How to Encrypt your Mac’s Hard Drive

You may have heard of the words “FileVault” and “encryption” relating to your Mac’s hard drive, and you may be wondering if you should use this higher level of security and if it is easy to implement. The answer to all of this is “yes”. Even though you’ve already protected your Mac with a login password, encryption takes your safety and security to a whole new level.

How does Encryption work?

Encryption is industrial-level protection for your drive, such that probably no one, short of the NSA, would be able to retrieve your data should your device be lost or stolen. Apple has really improved their full-disk encryption in the last years (known as FileVault) so that it is easy to set up, and using it is basically transparent to the user.

About the only difference a user will notice is that upon boot-up, you will be asked for your login password right away, as that is required to unencrypt the entire drive.

  1. Choose Apple menu > System Preferences, then choose Security & Privacy.
  2. Click the FileVault tab.
  3. Then click the padlock in the lower left corner, and enter an administrator name and password.
  4. Click the “Turn On FileVault” button.
osx-security-privacy-filevault

If other users have accounts on your Mac, you might see a message that each user must type in their password before they will be able to unlock the disk. For each user, click the Enable User button and enter the user’s password. OS X automatically enables any user accounts that you add after turning on FileVault.

osx-security-privacy-filevault-users-sheet

Choose how you want to be able to unlock your disk and reset your password, in case you ever forget your password:

  • If you’re using OS X 10.9 or newer, you can choose to store a FileVault recovery key with Apple by providing the questions and answers to three security questions. Choose answers that you’re sure to remember.
  • If you’re using OS X 10.10 or later, you can choose to use your iCloud account to unlock your disk and reset your password (I recommend this choice).
  • If you don’t want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk.
osx-elcapitan-security-privacy-filevault-recovery-key-sheet

IMPORTANT: If you lose or forget both your OS X account password and your FileVault recovery key, you won’t be able to log in to your Mac or access the data on your startup disk.

When FileVault setup is complete, your Mac restarts and asks you to log in with your account password. Your password unlocks your disk and allows your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.

osx-mac-login-screen

After your Mac starts up, encryption of your startup disk occurs in the background as you use your Mac. This takes time, and it happens only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences. Any new files that you create are automatically encrypted as they’re saved to your startup disk

Encrypting Your Backup Drive

In addition to encrypting your hard drive, you can also encrypt your backup drive(s). (If you have an existing backup drive, skip to the next section.)

  1. Launch System Preferences by selecting the System Preferences item from the Apple menu.
  2. Select the Time Machine preference pane.
  3. In the Time Machine preference pane, click the Select Backup Disk button.
  4. In the drop-down sheet which displays available drives that can be used for Time Machine backups, select the drive you wish Time Machine to use for its backups.
  5. At the bottom of the drop-down sheet, you’ll notice an option labeled Encrypt backups. Place a checkmark here, and then click the Use Disk button.
  6. A new sheet will appear, asking you to create a backup password. Enter the backup password, as well as a hint for recovering the password. When you’re ready, click the Encrypt Disk button.
  7. Your Mac will start encrypting the selected drive. This can take quite a while, depending on the size of the backup drive. Expect anywhere from an hour or two to a whole day.
  8. Once the encryption process is complete, your backup data will be secure from prying eyes, just like your Mac’s data.
password hint

What if I already have a backup drive?

If you have an existing (unencrypted) drive that you want to convert to being encrypted, follow these steps first:

In System Preferences:Time Machine, click on the “Select Drive” button. Highlight your existing drive and press the “Remove Disk” button.

selecting drive to encrypt

Once you’ve done that, then press the “Select Drive” button again. This time select that same drive, but also check the checkbox that says, “Encrypt backups”.

If your Mac complains and says that it cannot encrypt the drive, then you will need to use Disk Utility to erase the drive first, and then start from the beginning.

Wait – I think I need some help…

That is why we are here, to help you with every step of this if you want. Contact us and we will get it done for you!

Colorado’s Consumer Data Protection Law – Does it affect you?

data breach

In September of 2018, Colorado implemented some of the strictest laws in the U.S. concerning data breaches and the resulting reporting requirements. If you do any kind of business in Colorado, including capturing names and email addresses on your website (also known as Personally Identifying Information, or PII), then these laws affect you. This is similar to the recent European GDPR policy that businesses are scrambling to conform to, but with reporting requirements that are even more strict.

One of my clients recently had their laptop stolen out of their car, and they are now dealing with an avalanche headache in the aftermath of that, especially with these new rules that require notifications.

One thing I find eye-opening here is the number of ways a data breach is defined:

  • A hacker electronically accessing and acquiring computerized data;
  • Unauthorized access of a computer network through weak passwords;
  • Unencrypted consumer information sent through a payment system;
  • A briefcase or laptop computer containing client files that is stolen or misplaced; or
  • A mobile device or data storage device containing PII that is stolen or misplaced.

What are my responsibilities?

