They'll have to work out my login password AND defeat the two-factor authentication first. Do you think they could do that? I don't.
Ok, let's go back to basics. The login password and any 2factor auth will only prevent the user from actually logging into a console session as you. However, if an attacker/thief wants access to your data, and that data is not encrypted-at-rest (as with FileVault), they immediately have at very minimum 3 options available to them:
- Boot in single user mode, mount an external volume and copy the data.
- Boot from an external device (UDB, FW, TB drive etc), copy the data.
- Remove the drive/SSD, mount in another machine, copy the data.
Beyond this there are many more ways, but these would be my first goto methods.
So you can see that no matter how strong your password and how many factors of auth, if the data is not encrypted it is vulnerable.
I didn't say it was unstable, nor did I say it would affect performance. But tell me this: what's your fix when a user comes to you with FV enabled and has forgotten or lost the password, or believes it to be correct but it doesn't work?
Let me know when you've got an answer for that one, and I'll consider changing my recommendation. I've seen WAY too many users ignore proper procedure and lose their data to EVER recommend it to "normal users." You'll see soon enough ...
I do indeed have an answer for that, as I alluded to in my original post. FileVault has several mechanisms for recovery from lost credentials. The first of these, that could be used for both corporate and individual users is the recovery key that FV generates and displays to the user when he volume is initially encrypted, it looks something like this: ABCD-1234-EFGH-5678-IJKL-9012. This can be stored in either digital or analogue format and is a user's secondary unlocking credential for FV. A user can also link FV recovery to iCloud and use their Apple ID to authenticate and retrieve an unlock key.
In a corporate environment, we also use a master key that Back Office team can use to unlock any Mac encrypted with our FileVault profile. We combine this with multiple users enabled for FV unlocking, individual, per machine unlock keys for Front Office use and the master key for last ditch. Oh yeah, and backups for disaster recovery.
We happen to use the
JAMF Casper management system that aids us with deployment, management, compliance reporting and storage of keys, but there are other recovery key escrow solutions available including free ones such as
Cauliflower Vest.
You could even bake your own solution using the generally pretty decent
fdesetup tool provided by Apple in the OS for command line management of FileVault. The eat their own dog food and use this tool themselves doing
fdesetup authrestart for OS upgrades.
For further reading one this I recommend my comrade in arms
Rich Trouton, who has a supreme knowledge of this and writes excellent articles (103 articles tagged FV alone at time of writing!)
In short, when a user comes to me here, in a corp environment, I have 3 ways to get them back in and I have backups if none of the above work. If a non-corp person comes to me with this issue, I ask where their recovery key is, failing that, go to iCloud method and beyond that ask where they backup to. If they don't have a backup, I hand them a tissue, and tell them that they've learnt several lessons for future: take multiple backups (Crashplan anyone), read dialogs, record important looking credentials/keys.
I would agree that FileVault is not something to be enabled blindly and without knowledge, or at least reading the dialogs presented, but I will vociferously argue that there's really no reason not to use Apple's full volume encryption system that I can see, and in the current climate with much more tech savvy criminals about I would say many people would be sorry if they didn't.