MacOS High Sierra- Full Disk Encryption using FileVault

Mac FileVault 2 is the default disk encryption for newer Macs, which encrypts the entire disk using XTS-AES 128-bit encryption with a 256 key. This encryption scheme is recommended by the (NIST).

  1. Choose Apple menu > System Preferences, click Security & Privacy, then click FileVault.
  2. Click the lock icon to unlock it, then enter an administrator name and password.
  3. Click Turn On FileVault.If a message says your computer needs to restart, click Restart. After restarting, log in and return to the FileVault pane.
  4. Choose how to unlock your disk and reset your login password if you forget it:
    • Use your iCloud account: Click “Allow my iCloud account to unlock my disk.”
    • Create a recovery key: Click “Create a recovery key and do not use my iCloud account.” Write down the recovery key and keep it in a safe place.
  5. Click Continue.
  6. If your Mac has multiple users, click Enable Users, click Enable User and enter the login password (or have the user enter it) for each user that you want to allow to login after the Mac starts up, then click OK.If you don’t allow a user to log in after startup, an administrator must log in before the user does.
  7. Click Continue.
  8. Click Restart.

After you restart, encryption begins. It may take some time to encrypt your information, depending on how much is stored. However you can use your Mac as usual while your information is being encrypted.