I have an external HD I use for extra storage and it's encrypted, every time I plug it in OSX asks me for the password to be able to read and mount it. In my mind, this makes sense, the disk is worthless without the password if anybody gets their hands on it.
My MacBook disk however never asks me for the password, yet it's also encrypted with FileVault. When I reboot or log off/in, it just loads. I'm probably wrong so correct me on this, but it seems that I'm gaining no extra protection beyond my user password.
If someone steals my computer, if they have my account password they have access to the disk whether or not I've encrypted it. So what's the advantage of using FileVault in this case ?
Dupe vote update: The linked question explains how it loads without asking for the password, but doesn't answer the question as to what's the advantage of using FileVault if all I need is my user password to access the disk ?
Best Answer
The following is my experience from using FileVault 2 in Yosemite.
After enabling FileVault 2, you will need to login as a user who is authorized to decrypt the disk, every time you boot up your Mac. If you attempt to login as a user who isn’t authorized to decrypt the disk, you will be prompted to provide the FileVault password, or to login as an authorized user first.
Once a Mac has been unlocked, any user account can login normally (until the next restart).
Authorization is granted on an account-by-account basis. The account that setup FileVault in the first place is implicitly authorized.
Logging in doesn't mean decrypting the entire disk at once. Files are decrypted on-the-fly, as they are accessed, and file system permissions still apply. So users are unable to access other users’ files unless those files have been shared. Otherwise, since they cannot be accessed, they cannot be decrypted either.
If a thief extracts your hard drive, they won't be able to steal your data without providing either an authorized account password or the FileVault password. Until then, that data is encrypted.
Yes, if a thief steals your computer and has your account password, then they get access to your data. But the purpose of FileVault isn’t to protect you from yourself (which, in essence, it would be doing by requiring you to enter both your account and FileVault passwords every time you logged in). Without FileVault, a thief wouldn’t even need your account password to steal your data.