Apple - Downsides of encrypting disk with FileVault
The implementation of Corestorage / Filevault2 is pretty great. That means you will hardly notice that your system is encrypted. I see the following points you may want to consider:
- As you say: If you loose the passcode it is next to impossible to access your data.
- There is a very slight performance hit because the CPU needs to constantly encrypt and decrypt your data. But moderns CPUs are optimised to do so and therefore the impact is negligible.
- If your disk is corrupted or faulty in some way it may be more difficult to fix a corestorage volume than a standard HFS volume. Personally, this has never been a problem for me.
- Passwordless boot or waking from standby is not possible anymore.
- The most obvious difference is pre-boot authentication. That means you need to enter your password before the Mac boots up. Without encryption the system would boot and only require your password to log into an account.
- Depending on your level of paranoia Filevault2 alone may not be enough. You should consider to also encrypt your backups (even higher risk for total data loss) and activate the option to destroy the password from RAM while the Mac sleeps.
You might get some performance degradation, but for what it's worth I've never noticed any.
You won't lose any functionality whatsoever. The only inconvenience I've run into is I can no longer reboot my Mac remotely (as I'd need my password to unlock it again). Other than that, it's been fine.
Just wanted to add something because I was hindered by a change no mentioned above. It's not a deal breaker but knowing would have saved me a lot of time and worry.
This may just be an issue with my computer; but when booting in recovery mode (holding 'option' at boot) I will not be given the built in recovery partition as an option. Instead I have to (hold 'command-r' on boot) to access it.
When using disk Utility in Recovery Mode you are required to fist Mount the FileVault protected drive. Without doing so will return worrying errors that state unsuitability; instead of telling you to mount first, which would help immensely. It makes sense why since you are not required to enter the FileVault decryption password to startup from recovery OS, so disk utility has not been given access yet. To do so click the greyed out disk icon and click Mount.