FixPedia
macOS

How to Enable Disk Encryption on macOS: A Complete Guide to FileVault

In this guide, you'll learn how to enable and configure FileVault—macOS's built-in disk encryption tool. Once completed, your Mac's data will be fully protected.

Updated at February 16, 2026
10-15 minutes
Easy
FixPedia Team
Применимо к:macOS Sonoma 14macOS Ventura 13macOS Monterey 12

Introduction / Why This Is Needed

FileVault is a built-in macOS feature that provides full-disk encryption for your Mac. When FileVault is enabled, all data on the disk is encrypted on the fly, making it inaccessible without an administrator password or recovery key. This is critical for protecting information in case of loss, theft, or unauthorized access to the computer. Once enabled, FileVault will prompt for a password at every Mac startup, adding an extra layer of security. This guide will walk you through the simple process of activating and configuring FileVault on modern versions of macOS.

Requirements / Preparation

Before you begin, ensure the following conditions are met:

  • macOS: version 10.7 (Lion) or newer. This guide is relevant for macOS Sonoma 14, Ventura 13, and Monterey 12.
  • Administrator privileges: You need the password for a user account with administrator rights to change system settings.
  • Free disk space: The encryption process requires temporary space (approximately the size of the data being encrypted). It is recommended to have at least 10-15% free space.
  • Backup (highly recommended): Before starting, create a backup of your data using Time Machine or another method. Although encryption usually proceeds without issues, this is a safeguard against unforeseen circumstances.
  • iCloud (optional): If you plan to use iCloud for key recovery, ensure your iCloud account is set up and you are signed in.

Step-by-Step Instructions

Step 1: Open FileVault Settings

  1. Click the Apple icon in the top-left corner of the screen.
  2. Select "System Settings" (or "System Preferences" in older versions).
  3. In the settings window, find and click "Security & Privacy".
  4. Navigate to the "FileVault" tab (in some versions, it is called "FileVault Disk Encryption").
  5. If the lock icon in the bottom-left corner is locked, click it and enter the administrator password to unlock changes.

💡 Tip: You can also quickly find FileVault via Spotlight search (press Cmd + Space and type "FileVault").

Step 2: Enable Encryption

  1. In the FileVault section, click the "Turn On FileVault" button.
  2. The system will begin preparation and prompt you to choose a recovery key method:
    • "Recovery with iCloud": If you use iCloud and have two-factor authentication enabled, your Mac can store the key in your iCloud account. This is convenient but requires access to another trusted Apple account for recovery.
    • "Create a recovery key": The system will generate a 24-symbol key. Be sure to write it down and store it in a safe place (e.g., in a password manager or print it out). The key will be required if you forget the administrator password.
  3. Select the appropriate option and click "Continue".
  4. If you chose a recovery key, macOS will display it on the screen. Do not skip this step! Write down the key verbatim and confirm its entry to ensure accuracy.

⚠️ Important: The recovery key is the only way to access your data if you lose your password. Do not store it on the same Mac (e.g., in a text file on the desktop).

Step 3: Confirm the Action

  1. After selecting the recovery method, the system will request the password of the current administrator user for confirmation.
  2. Enter the password and click "Unlock" or "Enable User".
  3. The encryption process will begin. You will see a notification that encryption has started, and you can close the settings window.

💡 Tip: If your Mac has multiple user accounts, the system may ask whether to allow them to log in during encryption. This is usually safe, but for maximum protection, you can deny access to other users until the process completes.

Step 4: Wait for Completion

  1. Encryption happens in the background. You can continue using your Mac, but it is recommended to:
    • Not interrupt the process (do not shut down the computer or put it to sleep for extended periods).
    • Connect your Mac to a power source if it is a laptop.
  2. To check the encryption status:
    • Return to the FileVault settings. The progress will be indicated there (e.g., "Encrypting: 45%").
    • Or open Terminal and run the command: 
      sudo fdesetup status
      Enter the administrator password when prompted. The command will return the status: FileVault is On. (enabled) or FileVault is Off. (disabled), as well as the current progress if encryption is not yet complete.
  3. The time to completion depends on:
    • Disk volume (e.g., 512 GB will take several hours, 1 TB up to a day).
    • Disk fill level (more data means longer encryption).
    • System performance (SSDs encrypt faster than HDDs).

Verifying the Result

After encryption completes, confirm that FileVault is active:

  1. Restart your Mac. On startup, you should see the password entry screen (login window) before the system loads. This is the main indicator: without the password or recovery key, disk access is impossible.
  2. Go to System Settings → Security & Privacy → FileVault. It should display: "FileVault is On" and "Your disk is encrypted".
  3. For an additional check in Terminal, run: 
    sudo fdesetup status
    Expected output: FileVault is On.

If all these conditions are met, disk encryption has been successfully activated.

Possible Issues

Issue: Encryption Takes Too Long

Cause: Large amount of data or a slow disk.
Solution: Leave your Mac on and connected to power. The process continues in the background, even if you are not using the computer. Do not force a restart—this could cause errors.

Issue: "Turn On FileVault" Button Is Unavailable (Grayed Out)

Cause: Lack of administrator privileges or the disk is already encrypted.
Solution: Ensure you are logged in with an administrator account. If the disk is already encrypted (e.g., if you purchased a Mac with a T2 chip), the setting may be unavailable—in this case, FileVault is already active.

Issue: Cannot Select or Save Recovery Key

Cause: Issues with iCloud (e.g., two-factor authentication is disabled) or input error.
Solution:

  • If you want to use iCloud, enable two-factor authentication in your Apple ID settings.
  • If creating a key, write it down carefully. When confirming, enter the key without spaces, exactly as displayed.
  • As a last resort, cancel the operation, restart your Mac, and try again.

Issue: Mac Fails to Boot or Constantly Requests Password After Enabling FileVault

Cause: You may have forgotten the password or entered it incorrectly.
Solution:

  • Use the recovery key if you saved it (the "Recover using key" option is available on the password entry screen).
  • If the key is also lost, the only option is to reinstall macOS using a bootable installer, but this will result in complete data loss.
  • To avoid this, always store the key separately (not on the Mac itself) and use a reliable password that you will remember.

Issue: "Not Enough Free Space" Error When Enabling

Cause: Insufficient disk space for temporary encryption files.
Solution: Free up space (delete unnecessary files, empty the Trash, use cleanup tools). The recommended minimum is 10-15% free space of the total disk volume. After freeing space, try enabling FileVault again.

F.A.Q.

What to do if the password and FileVault recovery key are lost?
Can FileVault be disabled after enabling it?
Does FileVault slow down Mac performance?

Hints

Open FileVault settings
Enable encryption
Confirm action
Wait for completion

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community