FileVault- General FAQ
1. Why use Hexnode to enable FileVault?
Enabling FileVault through Hexnode makes the process easier. Using Hexnode, you can enable FileVault on multiple devices simultaneously. If the same task had to be done without Hexnode, you would have to manually set up FileVault on each device individually. Hexnode lets you choose the type of Recovery Key that needs to be used (Institutional, Personal or both). The ‘Institutional Recovery Key’ can be saved in Hexnode. You can also opt to skip enabling FileVault at user login.
2. Will using FileVault cause any performance issues?
There will not be any noticeable difference in the performance of your system after enabling FileVault.
3. Is FileVault really necessary when I have a strong login password?
A strong password will not stop someone from copying your data. There are ways to override the password and access the files using another Mac. Having FileVault enabled will encrypt your data. Even if a hacker manages to access your files, they will be indecipherable. Only you will be able to decode it with your FileVault password.
4. Why should I use the option, “Institutional and Personal recovery key” to encrypt?
Each method of encryption has its own set of advantages and disadvantages. However, the advantages of using both ‘Institutional Recovery Key and Personal Recovery Key’ outweigh the disadvantages in most of the cases. This option exists so that there is an alternate method of decryption if ‘Personal Recovery Key’ is lost. Also, this option allows users to reap the benefits of both the ‘Institutional Recovery Key’ and ‘Personal Recovery key’. To decrypt a system encrypted using ‘Institutional Recovery Key’, the password used to create the recovery key is also needed in addition to the recovery key itself. Since ‘Personal Recovery Key’ can also be used, only limited number of people need to have access to ‘Institutional Recovery Key’. Thus, ‘Institutional Recovery Key’ can be closely guarded.
If only ‘Institutional Recovery Key’ is used to decrypt, either the key needs to be accessible to everyone or only the admin can unlock the device. Making the key accessible to everyone compromises security. Anyone having this key can unlock the whole fleet of macOS devices in an organization. Giving the power to decrypt the device to admin alone is not practical.