwords.

You might even have FileVault turned on by already. It’s the default option on new Macs, and it’s automatically toggled on when you set up a new user. If you’re not sure, check out the Security & Privacy pane in System Preferences.

Click the FileVault tab, and then click the “Turn On FileVault…” button.

Once FileVault is turned on, you’ll need to use your password every time you turn on your computer. Make sure you’re using a secure password that’s easy to remember. If you lose your password, you’ll have no way to recover any of your data.

Encrypt Individual Files on your Mac

mac encryption encrypto

In addition to whole-drive encryption, you can also encrypt individual files. There’s a ton of Mac apps that will handle this encryption for you.

If you value a robust volume-encryption strategy, check out VeraCrypt. It’s is an open-source program that creates encrypted volumes. This can be any physical disk, like a USB drive or disk partition, or a logical disk, like a disk image (DMG). You can choose from a wide variety of encryption standards, including AES, which is the U.S. government’s currently-approved method. It’s robust and well-respected, but it does require some setup. The program itself relies on another utility, MacFUSE, to run, which needs to be installed separately. And once you’ve created a volume with VeraCrypt, you’ll need to mount it inside of VeraCrypt in order to view the files.

If VeraCrypt is a little much, check out Encrypto. It’s easily the most user-friendly encryption software I’ve ever used. It encrypts single files with a password – that’s it. You drag and drop a file on to the Encrypto window, and that file will be encrypted with your chosen password. To decrypt, drag the file back into Encrypto and enter your password. Under the hood Encrypto uses AES-256, which is both strong and standard. There’s no option to change anything, but the streamlined nature of the process makes it easy to use. And the best encryption is the encryption you actually use.

Use a VPN

A VPN, or virtual private network, creates an encrypted “tunnel” between your computer and the website it’s connected to. While connected, this tunnel encrypts any data passed between your computer and a remote server, keeping your communications completely confidential.

There a dozen of VPN providers available for the Mac. I personally use Private Internet Access, but TorGaurd, IPVanish, and NordVPN are also great choices.

There is some concern among security-conscious folks that using a VPN might actually raise some eyebrows. After all, a curious observer might wonder what it is you have to hide. But the same can be said on any non-standard encryption technology. Passing important data as plain text and hoping to hide in plain sight isn’t typically a better strategy.

Encrypt your Messages and Emails

mac encryption emails

This is probably the most challenging recommendation to implement. While it’s possible to encrypt all the emails stored on your hard drive with FileVault, you won’t get true security without “end-to-end” encryption. End-to-end encryption means that every part of your communication chain is encrypted. To complete the encryption chain, any email recipient needs to also take part in your encryption scheme. You might find it to challenging to get casual emailers to use encryption keys. But for more secure communications, encryption should be mandatory.

If you want to encrypt your emails, you’ll need to download an email client that supports email encryption and set up GnuPG. The Electronic Frontier Foundation has a great tutorial if you’re interested in delving into that.

And if you use Apple’s Messages app for your SMS and MMS communications, then good news. You’re already benefiting from end-to-end encryption.

Use a Password Manager

mac encryption password manager

While this tip doesn’t specifically focus on your Mac’s security, it’s still crucial. A password manager like 1Password or Dashlane makes it easy to use strong passwords. And considering the amount of sensitive data most folks have stored on web services, strong passwords are of paramount importance. No matter how strongly you encrypt your local data, if your Google account is accessible to hackers, you haven’t done much good.

Conclusion

If you want to get hardcore about security on your Mac, there’s way more you can do. But for most folks, the above steps should be enough to get started.

You might also like:

How to Encrypt Your Evernote Notes
Apple, Security and Your Passcode

Alexander Fox

0 Comments

Your email address will not be published.