FileVault, external ssd and Windows 10...

[grumpywino]

I have had a bit of a read around on this but it looks tricky....

I have an iMac running Sierra from an external ssd (I was far too cheap for the apple prices - sorry folks!), then my internal slow slow drive also runs Sierra in case the ssd plays up etc, and as a bit of storage for larger files. The internal also boots Windows 10 (for my needs this is perfectly fine on a slow spinning drive) which I do on occasion need. this set up works great for me.

I have an older iMac that runs Windows 7 via Parallels so FileVault won't be a problem there.

I was reading some comments elsewhere regarding the importance of FileVault, to my shame I really haven't paid it much attention as I am generally so busy. It just remains on my list of 'todos' for another day. I have read conflicting accounts of encrypting mac os and windows, and on a first glance it seems tricky. Anyone with a set up like mine try to go down this path? What other ideas for piece of mind/security? Burglaries are rare in my area, but obviously not impossible...

(for the record this iMac is attached to the desk by a kensington lock, which I imagine would take a burglar all of a few seconds to cut through!)

 

[meerkat1990]

I am personally not a fan of encrypting my main drive. I'm fine encrypting sparse images to protect specific folders but would not use file vault. For me too many things gan go wrong and adds a level of complexity I don't need. YMMV and I'm sure plenty of folks use it w/o issue.

 

[grumpywino]

Thanks for that. I think this is the route I will go, it suits my needs without over complicating things.

 

[Wowereit]

You can encrypt your OS X partitions with FileVault, there isn't much to explain.
More or less plug and play.

If you want to encrypt a Windows installation which is on the same drive as OS X, you basically can't.
There are ways around this, but they are way too complicated and could screw up all your data.

You could move all your OS X needs over to the SSD and use Windows exclusively on the internal drive, which would allow using BitLocker, TrueCrypt and so on.

 

[KALLT]

I am personally not a fan of encrypting my main drive. I'm fine encrypting sparse images to protect specific folders but would not use file vault. For me too many things gan go wrong and adds a level of complexity I don't need. YMMV and I'm sure plenty of folks use it w/o issue.

It is the opposite. FileVault is a rather simple and effective solution compared to the alternatives. What it does is encrypt the Macintosh HD volume. It does not encrypt the whole drive, just the OS volume. Using sparse images as a substitute is a poor choice, for two reasons: (1) the system keeps copies of files elsewhere, for instance, for auto-resume or as temporary files. The file system itself sometimes creates temporary copies to make sure that, e.g., copying a directory is done safely. These are not protected. (2) If a file is written outside of the encrypted space, even just for a second, then it may remain on the drive itself for a much longer time, because the file may not be deleted immediately, especially if the drive is an SSD.

 

[meerkat1990]

It is the opposite. FileVault is a rather simple and effective solution compared to the alternatives. What it does is encrypt the Macintosh HD volume. It does not encrypt the whole drive, just the OS volume. Using sparse images as a substitute is a poor choice, for two reasons: (1) the system keeps copies of files elsewhere, for instance, for auto-resume or as temporary files. The file system itself sometimes creates temporary copies to make sure that, e.g., copying a directory is done safely. These are not protected. (2) If a file is written outside of the encrypted space, even just for a second, then it may remain on the drive itself for a much longer time, because the file may not be deleted immediately, especially if the drive is an SSD.

It's good to know the mechanics of this option and I appreciate there are ways to insure a forgotten password or lost recovery key won't lock you out. However, I've known far too many students at the uni I worked at who lost all their work because they used this and/or the Windows equivalent.

Having the iCloud account as a recovery method is a nice option, especially if you can reset that password and still use the new password to access the locked volume if you forget the Mac password and lose the recovery key. Of course if you didn't enable that option you might be sc&^^%#d.

Personally, the ability to just boot another mac and retrieve the information is more important than the potential security benefits (at least when manning the help desk).

If your information is so secret you really need to use file vault then I suppose you should make sure you don't forget the password or lose the recovery key. Probably more of an issue if your system is stolen vs. just keeping ppl in your house from accessing certain info. A sparse image is usually fine for that.

Regardless, I suppose it's ultimately personal preference and for me there will be no file vault.