With FileVault 2 having a number of drawbacks, a common question I’m seeing is how best to secure data on Lion and Mountain Lion without using FV2.
However, all of these methods suffer from one inevitable drawback: anyone who knows their way around Terminal can open, read, copy or delete your folders as if you had never employed any of the above tricks at all. Well, not many people know their way around Terminal you say? But everyone knows their way around Google, and learning how to find files via the Terminal is information easily found, even on Applehelpwriter! In short, all those methods listed above are really a waste of time if it’s security that you’re after.
Fortunately, there is a simple answer to securing localised files or folders, and that’s to make a local encrypted disk image with Disk Utility and then move your data into it. To do so, follow this procedure:
1. Open Disk Utility (Applications/Utilities/Disk Utility.app)
2. Click near the bottom of the sidebar in empty space to make sure none of the disks in the sidebar are selected.
3. Click the New Image icon in the task bar.
4. Give the image a name and choose a location to store it. Storing it in the User Library is not a bad idea. Give it a boring name like ‘old system’, ‘old data’ or something like that, but don’t hit ‘Create’ just yet.
5. At the bottom of the dialogue box is a field for encryption. Click on the option button and choose either 128-bit or 256-bit (the second choice is the strongest but also slower. 128-bit is still so strong that almost no-one save the CIA will be able to crack it!)
6. Create a password that you’re not going to forget. Do NOT use the same password that you use for your Admin account or for anything else for maximum security. Uncheck the ‘save in my keychain’ option.
if you forget the password don't waste time seeking help trying to break it. The system is designed to be uncrackable. If you forget the password, your data is lost for good.
PRO TIP: For that reason, you might like to use a password manager like ‘1Password‘ for this and all your other passwords. The main reason people forget passwords is infrequency of use. With 1Password you use a single password to unlock all your other passwords and to have them entered automatically into web pages and other fields.
7. Set up the rest of the options as in the screenshot below.
8. When you’re ready, press ‘Create’ to make the disk image.
9. Once the image has been created, copy the files you want to protect into the disk image window, just like you would a hard disk or other connected device. Now, whenever you want to access your protected data, just click on the disk image and enter the password and your data is ready to be used.
10. Test mounting and ejecting the disk image a few time. Open a few files and save your changes. After you’re sure everything is working as expected, delete the files from the original location that you copied them from. Also, don’t forget to eject the disk image in Finder’s sidebar each time when you’re done using it to prevent anyone else accessing your protected files.