Apple adds encryption contextual menu options to Mountain Lion

A new feature that Apple has included in Mountain Lion offers a convenient way to encrypt secondary volumes on your Mac, making data security far more convenient.

Recently discovered by Mac OS X Hints contributor "kirkmc," if you right-click a nonboot volume in the Finder, the contextual menu that appears now contains an option to encrypt the disk. Selecting this will bring up a window requesting that you supply a password and a password hint for the drive, and upon doing this, the system will wait a short while (the length of which depends on the amount of data on the volume), followed by quickly unmounting and remounting the volume as an encrypted storage location.

This encryption option uses Apple's CoreStorage volume management system, which is the technology behind its second-generation FileVault 2 that was introduced in OS X 10.7 Lion. This technology manages logical volumes underneath the OS, so when you encrypt a volume, the encryption can be performed in the background without any special steps needing to be taken with Disk Utility or other programs.

The encryption of secondary hard drives was possible before Mountain Lion, but this new feature in the OS makes it effortless to manage.

Since the encryption technology used is the same as that for FileVault, the new contextual-menu option for it in Mountain Lion can only be performed on nonboot volumes. If you wish to encrypt the boot volume, then as with Lion you will need to do so from the FileVault section of the Security & Privacy system preferences. This allows the system to prepare the OS X Recovery HD partition to both store the encryption keys and present a preboot log-in window containing the user accounts that are authorized for unlocking the drive.

While encryption does have its benefits, do keep in mind that it also has some drawbacks. The first is that the drive can only be read on systems that support CoreStorage, which are Macs running either Lion or Mountain Lion. Another drawback is that because the volume is a managed virtual volume, disk management tools may only see the physical volumes that are not mounted and therefore cannot be accessed. Luckily, with Disk Utility you can overcome this by enabling the Debug menu in Disk Utility (in the program's preferences) followed by choosing Show Every Partition from this menu. After this you will see the logical volumes appear that you can then check for errors.

The last drawback stems directly from encryption's benefits, which are that if you cannot mount the volume either because you have lost your password or the drive is damaged, then you will not be able to recover any data from it. Therefore, if you decide to encrypt a drive and store files on it, be sure you have them backed up in another location.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.