Computers, Laptops & Tablets Apple 29 29 people found this article helpful How to Encrypt Your Time Machine Backups Protect your backups from prying eyes by Tom Nelson Writer Tom Nelson is an engineer, programmer, network manager, and computer network and systems designer who has written for Other World Computing,and others. our editorial process Facebook Twitter Tom Nelson Updated on June 18, 2020 Apple Macs iPad Tweet Share Email Macs don't encrypt user files by default, but Apple provides the option to do so in the operating system using FileVault. Early FileVault 1 had some glitches, but FileVault 2, introduced with OS X Lion (10.7), was a significant improvement. There is just one problem; many Mac users use Time Machine to back up their data, and the Time Machine backup is not encrypted by default. That can be fixed. Information in this article applies to FileVault 2 in macOS Catalina (10.15) through OS X Lion (10.7) and includes information regarding FileVault 1, which shipped with Snow Leopard (10.6) through OS X Panther (10.3). About FileVault 2 FileVault 2 is true disk encryption, unlike File Vault 1, which only encrypts your home folder but leaves the rest of the startup drive alone. FileVault 2 encrypts the entire drive, making it a secure way to keep your data away from prying eyes. This is especially useful for portable Mac users who run the risk of a lost or stolen Mac. If the drive in your portable Mac is using FileVault 2 to encrypt the data, you can be assured that while your Mac may be gone, the data is fully protected and not available to those who are now in possession of your Mac; it's unlikely they can even boot up your Mac. Why Encrypt Time Machine Backups There is one important thing to consider with a Time Machine backup of your FileVault 2 encrypted drive: The Time Machine backup isn't automatically encrypted. Instead, the default is to store the backup in the unencrypted state. You can change this default behavior easily using the Time Machine preference pane. Exactly how depends on whether you're already using a backup drive with Time Machine or are planning to use a new one. Set Encryption in Time Machine for a New Backup Drive If you aren't currently using a backup drive with Time Machine, you need to set up a new backup disk in the Mac's System Preferences. Here's how: Launch System Preferences by selecting System Preferences from the Apple menu or clicking the System Preferences icon in the Dock. Select the Time Machine preference pane. In the Time Machine preference pane, click Select Backup Disk. Select the drive you want Time Machine to use for its backups from the drop-down sheet that displays available drives. Place a check mark in front of Encrypt backups at the bottom of the drop-down sheet to force Time Machine to encrypt the backup drive and then click Use Disk. Enter a backup password as well as a hint for recovering the password. When you're ready, select Encrypt Disk. If you forget your backup password, you can't restore or recover the Time Machine data. Your Mac starts encrypting the selected drive. This can take quite a while, depending on the size of the backup drive. Expect anywhere from an hour or two to a whole day. Set Encryption for Existing Time Machine Backup Drive If you plan to change from unencrypted backups to encrypted backups on a drive you are currently using, you first have to remove your current backup drive and then set it up again with a password. Time Machine erases the unencrypted backup before it starts the encrypted backup. To remove the existing backup disk: Open System Preferences and select Time Machine. Click Select Disk. Choose your current backup drive from the list and click Remove Disk. Now, go through the setup process again as explained in the previous section to set up the disk as encrypted. In short: Click Select Backup Disk in the Time Machine preference pane. Choose a disk from the list of available disks. Place a check mark in front of Encrypt Backups. Click Use Disk. Type a backup password for the disk. The encryption process can take a while; anywhere from an hour to a whole day is not uncommon, depending on the size of the selected backup drive. Cautions Regarding FileVault 1 Macs that run OS X Panther (10.3) through OS X Snow Leopard (10.6) come equipped with FileVault 1. Time Machine and FileVault 1 work fine together, but there are a couple of complications you need to be aware of. Time Machine does not back up a FileVault 1-protected user account when you are logged in to that account. This means that a Time Machine backup for your user account only occurs after you log off or when you're logged in using a different account. So, if you're the type of user who always stays logged in and lets your Mac go to sleep when you're not using it, rather than shut it down, Time Machine never backs up your user account. If you want Time Machine to run and protect your user data, you must log out when you're not actively using your Mac. The second oddity with Time Machine and FileVault 1 is that the Time Machine user interface doesn't work as you expect with the encrypted FileVault data. Time Machine correctly backs up your home folder using the encrypted data. As a result, your entire home folder appears in Time Machine as a single large encrypted file. The Time Machine user interface that would normally allow you to restore one or more files won't operate. Instead, you either have to perform a full restore of all your data or use the Finder to restore an individual file or folder.