How secure is FileVault?


I'm pretty new to the world of Mac, having used mostly Windows PCs for more years than I like to admit. I've never used FileVault before, but I just turned on FileVault on my work issued MacBook. Is this really a secure encryption method, or is it just a weak "consumer use" security blanket?

Tags: FileVault, mac
Topic: Security
Answer this Question


2 total
Vote Up (8)

Here's a good background article.


"FileVault 1 was introduced with Mac OS X Panther. Encryption may apply to a user's home directory, but not the startup volume. The operating system uses an encrypted sparse disk image – a large single file – to present a volume for the home directory.
Mac OS X Leopard and Mac OS X Snow Leopard use more modern sparse bundle disk images[1] – 8 MB bands (files) within a bundle.

OS X Lion and greater offer FileVault 2,[2] which encrypts the OS X startup volume in its entirety and typically includes the home directory – without using a disk image. For this approach to disk encryption, authorised users’ information is loaded from a separate non encrypted boot volume[3] (partition/slice type Apple_Boot).

Systems with FileVault 2 may describe FileVault 1 as legacy FileVault."

Vote Up (6)

FireVault II is as secure as your password for the most part. It uses 128-bit AES encryption. If someone got hold of your Mac and didn't have your FireVault password, they might be able to boot it from an external drive, but that would only let them reach the non-encrypted portions of your system (which at least in the original FireVault was all the stuff that is not in your home folder.

Ask a question

Join Now or Sign In to ask a question.
Corporate employees are taking a surprisingly lax approach towards security issues raised by the business use of personally owned mobile devices.
In the battle to keep your personal information private, it's not just hackers you have to worry about but lax security and stupidity.
Oracle is planning to release 115 security patches for vulnerabilities affecting a wide array of its products, including its flagship database, Java SE, Fusion Middleware and business applications.
Microsoft updated the Certificate Trust List in Windows to revoke trust for a certificate authority operated by the Indian government after it improperly issued at least 45 SSL certificates for domains owned by Google and Yahoo.
Cybercriminals are trying to create a new botnet based on what is likely a modification of Gameover Zeus, a sophisticated Trojan program whose command-and-control infrastructure was taken over by law enforcement agencies at the beginning of June.
Google is going to tour Europe with a band of external advisers this fall to discuss a landmark ruling by Europe's top court that gave people the right to have personal information excluded from search engine listings in Europe.
Apple users accessing Gmail on mobile devices could be at risk of having their data intercepted, a mobile security company said Thursday.
The source code for an impressively small but capable malware program that targets online bank accounts has been leaked, according to CSIS Security Group of Denmark.
Financial and business information was stolen from several shipping and logistics firms by sophisticated malware hiding in inventory scanners manufactured by a Chinese company.
In wake of psychological experiment, group challenges users to take a Facebook break and find out if it makes them happier.
Join us: