Have you ever entered a personal identification number into a document? Did you ever need to send a PDF that contained a piece of sensitive information? Wouldn’t you sleep better knowing that every bit of data on your Mac is secured by an unbreakable encryption standard?
Then perhaps you should know how to encrypt files on a Mac.
All your encryption needs are provided as free software on all Macs from OS X Lion to macOS Catalina.
These kinds of encryption tools have typically only been accessible via the terminal or command line. Now, just a few extra clicks are all that is required to add an encrypted folder to my Mac.
Here are some of the possible solutions for securing your sensitive identification and financial data using Mac tools provided for free:
- Disk Utility to password protect folders.
- FileVault for encrypting your entire computer.
- Print to PDF to instantly secure any document for sending.
1. How to Encrypt a Folder on Mac Using Disk Utility
Disk Utility can create an encrypted file known as a disk image. It is similar to a zip file, but it utilizes the strongest Mac encryption method.
For example, this option is how I would add an encrypted folder to my Mac to keep an archive of past financial records.
- Use Spotlight (push ⌘+space or click on the magnifying glass icon on the upper right corner of the menu bar to use Spotlight and type in Disk Utility and press Enter to open. Alternatively, you can open Disk Utility it from the Applications > Utilities folder.
- From the menu, select “New Image” > “Image from Folder...” and choose the folder you want to encrypt.
- Enter a name, tags (optional), and select where to save the disk image.
- Choose an encryption level of 128-bit or 256-bit.
- Click “Save” and then enter a secure password. Warning: if you cannot recall this password then you will not be able to open this folder.
- If it seems like the disk image is stuck during this process, keep in mind that larger-sized files can take more time to encrypt.
- The process will alert you when done. Select done and you will have encrypted and password protected a folder.
This is an easy way to password protect large quantities of information that can then be easily moved and archived in external drives.
One drawback of keeping backups in this way is that they are not easily updated when new data needs to be added to the archive. As time goes on, you may consider investing in backup software that will automate this process.
2. FileVault for Full-disk Encryption
With FileVault encryption on a Mac, a malicious party will not get any meaningful data if it’s stolen. Every victim of computer theft has lost their computer, but not all have to lose their identity to thieves.
Any Mac owner should take these few simple steps to ensure they have auto-encryption turned on using FileVault (10.6 Snow Leopard) or FileVault 2 (10.7 Lion to 10.15 Catalina).
- Use the Apple Menu to open System Preferences
- Select Security & Privacy
- Navigate to the FileVault tab and click on the lock on the bottom left. When you enter your password to unlock the setting, you will be able to select “Turn on FileVault”.
- For computers with more than one user, you may be asked to enter any passwords required by those users before being able to proceed with the complete Mac encryption.
- You will be asked to create a recovery key in case you misplace your Mac’s password and you cannot access your data. You have two options:
- You can set this key to be connected to your iCloud account, in which you would not need to store any special code and be able to unlock your Mac by logging into your iCloud account on the device.
- The other option will generate a key that will display on the screen that you can write down or save securely in another digital location. Note: don’t save the recovery key on the Mac you are encrypting because then you will not be able to access it when you need it.
- The encryption process will begin and can take several hours. It is required that your Mac is plugged in during the encryption so plan your time accordingly.
As long as you can log in to your Mac, you will always have access to your unencrypted files. With FileVault turned on, everyone else is kept out and no special tricks will let anyone access your data.
All macOS and OS X Yosemite or later allows you to use an iCloud account as a backup method for unlocking your FileVault in case you ever forget your password.
3. Create an Encrypted PDF for Emailing
Any file you store in a cloud service or send via email is vulnerable to unauthorized access. In short, anyone who can steal the file can read it.
Quickly encrypt individual files on a Mac and make files readable only by those with the password using the Print to PDF feature.
Print and Save as PDF
- Select Print (⌘+P)
- Find and select Save as PDF *(see note below if this is not an option)
- Select a save location, set a name, etc.
- Choose Security Options...
- Enter a secure password
- Select Save and the file will save as a secure PDF.
- Try to open the file and you will be asked to enter the password before anything will display.
*Some programs will have their own printing options. To ensure access to the “Security Options...” you will need to be using the system dialog print options:
For example, Google Chrome will use its own print options, but will have an option to “Print using system dialog”. Select that option and you can resume the steps above.
The critical steps are choosing “Security Options...” and setting a password. This will encrypt the folder and make the saved file unreadable without the password.
Because passwords are a critical part of keeping your Mac secure, we can recommend these Top Ten Password Managers for keeping your passwords secure.
Note that the saved file will not replace the existing file. If you want to only have the secured file on your hard drive then you will need to delete the original file once the encrypted file is generated. If you have encrypted your disk using FileVault (see steps above), then you will only need to encrypt individual files on a Mac when you are saving them to 3rd party cloud storage or sending them over a network.
The Advanced Encryption Standard has been the nationally recognized encryption specification since 2001.
The basic premise of strong encryption is to repeat the process of “shuffling” the data based on a key. By repeating the encryption process at least 5 times (64-bit key), the data would be past the point of ever being read.
The National Institute of Standards and Technology (NIST) states that AES 128-bit key is applicable for “SECRET” data, but would recommend AES 256-bit for all of your “TOP SECRET” documents.
The Bottom Line
You can keep your data safe from unauthorized access using free tools on your Mac. It is a worthwhile use of your time to always encrypt sensitive files before sending them via email, and to keep your Mac data locked using FileVault.