How To Set Up FileVault Encryption On Your Mac

Some Background

FileVault is disc encryption for Mac computers to help prevent unauthorized access of any files on the main disc drive. Buffalo State College has begun deploying FileVault for mobile devices to enhance data security for devices that are commonly used off-campus.

Once FileVault is enabled, all newly created files on the main hard drive are encrypted on-the-fly. External hard drives and flash memory are not (!) protected by FileVault. FileVault requires that you log in every time your Mac starts up, and no accounts are allowed to log in automatically. A Recovery Key is provided during setup that users must document, to allow the device to be unlocked in case they ever lose their normal account credentials.


How To Enable FileVault On Your Device

  1. Log into your profile using your Network credentials.
    This image shows the main MacOS login screen

  2. Open the Self-Service app, which can be found using Launchpad and searching for "self service."
    The Launchpad feature can be accessed from either the top-right magnifying-glass icon, or the rocket icon in the taskbar at the bottom of the screen.

  3. Once opened, log into the Self-Service app using your Network credentials.
    The Self-Service login uses your standard Network account credentials

  4. Choose the Security category on the left-hand sidebar, and click the Turn On FileVault button under the FileVault icon.
    Choosing the Security category will filter down the program results to show the FileVault icon.

  5. Your may be asked to re-enter your password, after which a "PLEASE READ" screen will appear, explaining the next steps. When ready, you can click Turn On FileVault in the bottom-right to continue.
    The FileVault screen before it displays the Recovery Key will outline the remaining steps of the setup process.

  6. This new screen shows your Recovery Key, which should be written down. There's an intentional delay of 2-3 minutes before your can click the Continue button, to make documenting this key easier. After clicking Continue, the setup process has been completed, and you'll be brought to the Mac OS login screen.
    The Recovery Key screen will display the user's key for some time before the Continue button key can be clicked to finalize the setup.


Encryption will start automatically, and the computer can be used normally. The first-time encryption of data already on the computer occurs in the background, but please note that it will only progress while the computer is awake and plugged in to AC power. All new files created saved to the main hard disc will be encrypted on-the-fly. You can check progress of this first-time encryption in the FileVault section of Security & Privacy preferences.



Article ID: 95498
Thu 1/9/20 1:27 PM
Fri 10/23/20 1:53 PM