Encryption: How to manually enable FileVault on your macOS computer


Your Mac computer operating system comes bundled with native FileVault encryption software.

OIT offers a centrally managed encryption service that will enable the FileVault encryption on your Mac and store the encryption recovery key in an OIT system.  If you forgot your password, you can contact your SCAD/DCS member or the OIT Help Desk to retrieve the recovery key.  Contact your SCAD/DCS member or OIT Help Desk at 8-HELP for more information and to enroll your Mac into this service.  If you decide to participate in the centrally managed Princeton Encryption Service, you do not need to proceed with the  instructions below.



How to manually enable FileVault

The following are instructions to turn your Mac’s FileVault encryption software on if you have administrative privileges on your computer. If you forget your computer password and you lose your recovery key, your data will be lost. Note that these instructions are for OS X 10.7 or later.


Back up your computer

Back up your computer before proceeding with encrypting your Mac. Suggested options are:


Turn on FileVault

To encrypt your hard drive with FileVault, open the Security & Privacy preference to turn on FileVault. A recovery key is generated and displayed. You should make a copy of this and keep it in a safe place. If you forget your computer password, the recovery key is used to unlock your encrypted hard drive.
After turning FileVault on, you can use your computer while it is being encrypted.
After your computer has been encrypted, log in to your computer as usual with your computer name and password. The whole disk encryption is invisible and seamless while you use your computer. Reminder:  If you forget your computer password and you lose your recovery key, your data will be lost.

1. Open the System Preferences.
2. Click Security and Privacy.
3. In the Security & Privacy pane, click the FileVault tab.
4. Click the lock in the bottom-left corner to unlock and make changes.


FileVault prefs, locked.


5. Enter your administrator name and password for the computer and then click Unlock.

Enter admin credentials.


6. Click Turn on FileVault...

Turn on FileVault.


7. Enable Other Administrators and enter the password (or have users enter their passwords) for each account that can unlock the disk.

enter password


8. If you are prompted to let Apple store your recovery key, select your preferred option and then click Continue.

Recovery key location.


9. Your recovery key is displayed. You will need this to unlock your encrypted hard drive if you forget your computer password. Make a copy of the recovery key and store it in a safe place. When you click Continue, the the encryption process will start.

Recovery key.