Mac Security Article #4 - Securing Data
Article ID = 84Article Title = Mac Security Article #4 - Securing Data
Article Author(s) = Graham Needham (BH)
Article Created On = 22nd May 2012
Article Last Updated = 14th February 2017
Article URL = https://www.macstrategy.com/article.php?84
Article Brief Description:
How to secure your data using macOS
Securing Data
This article has the following sections:- Creating A Secure Disk Image
- Securing Hard Disks/Storage Devices
- Apple's macOS / OS X / Mac OS X FileVault
- Third Party Encryption Solutions
- Encrypting (ZIP) Archives
- Encrypted Hardware
Creating A Secure Disk Image
A secure disk image can be used to securely store documents and data on any storage device. It is commonly used for storing documents such as a simple password list. Follow the instructions below to create a secure disk image on your Mac.- Go to Macintosh HD > Applications > Utilities > open Disk Utility.
- Go to File menu > New > Blank (Disk) Image.
- Enter a disk image file name for 'Save As' and choose where to save it on your computer. (Secure disk images can be saved to any storage device including USB sticks.)
- Enter a name for 'Name' (this is the name of the secure disk image as it will appear on the desktop icon when mounted - it can be different to the "file name").
- Choose the size of the image by clicking the 'Size' pop-up menu. Make sure the size of the image is large enough for your needs as you cannot increase the size of an image after creating it. You will be creating a "sparse bundle" image which only takes up as much space as there is data in it so choosing a large file size is okay.
- Choose a format by clicking the 'Format' pop-up menu (we recommend the "Mac OS Extended (Journaled)" option).
- Choose an encryption method by clicking the 'Encryption' pop-up menu (we recommend the "256-bit AES encryption" option available in Mac OS X 10.5 or later).
- Choose a partition by clicking the 'Partition' pop-up menu (we recommend the "Hard disk" option).
- Choose an image format by clicking the 'Image Format' pop-up menu (we recommend the "sparse bundle disk image" option).
- Click the "Create" button.
- Enter a password and verify it. (You can access the Password Assistant from this window by clicking the 'key' icon).
- Deselect/untick "Remember password in my Keychain" and click the "OK" button.
- Your disk image will be created and mounted on the Desktop.
- When you have finished using the disk image unmount it by ejecting it/dragging its desktop (mounted) icon to the Trash (do not drag the actual disk image file to the Trash).
- The disk image is now secure as it can only be opened by double clicking on it and entering the correct password.


Securing Hard Disks/Storage Devices
macOS / OS X / Mac OS X includes a couple of technologies for securing hard disks/storage devices. Apple's macOS / OS X / Mac OS X FileVault encrypts entire home folders/disks. OS X 10.7 Lion supports encrypting additional storage devices. OS X 10.8 or later supports encrypting Time Machine backups. To encrypt a Time Machine backup tick the "Encrypt Backup Disk" option when setting a Time Machine drive (OS X 10.8 or later):
NOTE: This process will erase your selected volume / storage device and wipe all data from it.
- Go to Macintosh HD > Applications > Utilities > open Disk Utility.
- Connect the hard disk/storage device to your computer.
- On the left in the Disk Utility window select the hard disk/storage device you wish to encrypt.
- Click the "Erase" tab.
- Select "Mac OS Extended (Journaled, Encrypted)" from the 'Format' pop-up menu.
- Type a name for the hard disk/storage device.
- Click the "Erase" button in the bottom right.
- Enter a secure password when prompted.
- Connect the hard disk/storage device to your computer.
- Locate the hard disk/storage device's icon on your Desktop (if it's not visible make sure "Hard disks" and "External disks" are ticked in Finder menu > Preferences > General tab).
- Right/control click on the hard disk/storage device's icon.
- Select "Encrypt" from the contextual menu.
- Enter a secure password and hint when prompted.
- Click the "Encrypt Disk" button.
Apple's macOS / OS X / Mac OS X FileVault
Apple's included FileVault technology allows you to encrypt data on your Mac's hard disk. FileVault v1 (Mac OS X 10.3 to 10.6) can encrypt entire home folders whereas FileVault v2 (OS X 10.7 or later) can encrypt entire boot disks including external hard disks.
- FileVault v2 for OS X 10.7 and later
- FileVault v1 for Mac OS X 10.6
- FileVault v1 for Mac OS X 10.5
- FileVault v1 for Mac OS X 10.4
Third Party Encryption Solutions
NOTE: Some applications like those in Microsoft Office (Word, Excel, PowerPoint) and Adobe Acrobat allow you to secure documents using password protection. In general we do not recommend the use of such facilities as they are easily broken/hacked. Use a secure disk image or encrypted ZIP archives instead.
NOTE: Encryption solutions usually require specific operating system versions - it is possible for an official Apple macOS / OS X / Mac OS X update to break such solutions which means that you cannot update your OS until the solution is verified/updated to work with it - this could actually leave you less secure with an unpatched OS while you wait.
Third party encryption solutions:
- IDRIX VeraCrypt
- Jetico BestCrypt
- GnuPG (Open Source)
- Tao Effect Espionage for Mac
- Symantec Encryption Solutions (use to be Pretty Good Privacy - PGP)
Truecrypt (Open Source)
NOTE: On 29/05/2014 the TrueCrypt web site contained a message that the development of TrueCrypt had ended and "Using TrueCrypt is not secure as it may contain unfixed security issues". A good write up about this and the future of TrueCrypt can be found here.
Encrypting (ZIP) Archives
The built-in OS X ZIP (compression) software does not support encrypted zip files. The following software does and is especially useful for sending encrypted email attachments:
- Archiver (£15) also on the

- Smith Micro Stuffit Destinations

- Smith Micro Stuffit (US$29.99)
- Smith Micro Stuffit Deluxe (US$49.99)
- BetterZip (US$19.95) also on the

- WinZip
- Entropy

Encrypted Hardware
Encrypted USB Sticks
Kingston DataTraveler
- DataTraveler Vault Privacy
- DataTraveler Vault Privacy Managed
- DataTraveler 4000
- DataTraveler 4000 Managed
- DataTraveler 5000
- DataTraveler 6000
iStorage DataShur
- 4GB
- 8GB
- 16GB
Encrypted Portable Hard Disks
RocStor Rocsecure
- RocSafe MX
- Commander 2F3
- Commander 2UE
- Rocbit FXPW
- Rocbit FXKT
- Rocbit 2B
- Rocbit 2U
LaCie Rugged Safe
- 1TB hard disk
- 250GB SSD
iStorage
- diskAshur
- diskAshur SSD
- diskG aka diskGenie
- diskG* SSD aka diskGenie SSD
Encrypted Desktop Hard Disks
RocStor Rocsecure
- Commander 3UE
- Rocbit 3A
- Rocbit 3U
iStorage diskAshurDT
- 1TB hard disk
- 2TB hard disk
- 3TB hard disk
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
Go to this
web page
to donate to us.




If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
Go to this
web page
to donate to us.
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
Go to this
web page
to donate to us.
