I just got a mac and it asked me if i want to use FileVault to have an encrypted disk. I choose yes so that is setup now. I now just bought an external hard drive and I plugged it in for the first time and set it up with time machine.
I realized after it started backing up that there was an option stating: "Do you want to encrypt your backup?" and I did NOT have that checked.
So I didn't have that checked and I am trying to figure out a few things:
-
Is it redundant to do encrypted backup from an already encrypted computer using File Vault?
-
Given my computer is encrypted but my backup is not, does that create any problems? Is the external hard drive basically the same as if my machine wasn't encrypted?
-
Should I chnage the time machine backup to be encrypted? Is there any downside>?
-
Any other things to consider in this decision?
Best Answer
In your current setup your backups are not encrypted whatsoever. That means if someone steals your external disk your data is fully accessible to an attacker. That challenges the idea of using full disk encryption / Filevault2 in the first place.
I would recommend to either
Create an encrypted sparse bundle image on your external disk and use that as your backup drive. The process is somewhat tricky as it requires tinkering with the sparsebundle image. The process is explained here and here.
Encrypt the external disk entirely. The disadvantage is that you will need the password to open that disk on other Macs. The advantage is that the entire content will be encrypted. To do this simply right-click the disk and select
Encrypt...Either way make sure you note the encryption passwords for Filevault and the backup disk somewhere else than on your computer or the backup disk, as you risk locking yourself out of all your data and backups.
As mentioned in the comment there is the downside that encryption slows down disk performance. That is also true for Filevault2 disk in your Mac. But Intel CPUs are pretty optimized for encryption operations these days and performance degradation should be low.