Want CNET to notify you of price drops and the latest stories?

Prevent OS X FileVault keys from being stored in standby mode

As an added measure of security, you can prevent your Mac from storing FileVault encryption keys for the purpose of speeding wake times from standby mode.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler

If you have FileVault encryption enabled on your Mac and your system goes into standby mode, it will save the FileVault encryption keys in the memory so the system can be quickly woken and resume work without needing to unlock the volume again. This feature is convenient, but some people may wish to prevent it from happening in order to ensure maximum security for their systems.

To prevent the system from storing the keys, you need to change a small setting in the system management controller (SMC), which can be done by running the following command in the OS X Terminal program:

sudo pmset -a destroyfvkeyonstandby 1

When you run this command, you will need to supply your password (it will not show), and then restart your computer and the system will no longer store the FileVault keys when it goes into standby mode.

Keep in mind that doing this will require you to enter your FileVault password again when you wake your system from standby mode, but will prevent someone from potentially getting to your hard drive's data if you leave your system in this mode without fully shutting it down.

To undo this setting, simply repeat the command but use a 0 instead of a 1 as the value.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.