Advanced: Mac Security Guide
If you have not already read The Basics: Mac Security, now would be the time to ensure you have a complete understanding of the basics.
In the previous article we discussed the basics in Mac Security. Now we will be taking it one step further by explaining more advanced techniques to really lock down your computer. Note: Most of these steps will be for more advanced users really wanted to ensure their data is safe from theft or loss. Most average users will not need to worry about these features.
Firmware Password Protection:
Last time we talked about setting up a cryptic password for your accounts. Now this is all fine and dandy but imagine someone steals your computer and attempts to access your data. Your safe right? NO! Anyone with a little bit of knowledge knows that with an OS X Snow/Leopard disk you can remove a password from an account. The good news is Apple has implemented features that allow you to password protect booting to media other than your default hard drive. Below are a list of instructions to enable firmware password protection.
Step 1: Find your Mac OS X Snow/Leopard disk and insert it into your DVD tray. NOTE: MacBook Air users. Please use an external DVD drive or CD/DVD sharing from another Mac or PC.
Step 2: Reboot your Mac while holding down the option key. Continue holding down option till you get to a menu similar to the one below:
Step 3: Select Mac OS X Install Disk by clicking on the arrow below the CD. Booting into the installation disk will not install leopard we are just going to use the utilities to setup a Firmware Password. Booting could take some time. Be patient.
Step 4: Select your language and click the the next arrow.
Step 5: When the top navigation bar loads also known as the menu bar. Select utilities then Firmware password utility. In a few moments you will be presented with a window similar to the one below.
Step 6: Check the box “Require password to start this computer from another source. Type and verify your password. Make sure this is something you can easily remember. Your Mac will only ask for it if you need to boot to another source. Once you have your password typed in click ok.
Step 7: You must exit the (Snow) Leopard install disk correctly otherwise the Firmware Password will not be set. Click Mac OS X Installer in the menu bar then Quit Mac OS X Installer. Let your computer reboot normally.
Step 8: To check your settings once again continue to hold down option as your Mac reboots. If setup was successful you’ll see a lock and a field asking for a password.
Step 9: Sit back and enjoy the security of knowing no one can steal your information! Now wait a minute. That’s not right. What happens if someone removes the hard drive from your Mac?
Discussed in the previous article was FileVault. We went over where it was located, how to enable it and what it did. FileVault in my opinion is far from a prefect encryption technology and disables almost all the functionality of Time Machine when in use. Mentioned earlier I stated that these features would not be needed for most average users. FileVault is no exception. For average users I strongly suggest keeping sensitive information off your Mac and instead print and file them securely in a safe or safety deposit box. For the Mac user on the go that works with sensitive information daily I recommend two options. Use FileVault to encrypt your entire home folder. Note: This will disable the ability to browse Time Machine backups it will also decrease system performance so if you’re using you computer for processor intensive tasks this might be a downer.
Another alternative for encryption that also has it downsides. We will discuss TrueCrypt in a future article. Including setup and techniques. If you’re interested in learning more now head over to their website.
Under System Preferences, User Accounts, Login Options. (You might need to unlock User Accounts to access login options.) If you itching for and leave your Mac for long periods at a time you will be safer by enabling Displaying Login as Name and Password. When this option is enabled it will make your login screen similar to the one below.
This will decrease the chances of someone guessing your password by also requiring the username be entered in as well.
Expect many additions to this article in the future. Along with a complete tutorial on TrueCrypt soon. As always comments are welcomed below or your can join our live chat to speak to us directly.