Video: How to password protect your data using disk images in macOS

Posted:
in macOS
Practically everyone has files or a folder that they keep on their Mac that they don't want anyone else to access. Today, AppleInsider walks you through the steps to keep your files secure by turning a folder into an encrypted, password-protected disk image.





People are generally OK with the idea of having various important documents stored on their Mac, and are quite happy with existing protection built into macOS, including using FileVault to encrypt drives and even just having a password to access the user account in the first place.

However, some users may feel some items are too important or private to not apply some extra level of security. This can range from needing to secure work-related folders that need to be sent to another user, to adding extra protection to birth certificate and passport scans, to keeping embarrassing childhood photos out of view from other members of the family who may sometimes borrow the same user account.

A solution to this is to use Disk Utility to create a disk image, that is encrypted and password protected.


Creating the Image

Open up Disk Utility, which can be found in the Applications folder, under Utilities. Alternately, use Spotlight to search for Disk Utility.

In the Disk Utility menu, select File, New Image, then Image from Folder..., or use the keyboard shortcut Shift-Command-N. In the dialog box, select the folder you wish to protect, and click Open.

A new dialog box will appear with a number of options available for creating the disk image. At the top, you can change the name of the disk image to something more appropriate to its contents instead of using the folder name by default, and where you want it to be initially saved.

Under Encryption, select either 128-bit or 256-bit AES encryption. As indicated in the dropdown box, selecting 256-bit is more secure but will be slower to access than 128-bit.

Under the Image Format dropdown box, select Read/Write to be able to change files held within the image once it is created. If you don't want any changes made to the files in the folder at all, or new files to be added, select Read-Only.

Now, enter your desired password twice. Once the settings are entered, click Save, then Done.

At the location defined in the settings, you will find a new DMG file with the name entered during the process.

Accessing the Image

Your new secure image is used in a similar way to other images. To access the files within, the image needs to be mounted.

Double click the image to mount it. A dialog box will appear asking for the password, which needs to be filled out followed by clicking OK.

A tickbox below the password entry textbox offers to save the password to the Keychain. If anyone else has access to the same Keychain it is probably not a good idea to tick this box.

Once the right password is entered, the image will mount, and the files will be accessible. The folder will not need the password again while the image is mounted, but will require it when the image is unmounted.

To unmount, right-click the mounted image and select Eject.

After creating the image, it is tempting to delete the source folder and its contents. Before doing so, it is suggested to make sure the image functions as planned, and if necessary, checking there is a securely-held backup of the files.

