Encryption - What Is It, Why You Need It, And How To Enable It On Your Apple Devices
Encryption. It’s been a buzz word lately, hasn’t it? The textbook definition of encryption is:
The process of converting information or data into a code, especially to prevent unauthorized access.
Essentially it means putting your data somewhere that is passcode protected that only you or someone with the proper code can unlock. I believe encryption will be at the heart of all security and privacy conversations from now until the end of time. End user privacy is something that has been at the core of Apple for many years. Apple’s CEO Tim Cook has even publicly stated that privacy is “A Fundamental Human Right”, and a “Core Value” to the company.
So let’s chat about encryption. I myself am a big advocate for encryption, and believe everyone should have passcodes and encryption set up on their devices. The entire product line that Apple offers comes with pre-built in device encryption. All of iOS (iPhone/ iPad/ iPod Touch) ships directly to the consumer in an encrypted state. It’s the users choice to actually enforce that encryption by enabling a passcode lock. You’ll notice how quickly this encryption can happen on iOS, and the reason for that is the operating system is designed to do the heavy lifting for you. 💪🏻
To enable encryption on iOS navigate to the Settings App, scroll down to FaceID & Passcode, or TouchID & Passcode depending on what model device you have, and select Turn Passcode On. The default setting in iOS would be a 6 digit number, but you can change that yourself to either a 4-Digit Numeric Code, Custom Numeric Code, or and Alphanumeric Code. I recommend a 6 digit numeric code as a minimum. Type in that same number twice and boom. You’re done. Your iOS device is encrypted. 💥 I’d of course recommend, if you haven’t done so already, to set up FaceID/ TouchID to take advantage of these incredible security features built in to your device.
When you setup FaceID, TouchID, or a passcode lock, that data is stored in what Apple calls the Secure Enclave. This data never gets backed up to iCloud and is always locally stored on the device. Think about your past experience with this. If you ever had an iPhone with TouchID or FaceID enabled, when you restored your data from an iCloud backup did it automatically remember your Face, Fingerprint, or Passcode lock? The answer is NO, because Apple never lets that data leave your device. It’s locally encrypted in this secure chip.
The Mac is is a bit different. Built into macOS is a feature called FileVault 2. FileVault 2 is in the family of FDE (Full Disk Encryption). This feature needs to be enabled on the Mac itself. To do so navigate to the in the upper left hand corner of the screen, System Preferences, Security, FileVault, and select the option to “Turn On'“. Here we are presented with two options. Option 1 - Setup my iCloud account to reset my password. And Option 2 - Create a recovery key and do not use my iCloud Account. For our purposes here let’s choose option 2. The Mac will prompt you for the local passwords for the users accounts on the computer. When these user accounts are authenticated at this screen they become capable of unlocking the disk and bypassing encryption by being assigned a token from the Mac. The Mac will also give you a 1 Time Recovery Key that can always force change a local user password to gain access to the disk. Without these login methods there is no way possible to log in to access this hard drive data. I REPEAT, No-Way-In. 🛑 Ensure your store the 1 Time Recovery Key in a safe place so you can use it later in a disaster recovery situation to access the data on your Mac. On older Macs your device would restart to kick off the encryption. With the 2018 Macs using the new secure T2 chip, they work very much like iOS in a way that the encryption happens almost instantly. This is a HUGE enhancement from years ago when sometimes it would take a full 24 hours and severely slow down your Mac to have your disk fully encrypted!
Lastly the new late 2017 iMac Pro, 2018 MacBook Air, 2018 MacBook Pro, and 2018 Mac Mini all have this new Apple T2 security chip built in. This T2 chip debuted in late 2017 on the iMac Pro and is a custom chip built by Apple that allows for the next level of security and encryption. This chip even further limits how an Apple device behaves and handles your personal data. For macOS it handles Mac encryption with the TouchID sensor, Microphone, FaceTime Camera, Hey Siri command protection, and something called Secure Boot which will ensure your Mac is using a legitimate trusted operating system that has been signed by Apple before it runs.
Security, privacy, and user encryption matter. Ensure you take advantage of these free features on all of the devices that you own. 🔐
Be well.