  • Businesses and agencies must have a written policy explaining how they will dispose of the personal information they keep and follow through on those procedures.
  • If a data breach is detected, entities must alert consumers that their data has been compromised within 30 days. If more than 500 Coloradans are impacted, the entity must alert the attorney general’s office.
  • Entities must take “reasonable” steps to protect the personal information they keep.

What can I do to protect myself?

  1. Never, ever leave your laptop or mobile device in your car, or walk away from it in a public place like a coffee house. If you do, assume it has been stolen already, and consider how you will recover.
  2. Be really smart about how you use passwords. You can read more about that at The Four Computer Dreads: Passwords.
  3. Make sure that your computer’s data and backups are secure and malware-free.
  4. Use an IT professional like MacFinesse.com (Contact Us) to help you ensure that all of your systems are up-to-date, secure, and safe – that is one way of demonstrating your due diligence, and taking “reasonable” steps.

How about further reading and resources?

Colorado’s Attorney General has an entire page outlining everything you need to know: FAQ’s for Businesses

Varonis (a security firm) has a good synopsis on their site.

The Denver Post put out an excellent article with further descriptions.

Cleaning Up Safari Passwords

A Handy Tip for Cleaning Up Passwords in Safari

The number one challenge for Mac users that I regularly hear about from my clients is dealing with passwords. This includes deciding on passwords to use with new services, as well as making sure passwords are never shared across services. If you use a password manager like LastPass or 1Password, they have built-in functions to help with that. But if you use Apple’s built-in Keychain function, finding reused passwords has not been easy.

Dilbert Password

Well, if you use Safari on your Mac, version 12 now includes a function to notify you if you are sharing passwords with any other service. To access this, open Safari and under the Safari menu, choose Preferences, and click on the Passwords icon. You will be prompted to enter your regular Mac login password. Once you’ve done that, you’ll be presented with a listing of all the passwords Safari has saved for you.

Selecting any entry will highlight that service, and clicking on the Password dots will reveal the password for that service. If that service has a yellow triangle to its right, clicking on that triangle will bring up a window with information about duplicates. As seen in the screenshot below, that window will also give you a URL you can click on to go to that service and change your password.

In this example, in order for me to complete the clean-up indicated below, I would need to change the passwords on at least two of the three indicated sites to ensure passwords are not being shared.
Safari Password screenshot

If you also use an iPhone or iPad, and you have keychain sharing turned on in iCloud, then those iOS devices will inherit any password changes you make, and will then be instantly available on those devices, too.

 

Help Mr. Wizard!

Would you like some help with this, once and for all? That’s why we’re here. Contact us and we can take care of it for you!

Skype 7 – Is It Really Almost Dead?

Yes, the Sad Day is Coming Soon Support for Skype 7 will end on Nov‍emb‍er 1, 2‍01‍8 on desktop devices. When support ends, Microsoft will begin requiring updates to version 8. Although you may be able to use older versions for a little while, they encourage you to update soon to avoid any interruption. Microsoft… Continue Reading

Mojo? Mojito? No. Mojave!

Apple releases Mac OS 10.14 Mojave Update: Apple released the 10.14.1 update on October 30, which improves the stability, compatibility and security of your Mac. It also offers group FaceTime and more emojis. We now give this a thumbs-up, but still with all the caveats listed below. The folks in Cupertino have been working on… Continue Reading

iOS 12 – Should you upgrade?

Apple releases iOS 12 September 17th The folks in Cupertino have been working hard for a year now on the latest software update for iPhones, iPods and iPads. They had some ambitious goals for this release, and not everything made the final release. However, because of the fine-tuning and optimizing they’ve done on iOS 12,… Continue Reading

The Four Computer Dreads – Part 4: Ransomware & Scams

Ransomware is a form of malicious software (or malware) that, once it’s taken over your computer, threatens you with harm, usually by denying you access to your data. The attacker demands a ransom from the victim, promising — not always truthfully — to restore access to the data upon payment. Ransomware attacks are typically carried… Continue Reading

iPhone Spam Calls and Text Messages

What can I do about all these robocalls? The most common recommendation from security experts is to simply not answer your phone from numbers you do not recognize. That said, you’re probably still receiving voice messages that are clearly from robotic electronic recordings – robocalls. There are a number of apps you can run on… Continue Reading

The latest scam is from… AppleCare Tech Support???

Two different scams have become very prevalent in the last two weeks, with scammers escalating their tactics, and both of the scams seemingly involve Apple or AppleCare Tech Support. Both are bogus and both use social engineering to trick and scare you into doing some thing they want you to do. The so-called AppleCare Tech Support… Continue Reading

The Four Computer Dreads – Part 3: Phishing

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication (like an email). According to the 2013 Microsoft Computing Safety Index, the annual worldwide impact of phishing could be as high as US$5… Continue Reading

Troubleshooting, small business networks,
Macs, iPads, and printers
Device syncing, backups,
passwords and email accounts
OS and app optimization and updates, and
preventive maintenance