Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Filevault questions
- Thread starter Risco
- Start date
- Sort by reaction score
That is a good point that has not been addressed here. But let's say you steal my Macbook and convince the Apple Store employee it is yours so they reset the EFI password for you, how does that get you past my Filevault2 protection? Unless I am missing something, I don't see how it would.
I have my early 2011 MBP set up with a smaller SSD in the Optibay that holds my system and a larger SSD in the main bay that holds my most important data. My home drive is on the main bay, larger SSD. (My less important data resides on an external.)
I read somewhere that, under Lion, encrypting through FileVault with such a setup (that is, home drive not on the system drive) would render the system unbootable for some reason. Does anybody know if that's the case under ML? Put another way, has anybody tried enabling FileVault on the system drive, then encrypting the data drive that includes the home folder?
I read somewhere that, under Lion, encrypting through FileVault with such a setup (that is, home drive not on the system drive) would render the system unbootable for some reason. Does anybody know if that's the case under ML? Put another way, has anybody tried enabling FileVault on the system drive, then encrypting the data drive that includes the home folder?
No. If your computer is stolen, all the thief needs to do is simply boot your password-protected Mac from a USB stick or another drive, and every file on the stolen Mac's hard disk can be viewed and copied. My company requires me to keep my work files encrypted, so if the computer is stolen, the company's information is safe. I also encrypt the Time Machine backup. The good news is that enabling and using FileVault 2 is super-easy to do.
I have a question regarding turning on FV for the first time. I've been using my Air since Jan 2011 and never thought I needed to use FV. If I turn it on now what will it fo to all my backups on Time Machine? Will I need to start a new Time Machine backup from scratch?
You won't need to change anything. It will be transparent to Time Machine and your old backup set will continue. Once you logon the entire encrypted disk image is opened and Time Machine sees is a just a regular drive as before.
Where is the hardware password set/disable located (Mountain Lion).
I thought it was in "Security&Privacy", but I don't see it there now.
I thought it was in "Security&Privacy", but I don't see it there now.
Will the Time Machine backups be encrypted as well by this? Turning on FileVault is good, but if they can just swipe my external drive which is right next to my computer and get data from that then what's the point really?
(Sorry, I really don't know much of anything about this).
I believe the Time Machine backups are already encrypted. Someone will correct me if I'm wrong.
It is not on by default. You need to turn on Time Machine encryption in the select disk area of Time Machine in System Prefs. See my screen grab.
I agree it does not make much sense to encrypt the drive disk and not the backup.
It is not on by default. You need to turn on Time Machine encryption in the select disk area of Time Machine in System Prefs. See my screen grab.
I agree it does not make much sense to encrypt the drive disk and not the backup.
The "Encrypt Backups" button option on my machine is un-selectable (greyed out). Is this because I do not have FileVault enabled yet?
I ran across this article the other day: http://www.macworld.com/article/1163387/can_filevault_2_and_find_my_mac_foil_thieves_.html and the comments by dilvish1984 made firmware password sound pretty optional. I don't really understand it all well enough to agree or disagree with it. Right now I'm not using firmware password -- can anyone give me a good argument why I should? (when using filevault)
Here's an interesting - and disturbing - article on passwords: http://arstechnica.com/security/2012/08/passwords-under-assault/
Well worth a read. As a longtime 1Password user, almost all my passwords are way stronger than they need to be ... but I'm still stuck with two passwords that need to manually entered from memory. I'm going to modify my 1Password login password after reading the article, because I see I made a known common mistake with it -- not critical, but why not make it better. I'm also in the process of coming up with a new secure Filevault login password, and this article will help with that too.
As far as I know, the Filevault password is immune to brute force attacks. But if I'm wrong on that, someone please correct me.
Well worth a read. As a longtime 1Password user, almost all my passwords are way stronger than they need to be ... but I'm still stuck with two passwords that need to manually entered from memory. I'm going to modify my 1Password login password after reading the article, because I see I made a known common mistake with it -- not critical, but why not make it better. I'm also in the process of coming up with a new secure Filevault login password, and this article will help with that too.
