Mac OS X offers a number of options for encrypting your data to prevent access to it if your Mac is lost or stolen. I've already touched on a couple of these, but the biggest example is FileVault, which can also be activated and managed from the Security pane in System Preferences.
FileVault converts your entire home folder into an encrypted disk image. The image is mounted and accessible only when you are logged in. At all other times, it is unreadable. FileVault uses industry-standard encryption, and if you use Time Machine, any backups of your home folder's contents are equally encrypted.
Note: FileVault must be enabled by each user who wants to have an encrypted home directory. Each home directory will be encrypted as a separate disk image file.
FileVault supports the use of a master password as a safety net that can be used to reset user passwords and access encrypted home folders if users forget their passwords. If both a user password and a master password are lost or forgotten, however, there is no way to retrieve data from the encrypted home folder.
To enable FileVault, launch System Preferences, select the Security pane, and then select the FileVault tab. You can set or change a master password using the Change button next to the master password description. (You must be an administrative user of the computer to do this, and you must know the current master password if one is already set.)
Next, click the Turn On FileVault button. Enabling FileVault for the first time can take a significant amount of time because the entire contents of your home folder are copied into a newly created encrypted disk image. If you have tens or hundreds of gigabytes of data, this could take hours or even days (much like an initial Time Machine backup).
For this reason, it's easiest to set up FileVault when you first create a user account (and thus there is little data in the home folder). During this initial copy, you will also need to ensure that you have at least as much free space on your hard drive as the size of your home folder, since all the data will be copied. Once enabled, FileVault encrypts and decrypts items on the fly when you log in or log out, and it generally won't slow down performance significantly.
Disk Utility also lets you create encrypted disk images. Disk images look and act like virtual hard drives and can be created as blank images or copies of existing disks or folders. Mounting an encrypted disk image and accessing the contents requires a password. This makes encrypted disk images helpful if you want to secure only a portion of your files, if you need to securely store files outside your home folder, or if you need to securely share files by e-mail or other mechanisms.
To create an encrypted disk image, launch Disk Utility, and click the New Image button in the tool bar. You can select the size, name (which will be displayed as a disk/volume name when image is mounted), file name and location of the image file itself, and various other disk format options (which can typically be left as their default selections). To enable encryption, choose 128-bit or 256-bit AES encryption from the Encryption pop-up menu.
After you've made your selections, click the Create button. When Disk Utility creates the image, it will prompt you to enter and verify a password that will be required to open the disk image file. The password assistant is available in this prompt (in the form of a button with a key icon, just as when changing a user account password).