Why and How to Encrypt Your Files on macOS

Encrypting files might seem like something that only spies and adulterers would benefit from, but it’s something that all of us should be doing.

If you don’t have anything to hide, why would you worry about your privacy? The fact is we all have something we’d prefer the entire world didn’t know. It might not be a big deal, but if you were fine with every detail of your life being public knowledge, you’d be a bit of a rare bird. Much in the way that we’re all criminals – wait, you never speed when driving? – we all have something to hide.

There are other factors aside from personal privacy to consider with encryption. If you keep proprietary information on a laptop, it would be foolish to protect it with only your login password.

Encryption is the process of hiding data so unauthorized parties can’t read it. It’s the same principle behind writing a message to a classmate in code.

In its modern incarnation, computational encryption relies on mathematical operations that can be done quickly in one direction but are very difficult to do backwards. If the math can be done quickly in the “forward” direction while encrypting files, the algorithm will be fast. If running the math “backwards” to decrypt the files without the key requires huge time scales, then the encryption will be hard to break.

filevault-encryption-0

FileVault is part of every Mac. Since Yosemite it’s been enabled by default for each new install. FileVault works by encrypting the entirety of your hard drive. The key to unlocking this encryption is your password. This means that without your password your data is unreadable. You’ll also have a recovery code, and you can log in with your iCloud account, too. If you lose all that, your data will be forever encrypted.

To check if you have FileVault enabled, visit the “Security & Privacy” pane under System Preferences. Then, click on the FileVault tab. If the button on the right says “Turn On FileVault,” you have it turned off. Unlock the pane and click that button to begin the encryption process.

veracrypt-mounted

VeraCrypt is an open-source program that creates encrypted volumes. This can be any non-booting physical volume, like a USB drive or disk partition, but it can also be a logical volume, like a disk image (DMG). You can choose from a wide variety of encryption standards, including AES, which is the U.S. government’s currently-approved method. It’s robust and well-respected, but it does require some setup. The program itself relies on another utility, MacFUSE, to run, which needs to be installed separately. And once you’ve created a volume with VeraCrypt, you’ll need to mount it inside of VeraCrypt in order to view the files.

concealer

The basic function of Concealer is similar to VeraCrypt. It creates encrypted logical volumes that you can add files to. It’s a little more user-friendly than VeraCrypt but offers far fewer options. Like most encryption programs, once you’ve created an encrypted volume through Concealer, you’ll always need to access it through Concealer.

Concealer also offers additional functionality as a password/payment info manager. It provides an easy way to save passwords and encrypt credit card or bank account numbers.

encrypto-encryption

Encrypto is the most user-friendly encryption software I’ve ever used. It encrypts single files with a password – that’s it. You drag and drop a file on to the Encrypto window, and that file will be encrypted with your chosen password. To decrypt, drag the file back into Encrypto and enter your password. Under the hood Encrypto uses AES-256, which is both strong and standard. There’s no option to change anything, but the streamlined nature of the process makes it easy to use. And the best encryption is the encryption you actually use.

keka-7zip-encryption

You know about ZIP files, and you might even know you can add passwords to them. Here’s the thing: it’s basically useless as security. Attackers can view the names and metadata related to the files within a standard password-protected ZIP archive. 7zip’s encryption mode helps solve this problem by encrypting the filenames of the archive’s constituents alongside the files themselves.

The default compression tool on your Mac can’t handle 7zip, so you’ll need a separate program to implement it. The best available option right now is called Keka, and it’s dead simple to use. You pre-configure the security settings you’d like to apply, drag your files onto the window, and boom: you get an encrypted 7zip archive next to your original files. To decrypt the file, open it in Finder and enter the password in the small Keka window that pops up.

keka-7zip-decryption

As my dad always told me, “Locks are for honest people.” It’s probably impossible to completely protect yourself from a dedicated, skilled attacker. But if you’re trying to erect a barrier between your data and the rest of the world, encryption is an easy way to gain some peace of mind.

Image credit: Data Security

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.