As far as I know, the Filevault password is immune to brute force attacks. But if I'm wrong on that, someone please correct me.
in lion, i seem to recall that to encrypt a time machine disk, via the terminal, you required a new disk or you had to clear an existing one.
has this changed in ML, so that an existing time machine disk can be encrypted without loss of backups, simply by checking the box?
has this changed in ML, so that an existing time machine disk can be encrypted without loss of backups, simply by checking the box?
The access to DMA to snag your password was closed/fixed with 10.7.2, and that is the hack these apps are using to obtain your FV2 password. So if you are at or above 10.7.2, that is not a concern.
That just leaves intruders booting from other devices to hack your EFI and obtain your password, and this can only be stopped by an EFI password. But for this to work, the intruder would have to boot to another device and hack your EFI, then leave your computer for you to use and enter your password (which the hack would log). Then the intruder would need to come back and take the computer with your now logged password. The commonly described scenario for this is a hotel maid placing the hacked EFI on day one, then taking your computer on day two.
This seems like a remote and very low probability hack unless you have something on your Macbook an intruder really desperately wants. But at the same time, there is really no downside to enabling an EFI password, so why not do it.
I can tell you what my experience was with Mountain Lion. I use Time Machine on a Time Capsule for backup, and Time Capsule encryption was not supported until Mountain Lion. To get it enabled I had to create an entirely new backup and could not see a way to encrypt the existing backup.
If you enable filevault and then encrypt a folder within with the EAN-128 encryption and a decent password from disc utility is A) that folder still encrypted and B) hackable in any way with any means out there?
(assuming my secret girlfriend is Selena Gomez and we make compromising video's that include her and certain household-devices and the computer is stolen by the head of the FBI who knows what's on there and is a serious serious SG fan
)
(assuming my secret girlfriend is Selena Gomez and we make compromising video's that include her and certain household-devices and the computer is stolen by the head of the FBI who knows what's on there and is a serious serious SG fan
)
If you enable filevault and then encrypt a folder within with the EAN-128 encryption and a decent password from disc utility is A) that folder still encrypted and B) hackable in any way with any means out there?
(assuming my secret girlfriend is Selena Gomez and we make compromising video's that include her and certain household-devices and the computer is stolen by the head of the FBI who knows what's on there and is a serious serious SG fan
Yes, the folder would still be encrypted. I am not familiar with EAN-128 encryption, but I have done a fair amount of reading on FV2, and I have yet to see anybody crack it.
A hackers best shot is going to be trying to intercept your password somehow rather than a brute force PW crack. You can help thwart that by also using a EFI (firmware) password on your machine.
And what if you keep financial data and other personal information on your computer? What if your web browser is set to log in automatically to assorted web sites? What about Mail? I bet Mail auto logins as well.
Identity Theft is happening a lot. Encrypting your hard drive means the thief only gets the money for selling the computer and you don't have to worry if they got enough information for identity theft to happen.
I don't see how the EFI password helps.I think the FV-protected data is fully secured without it. FileVault is a data-at-rest solution; even if the hard drive is removed and put into another computer, it is fully encrypted and unreadable. The firmware password doesn't help or hinder this. The Mac also locks itself whenever you close the lid, etc. So here again, the EFI firmware password doesn't help.
The only thing the EFI password will do is prevent someone who steals your computer from replacing the hard drive and using the machine for himself. But the data remains protected.
My point about EFI PW protection is it would thwart an "evil maid" type attempt to intercept your PW by for example swapping your Thunderbolt ethernet adaptor for one that had a EFI boot loader that contained a key logger. Very unlikely scenario to be sure... but possible.
Plus, like you said, it would render the machine pretty mush useless to a thief. That seems like a good thing.
Do you know what Apple's policy is about recovering an EFI-protected Mac at their store? Is proof of ownership necessary?Plus, like you said, (EFI password) would render the machine pretty mush useless to a thief. That seems like a good thing.