TheTest.com

BitLocker and FileVault Disk Encryption

How to check, enable, and manage disk encryption on Mac and Windows

Disk encryption scrambles everything on your drive so that nobody can read your files without your password or recovery key. If your laptop gets lost or stolen, encryption is the difference between "inconvenient" and "catastrophic." Both Mac and Windows have built-in encryption, and on many modern devices it is already enabled by default.

macOS uses FileVault to encrypt your startup disk. On Apple Silicon Macs (M1 and later), your data is always encrypted at the hardware level, but FileVault adds an extra layer by requiring your login password to unlock the disk on boot.

Check if FileVault is on:

  1. Open System Settings
  2. Click Privacy & Security in the sidebar
  3. Scroll down to FileVault
  4. You will see either "FileVault is turned on" or "FileVault is turned off"

Turn FileVault on:

  1. Open System Settings > Privacy & Security > FileVault
  2. Click Turn On
  3. Choose how to store your recovery key:
    • iCloud account — your Apple account can unlock the disk if you forget your password. Easiest option for personal use
    • Create a recovery key — generates a 24-character key you write down and store somewhere safe. Better for IT-managed machines
  4. Click Continue and wait for encryption to complete. You can keep using your Mac while it encrypts in the background

Turn FileVault off:

  1. Open System Settings > Privacy & Security > FileVault
  2. Click Turn Off
  3. Enter your password when prompted
  4. Decryption runs in the background

Find your recovery key:

  • If you chose iCloud: go to iforgot.apple.com, sign in with your Apple account, and follow the recovery steps
  • If you chose a local recovery key: check wherever you saved or printed the 24-character key. There is no way to retrieve it if you lose it and forget your password

Frequently Asked Questions

What happens if I lose my recovery key?

If you forget your password and lose your recovery key, the encrypted data is gone. That is the entire point of encryption — without the key, nobody can access the drive, including you. Always store your recovery key in at least two places (cloud account and a physical or offline backup).

Does disk encryption slow down my computer?

On modern hardware, the performance impact is negligible. Apple Silicon Macs handle encryption in hardware with no measurable slowdown. Windows machines with AES-NI support (virtually all CPUs from the last decade) see less than 1-2% impact in normal use. You will not notice a difference.

Is my data encrypted by default?

On Apple Silicon Macs, hardware-level encryption is always active, but FileVault (which ties it to your password) may not be. On Windows 11 devices with a Microsoft account, TPM 2.0, and Secure Boot, device encryption is often enabled automatically. Check using the steps above to be sure.

Can I encrypt an external drive?

On Mac, right-click the drive in Finder and select Encrypt. On Windows Pro, right-click the drive in File Explorer and select Turn on BitLocker. Windows Home does not support BitLocker for external drives without third-party tools.

Does encryption protect me if my computer is hacked remotely?

No. Disk encryption protects data at rest, meaning when the computer is off or the drive is removed. If someone gains remote access while you are logged in, the drive is already unlocked and encryption does not help. You need other security measures (strong passwords, 2FA, firewall) for that.