Increase FileVault security by destroying keys in standby mode

If you use full-disk encryption (FileVault) then your encryption key is stored by default in the EFI BIOS. This helps your Mac while awake from standby/sleep. This is ok for most security requirements, but not totally secure. You can configure your Mac that the key is destroyed when going in standby/sleep mode. The disadvantage is of course, that you have to enter your FileVault password when come back from standby/sleep mode.

How to fix it

macOS 10.11 – 14

  1. Open terminal.app
  2. Enter and press return: sudo pmset -a destroyfvkeyonstandby 1

You might also be interested in

Check your security settings

SimpleumCheck Screenshot

SimpleumCheck checks the security settings on your Mac in three stages and gives you recommendations on how you can improve your security even further.

For Free

Protect and encrypt your data

SimpleumCheck Screenshot


Protect your data with SimpleumSafe App for Mac, iPhone and iPad. Don’t compromise when it comes to protecting your data.


Other security setting to check


PLEASE READ THE FOLLOWING TIP AND DISCLAIMER!

Keep in mind: not every security and privacy setting is suitable for everyone. Enhancing the security can lead in losing functionality and/or comfort.
Before making changes, please backup your Mac! Do not make too many change at once. After changing your Mac, check if your normal usage of your Mac has changed in a way which fits to you. Are your really willing to loose some functionality and/or comfort?
Most important is, that you learn and understand what are the advantages and disadvantages of the security settings and that you are aware about the capabilities and risks of your Mac configuration.

To skip this result message from your next security scan, you can deactivate this check. FAQ: How to deactivate a check.

CHECK RESULTS BY SIMPLEUMCHECK DO NOT COVER ALL ASPECTS OF POSSIBLE SECURITY CHECKS OR MAYBE INCORRECT OR INCOMPLETE. THE RESULTS ARE ONLY CLUES FOR RECOMMENDATIONS TO IMPROVE SECURITY AND PRIVACY ON THE MAC.

The use of SimpleumCheck, the checks and FAQ articles are provided under the SimpleumCheck End User License Agreement (EULA).