Government authorities and workers, please take note (I’m looking at you, tax people!): encryption protects your data, so that there isn’t a national outcry every time one of you spoons loses a bloody laptop or pen drive on the train. It exists to protect sensitive information, so USE IT!
With Lion, there’s no excuse not to enable FileVault. Not only is it more compatible with other features of Mac OS X now, such as Time Machine, it also protects the entire Mac OS X partition, not just your home folder.
It lives in the same place as it always has. To enable FileVault, simply go to System Preferences > Security & Privacy > FileVault and click the button to turn it on. You’ll be given a recovery key in case you forget your password – make a note of it – and then it will begin to encrypt all of your data with XTS-AES 128-bit encryption.
One key improvement to FileVault in Lion is the way that your files are encrypted. In previous versions of Mac OS X, there were a number of incompatibilities with Apple’s backup solution, Time Machine. As data is now no longer encrypted at file level in FileVault, these incompatibilities aren’t as troublesome, making it a much more pleasant experience. I meant what I said earlier: there is now no reason for you not to encrypt your data!
Files on your Mac OS X partition on your hard drive will remain locked until they are unlocked by your password. There is, after all, no point in encrypting all of your data on the actual hard drive if the potential criminal can waltz past a login screen that isn’t there, right?
The interesting thing here is that you are required to type your password BEFORE your Mac boots into OS X. The Mac partition will be completely locked down until you enter that information. You can still boot in to Windows or your other operating systems, but you can’t touch the Mac partition at all unless you type your password. The reason for this is that your recovery keys are stored in the Recovery HD partition on your Mac which is created when Lion is installed. When you provide the correct password, the machine is authorised to continue booting the operating system.
If you happen to forget your password, then you can use the recovery key that was provided to you when the FileVault system was set up to access your data. If you didn’t note down the recovery key, then you can use the questions which are linked to your Apple ID to recover the data instead. Either way, the odds are that if you’re authorised, you will be able to get to your data somehow even if you forget your password.
Overall, FileVault in Lion is a pretty big improvement over Snow Leopard, and it’s been overhauled to give you great data protection whilst also making sure it works well with Time Machine. If you haven’t used FileVault before, now would be a great time to start. At least check it out; you can turn it off if you don’t like it!