Prevent OS X FileVault keys from being stored in standby mode

As an added measure of security, you can prevent your Mac from storing FileVault encryption keys for the purpose of speeding wake times from standby mode.

If you have FileVault encryption enabled on your Mac and your system goes into standby mode, it will save the FileVault encryption keys in the memory so the system can be quickly woken and resume work without needing to unlock the volume again. This feature is convenient, but some people may wish to prevent it from happening in order to ensure maximum security for their systems.

To prevent the system from storing the keys, you need to change a small setting in the system management controller (SMC), which can be done by running the following command in the OS X Terminal program:

sudo pmset -a destroyfvkeyonstandby 1

When you run this command, you will need to supply your password (it will not show), and then restart your computer and the system will no longer store the FileVault keys when it goes into standby mode.

Keep in mind that doing this will require you to enter your FileVault password again when you wake your system from standby mode, but will prevent someone from potentially getting to your hard drive's data if you leave your system in this mode without fully shutting it down.

To undo this setting, simply repeat the command but use a 0 instead of a 1 as the value.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Microsoft leaves Apple in the dust with tablet and laptop innovation in 2015

Will there be one Apple Ring to rule them all? That's what a patent application says. Plus, building the thinnest gadget isn't innovation anymore and Apple just got a reality check from Microsoft.

by Brian Tong