Apple FileVault 2 - Turning On
  • FileVault 2 is available from the Security & Privacy pane of System Preferences
  • Click the FileVault tab in the Security & Privacy pane to enable or disable FileVault.

 

If you migrated a home directory that was encrypted by an earlier version of FileVault (Legacy Filevault), you need to turn this off first. 

See the "Migrating a FileVault-protected Home from an earlier version of Mac OS X" section below for more information.

 

When you select "Turn On FileVault", you're asked to identify the user accounts that are allowed to unlock the encrypted drive if there is more than one account present. 

You'll need to enter the password (or have users enter their passwords) for each account you want to have the ability to unlock FileVault 2.


 

https://support.apple.com/en-gb/HT4790


 

 


 

 


 

 


Changing your recovery key

 

In the Security & Privacy system preference, under the FileVault tab, click "Turn Off FileVault" to disable FileVault. After FileVault is off, FileVault will begin to decrypt your drive. Once decryption is complete, you can click the "Turn On FileVault" button. Doing this allows you to enable unlock-capable users. You're also provided with a new recovery key and have the option of sending this new key to Apple. The old key sent to Apple will not be able to unlock your newly-encrypted disk. If you need to retrieve your recovery key from Apple, only the new one will be retrieved based on the Serial Number and Record Number displayed in the login window.

 

 

Your password and Recovery Key are critical

 

The encryption used in FileVault 2 prevents accessing data on your encrypted drive without a permitted user account's password, or the recovery key. When you choose to turn on FileVault, you can no longer log in automatically. Take great care in choosing an account password that you feel is both secure and easy for you to remember. When enabling FileVault, carefully write down your recovery key somewhere, and be certain to make a copy of exactly what is shown. Store this copy of your key outside of your encrypted disk. If you choose to store your recovery key with Apple, take great care in choosing your related security questions and providing answers you can, if needed, clearly convey to an AppleCare phone support advisor.

 

Not all languages or regions are serviced by AppleCare. Check the Apple Support website to see if you can retrieve your recovery key, should you need to. Not all AppleCare-supported regions provide support in every language. If you choose your preferred language, enable FileVault 2, and choose to store your key with Apple, your answers may be in languages and/or characters not supported by AppleCare.

 

Storing your recovery key with Apple provides a secure alternative to your own best efforts to remember and securely document your own password and recovery key. There is no guarantee that Apple will be able to provide your recovery key back to you.