If you Mac is stolen…FileVault and KeyChain

[DrQuincy]

It's always bothered me if either of my iMacs got stolen. Not so much the computers themselves as they're insured but the content on them as they contain source code and content for hundreds of clients' sites. I had always assumed that if you stole a Mac and could log in you could remove the hard drive, mount it and get access to most of the data.

I was delighted to read about FileVault 2 this morning though, I'd never heard of it before. I've got two iMacs that I upgraded to Yosemite and have just enabled FileVault. It is encrypting as we speak…

I still have a few questions/concerns though:

1. Am I right in saying that FileVault and KeyChain decrypt on login and encrypt on logout or shutdown. If this is that case and your Mac is on screen saver or asleep and a thief comes in, pulls the power cord and mounts the drive later on, won't the contents and all your keychains set to “Always allow” be accessible? Or does it rely on something in RAM that is wiped when the power goes?

2. So long as you don't leave your machine unattended when logged in is setting a separate password for any given keychain pointless? I tried it for a time and found it annoying.

Logging out every night or when I leave the machine unattended is no big deal and I always shut down when I go away for more than a day. I just want to know if in this instance using FileVault and KeyChain in this way are secure enough so that any thief would not be able to access any of my clients' data and my emails, etc. I also encrypt both my Time Machine drives.

I realise I'm being hyper-safe here. The average thief in my area would not likely have much computer expertise. They almost certainly won't be a cryptographer else they'd be earning better money elsewhere.

Thanks a lot.

P.S. If FileVault encrypt/decrypts everything every time you login and does it not completely kill performance?

 

[chscag]

FileVault 2 is not going to stop a sophisticated thief from gaining access to your data. But as you stated, persons with that type of knowledge are not going to steal someone's Mac.

If you leave your Mac unattended and do not shut it down, then anyone who can gain access to your Mac can also gain access to your data. Simply put, if you use FileVault 2 and leave your Mac unattended, shut it down. (That can be very inconvenient during a work day.)

And yes, there is a slight performance hit when using FileVault 2. And one more note: Do not forget your password.

 

[DrQuincy]

FileVault 2 is not going to stop a sophisticated thief from gaining access to your data. But as you stated, persons with that type of knowledge are not going to steal someone's Mac.

Thanks, that's useful to know. So basically if a switched on Mac is stolen, regardless of if it's logged in or not, then the hard drive is mountable, correct? If so, what about Keychain stuff? I've not yet figured out how that works. Even when logged in it prompts you for your password if you check the “Show password” box.

If you leave your Mac unattended and do not shut it down, then anyone who can gain access to your Mac can also gain access to your data. Simply put, if you use FileVault 2 and leave your Mac unattended, shut it down. (That can be very inconvenient during a work day.)

If the thief boots the machine first though, FileVault 2 would kick in again, wouldn't it?

By the way, if FileVault 2 uses 128-bit encryption, why is it “not going to stop a sophisticated thief from gaining access to your data”? Surely, it's going to take a lot of time and computing power to get at that.

And yes, there is a slight performance hit when using FileVault 2.

It's finished encrypting on my late '12 27" iMac and I can't tell so far.

 

[vansmith]

Just a few things to note:

1. FileVault doesn't include backup drives so if you're using Time Machine, those remain unencrypted.
2. If you want something that's a little different, you could store content in an encrypted disk image and work out of that. It's probably not ideal but it might be a little easier to manage (since you wouldn't have to reboot to effectively lock people out).

 

[DrQuincy]

Just a few things to note:

1. FileVault doesn't include backup drives so if you're using Time Machine, those remain unencrypted.
2. If you want something that's a little different, you could store content in an encrypted disk image and work out of that. It's probably not ideal but it might be a little easier to manage (since you wouldn't have to reboot to effectively lock people out).

Thanks.

1. Yep, but you can format it to use an Encrypted file system.
2. I have my super private stuff in a 256-bit encrypted .sparseImage file (I actually think .dmg is better as it's not a set size). I'm guessing if I put all my clients' work in there (~50 GB) that'd be quite slow. Or is it no different to FileVault?

 

[DrQuincy]

One weird thing to add. Now I have FileVault operational on 2 x 27" iMacs they run slightly differently.

On my mid 2010 iMac it functions as expected.

On my late 2012 one I have to log in twice from sleep. First I log in then get a progress bar and have to login again on the normal screen. There has been a difference in the two since I upgraded to Yosemite in that I have to wait for the progress bar on the newer iMac. On the new iMac it always takes a few seconds for the mouse and keyboard to kick in on the second login too. Is this normal?

 

[DrQuincy]

I've noticed as well you can add Keychain to the bar at the top and there is a “Lock Screen” function. Does this automatically lock the keychain and remove all references from memory?