Comments

  • Reply 1 of 10
    sflocalsflocal Posts: 4,200member
    This is a great thing to use.  I've been using encrypted images for years.  I love this functionality in MacOS.  Great article.
  • Reply 2 of 10
    emoelleremoeller Posts: 376member
    sflocal said:
    This is a great thing to use.  I've been using encrypted images for years.  I love this functionality in MacOS.  Great article.
    I agree!  I use this with all of my USB sticks for clients as they can be easily lost.   On a trusted computer one can then use keychain to remember the individual passwords making it easy to access the restricted data on that machine.  Just remember that Keychain is only as secure as your admin password on your trusted computer.
  • Reply 3 of 10
    javacowboyjavacowboy Posts: 798member
    It would be much better if Apple allowed me to paste a password from my password manager, instead of applying password security idioms from the 90s in disabling paste for the dmg password.
  • Reply 4 of 10
    dagazdagaz Posts: 15member
    I tried this, making a folder of a bunch of text documents. However, I then went to add a PDF to the folder, once it was mounted, but it told me there wasn't enough free space? I made it read/write but I see that it's capacity is only 16 MB and the PDF I was adding is more than the space available. How do I change the capacity of the image?
    edited May 10
  • Reply 5 of 10
    dagaz said:
    I tried this, making a folder of a bunch of text documents. However, I then went to add a PDF to the folder, once it was mounted, but it told me there wasn't enough free space? I made it read/write but I see that it's capacity is only 16 MB and the PDF I was adding is more than the space available. How do I change the capacity of the image?
    Someone correct me if I'm wrong, but I've always thought that DMG files couldn't be edited. Once mounted, you could read the contents, but you couldn't change them. Makes me wish Truecrypt was still around.
  • Reply 6 of 10
    Mike WuertheleMike Wuerthele Posts: 3,224administrator
    dagaz said:
    I tried this, making a folder of a bunch of text documents. However, I then went to add a PDF to the folder, once it was mounted, but it told me there wasn't enough free space? I made it read/write but I see that it's capacity is only 16 MB and the PDF I was adding is more than the space available. How do I change the capacity of the image?
    Someone correct me if I'm wrong, but I've always thought that DMG files couldn't be edited. Once mounted, you could read the contents, but you couldn't change them. Makes me wish Truecrypt was still around.
    DMG can be sparse images that can grow or shrink -- but we didn't cover those because backup utilities sometimes still have problems with them in APFS and High Sierra. When/if that changes, we'll update.
  • Reply 7 of 10
    Once you have entered (and confirmed) a password for the DMG, is it possible to change the password (and if so, how)?
  • Reply 8 of 10
    MarvinMarvin Posts: 14,178moderator
    LimeyK9 said:
    Once you have entered (and confirmed) a password for the DMG, is it possible to change the password (and if so, how)?
    You can do this using the terminal:

    hdiutil chpass drag_disk_image_in

    It will ask for the old and new passwords. It's also easy to make new images and copy the contents of old ones over and delete the old one. One thing to be aware of with the newer systems is they've switched to the APFS filesystem format without mentioning it and don't provide an option to use HFS so dmgs created in Disk Utility in High Sierra or newer don't mount on older systems.
    edited August 16
  • Reply 9 of 10
    Thanks, Marvin. As a dumb user (with heavy emphasis on "dumb"), I haven't a clue how to get to hdiutil chpass drag_disk_image_in -- but it would seem simpler to create a new DMG, drag the files over and then delete the old DMG. Right?

    Am I correct in assuming that dragging the old DMG to the trash can and then emptying the trash will get rid of that DMG? And not knowing exactly how a DMG works (thus again emphasizing "
    dumb" in "dumb user"), am I correct in assuming that deleting the old DMG won't leave a portion of the hard drive partitioned and unusable?

    FYI, I'm running macOS High Sierra (version 10.13.6).
  • Reply 10 of 10
    MarvinMarvin Posts: 14,178moderator
    LimeyK9 said:
    I haven't a clue how to get to hdiutil chpass drag_disk_image_in -- but it would seem simpler to create a new DMG, drag the files over and then delete the old DMG. Right?
    The terminal is where commands like that are used, which is in /Applications/Utilities/Terminal. You'd open that application, type the first part hdiutil chpass with a space after it and drag the disk image into the window. Then hit return and it will prompt for the current password then the new one twice.

    Because you can't see the password you are typing, doing it by making a new disk image is a bit safer as you can verify the new one mounts ok before you delete the old one. Plus you can resize it if you need more space.
    Am I correct in assuming that dragging the old DMG to the trash can and then emptying the trash will get rid of that DMG? And not knowing exactly how a DMG works (thus again emphasizing "dumb" in "dumb user"), am I correct in assuming that deleting the old DMG won't leave a portion of the hard drive partitioned and unusable?

    Deleting it will free it up and password protected images remain protected when deleted. A DMG is just a file like any other file, it's just been made to behave like a filesystem. It's essentially a whole bunch of files joined together into one with a portion of it that's a map that tells the system where the individual files start and end. It's much like if you opened a bunch of photos in Photoshop and positioned them side by side and saved them in a single image. When you open it, you can see all the individual photos but on disk it's a single file and deleting it takes the contents with it.

    edited August 20
Sign In or Register to comment.