Modern Apple Mac computers come supplied with solid-state drives (SSDs). Only some iMac and Mac mini models ship with hard disk drives (HDDs). However, they are configurable to solid-state or Fusion drives. Choosing an SSD can be challenging, but most users deem Samsung and Intel to be trusted hardware manufacturers. Knowing how to wipe an SSD securely is a very important aspect of using one. The native macOS Sierra Disk Utility software can help you delete data from any storage media. Still, there are certain things Mac users should know.
According to Apple’s support knowledgebase, there is no need to erase an SSD securely. A standard data removal procedure makes any data recovery impossible. For this reason, the ‘Secure Erase’ and ‘Erasing Free Space’ Disk Utility features are unavailable for solid-state drives. What is more, a ‘zero out’ procedure can damage the SSD longevity. In case ‘Standard Erase’ doesn’t meet the requirements regarding data removal, Mac users can resort to other options.
To launch Disk Utility, go to Applications → Utilities → Disk Utility. Alternatively, you can use a Command+Shift+U keyboard shortcut to access the Utilities folder from Finder, then launch Disk Utility. With its help, you can reformat or completely erase an entire volume on your Mac. Make sure to back up the important data before you perform any operations in Disk Utility!
- Launch Disk Utility->choose the disk or volume in the left pane -> click the Erase button.
- Choose the volume format from the Format pop-up menu.
- Mac OS Extended (Journaled) – keeps the hierarchical file system of the partition intact.
- Mac OS Extended (Journaled, Encrypted) – uses the partition encryption, demands a password.
- Mac OS Extended (Case-sensitive, Journaled) – case-sensitive to folder names.
- Mac OS Extended (Case-sensitive, Journaled, Encrypted) – uses the partition encryption, demands a password, case-sensitive to folder names.
- MS-DOS (FAT) – for Windows volumes under 32 GB.
- ExFAT – for Windows volumes over 32 GB.
- Type in the name of the disk/volume.
- To ensure a secure SSD erase, access Security Options and select the number of times to write over the data you need to remove. Click OK.
Note: According to the U.S. standards for secure magnetic data erase, it is possible to write over the erased data three to seven times.
- Click Erase → Done.
How to Use FileVault for SSD Data Protection?
There are doubts as to how secure SSD data erase is. The wear leveling technology responsible for the extending of erasable storage media lifespan can disrupt the secure erase. When trying to erase an SSD with Disk Utility, wear leveling may prevent certain blocks from being overwritten. If there is no guarantee an SSD is properly erased, the best way to secure user data is by using FileVault encryption.
FileVault allows encrypting the startup disk, while Disk Utility works well to encrypt external drives. As a result, all the information on the drives will be distorted until the encryption key (password) is provided.
Note: losing the FileVault encryption key will prevent from accessing the encrypted data.
To enable the FileVault encryption on your Mac, follow these steps:
- In the Apple menu, choose System Preferences.
- Go to the Security & Privacy pane → click the FileVault
- Click the lock at the bottom of the window to make changes.
- Click the ‘Turn On FileVault’ button.
- Select an appropriate method to unlock your disk in case of losing the account password.
Mac users have two options:
- ‘Allow my iCloud account to unlock my disk’ will use your iCloud details to restore the password.
- ‘Create a recovery key and do not use my iCloud account’ will generate the 24-character string you will need to save. Next, a window with a key shows up.
- Store the provided 24-digit key in a safe place, then click Continue.
- To proceed with the encryption process, restart your Mac. There may be an insignificant drop in performance until the encryption is over. To check the progress and time estimate of encryption, go to System Preferences → Security & Privacy → FileVault.
How to Erase Mac Hard Drive?
If you use one of the older Macs equipped with an HDD or an external hard drive, use Disk Utility for erasing it securely. As a rule, using the onboard Disk Utility software helps to wipe volumes, partitions and Macintosh HD completely. In severe cases, reinstalling Mac OS from scratch is the best way to fix any hard drive-related problems. However, this is impossible without a recovery disc or thumb drive. Most Mac users don’t bother themselves with going to great lengths. Instead, they try erasing their Mac’s hard drive using third-party applications, which is the least secure method possible. Installing untrusted applications developed by unknown third-party vendors can lead to severe security issues.
- Go to Applications → Utilities → Disk Utility.
- In the left pane of the Disk Utility window, choose the hard drive you need to erase securely. (Be careful to choose the drive, not the partition.)
- Click the Erase button on the top bar.
- Next, a confirmation window will show up. The window contains the input springs for ‘Name,’ ‘Format,’ ‘Scheme’ as well as Security Options. Start by clicking the Security Options button at the bottom of the window.
- Mac users are presented with several options to erase the drive. The default option called ‘Fastest’ is the least secure, since data recovery apps may recover the deleted files.
The next three security options vary depending on the number of times Disk Utility writes over the data: two times, three times, and seven times as the ‘Most Secure’ option respectively.
Which Disk Utility Security Option to Select?
The number of Security Options provided by the Disk Utility may seem quite confusing, so this needs clarification. The ‘Fastest’ option is the least secure since it allows an effortless data recovery after the disk has been erased. The ‘Most Secure’ option is the most reliable one, however, deemed as unnecessary. The optimum solution is somewhere in between, so go for option 2 to feel sure that data has been properly purged. In case you need to comply with the company regulations, pick option 3 or 4.
The security options in Disk Utility work for both internal and external HDDs. Note: erasing a startup disk will require using an external drive to boot your Mac (an external hard drive or thumb drive). It is possible to create a bootable external drive using the Mac OS capabilities, including the createinstallmedia Terminal command.
Securely erasing SSD or HDD prevents third-party access to user data by making all information on the disk unrecoverable. The standard macOS Disk Utility is sufficient to perform a secure disk erase on your Mac. Users of macOS Sierra and High Sierra can utilize FileVault encryption to make data inaccessible and protect it with a password. There is an option of using third-party utilities, which in most cases is the least secure solution.