Should time machine backups be encrypted
I am new to the Mac and was setting up my Time Machine. However, it seems Time Machine also backs up information in the keychain.
I was wondering if that means I should use an encrypted disk to store Time Machine backups. (assuming that the rest of the data on my Mac isn't that sensitive, to warrant encrypting the disk otherwise. But my passwords to login into various accounts, I don't want falling into wrong hands)
At the same time, I have read in some forums that encrypting backups sorta defeats the purpose - since that means I might not be able to access my backed up data when I need it. This is one such forum discussion. (The discussion also seemed to imply that if something goes wrong, getting back my data from an encrypted disk might be hard even if I know the encryption password. Is that true?)
Also, is performance a concern when using encrypted backups, assuming encryption is recommended? From what I understand, since the CPU is much faster than the disk, there should be no real performance hit. Yet, I have read on forums that Time Machine becomes really slow if encryption is turned on. Again, is this true?
Finally, if an unencrypted Time Machine backup disk falls into the wrong hands, will my keychain data be accessible to only if the finder knows my Mac OS X password? Or are there ways to get that information even otherwise?
TL;DR
Is encryption recommended for Time Machine backups, assuming a very basic need for security of data from falling into wrong hands. In particular, I would like to restrict access to my keychain data using encryption, but only if it doesn't compromise my ability to access the backups when I really NEED them, and there isn't a major performance hit.
To answer your first question about the keychain and whether you should encrypt backups: the passwords in your keychain are already encrypted, that's why you always have to type a password (by default your login password) to show stored passwords. So there's no immediate need to encrypt.
Of course, you could add Time Machine encryption to provide a further layer of security. This is possible starting with OS X Lion and Mountain Lion (from http://support.apple.com/kb/ht1427):
OS X Lion and Mountain Lion let you encrypt the Time Machine backup external drive using FileVault 2.
FileVault2 also uses your login password, though. So if the bad guys are able to guess or crack that password, they will have also access to your keychain information. Choosing different passwords for login and for accessing your keychain would protect the keychain passwords in such an event.
Either way, use strong passwords, password quality is of foremost importance to protect your data.
EDIT:
The OP asked in a comment how to set different passwords for login and keychain. Here is how:
-
Open Utilities>Keychain Access.
-
Right click each keychain and select 'Change Password for Keychain XYZ':
If you prefer to use your current password as keychain password and change your login password, log in using another account and change your account's password from System Preferences>Users & Groups. That will only change your login password, not your keychain password.