Share this page: Follow me to be notified of new articles:

Secure My Mac

It's a lock, it's the finder, it's the lockfinder

Set up a good and strong password: How Microsoft helps you to secure your Mac

A good password is a very strong password. The best idea I found came from Robert Hensing. He works at the Microsoft PSS Security Team.

Read more about it in my dedicated article about passwords.

How can I change my password?
  1. Open "System preferences"
  2. Select "Users & Groups"
  3. Select your user
  4. Click on "Change password..."

Deactivate the Automatic Login

How can I deactivate the Automatic Login?
  1. Open "System preferences"
  2. Select "Users & Groups"
  3. Click on "Login Options"
  4. Select "Off" at "Automatic Login"

Automatically log out

For security reasons, I recommend you to automatically log out of your computer after 30 or 60 minutes of inactivity.

How can I automatically log out?
  1. Open "System preferences"
  2. Select "Security & Privacy"
  3. Click on the lock and type your password
  4. Click on "Advanced..."
  5. Check "Lock out after XX minutes of inactivity"

Require password after inactivity

You should require the user to set up a Password after a few minutes of inactivity.

Display sleep after a few minutes:
  1. Open "System preferences"
  2. Select "Energy Saver"
  3. Move the "Display sleep" button to the number of minutes you want (example: 5)
  4. Click on "Power adapter
  5. Move the "Display sleep" button to the number of minutes you want (example: 5)
Set up the password requirement:
  1. Open "System preferences"
  2. Select "Security & Privacy"
  3. Select "Require password -5 seconds- after sleep or screen saver begins"

Close the Apple ID Backdoor (before to activate FileVault)

If you activate FileVault but loose your password, Apple will offer you to reset your password with your Apple ID. If your Apple ID is weak, you will be easily compromised.

How can I block the Apple ID backdoor?
  1. Open "System preferences"
  2. Select "Users & Groups"
  3. Click on the lock and type your password
  4. Unset "Allow user to reset password using Apple ID" (you will not be able to see that option if FileVault is already activated on your computer)

Activate FileVault

You can encrypt your Hard Drive / SSD with FileVault:
  1. Open "System preferences"
  2. Select "Security & Privacy"
  3. Select "FileVault"
  4. Click on the lock and type your password
  5. Click on "Turn On FileVault..."
  6. Write down your recovery key => Do not save it on this computer. If you save it on another computer, encrypt it with GPG.
  7. Click on "Do not store the recovery key with Apple"
  8. Click on "Restart"
FileVault 2 security was compromised in early 2012. With the help of the software "Forensic 11.4", an illegimate user could find your FileVault encryption key. The user needs physical access to the machine which needs to be logged in and powered. It uses the fact that the Mac will store your encryption key in the RAM. I believe the Hibernation sleeping mode detailed below will solve that issue. Read more about the FileVault 2 encryption cracked.

Use "Hibernation" as sleep mode

Since 2005, "Safe Sleep" is the default sleeping mode for Mac. This means that the RAM remains powered while the Mac is sleeping. Your should change this mode to "Hibernation". The content of the RAM will be copied to the Hard Drive / SSD before the macs enters sleep. The RAM will not be powered anymore.

How can I check my current sleep mode?
Run this command in your terminal:
gabs-MacBook-Air:~ gab$ pmset -g | grep hibernatemode
 hibernatemode        1

How do I read the result? How can I set up my computer to sleep in Hibernation mode?
Run this command in your terminal then just type Administrator password:
sudo pmset -a hibernatemode 1

Read more about sleeping modes here.

Set up a firmware password

By setting a firmware password you will prevent attackers from booting a live CD, running applications from a MacOS X installation Disk and booting the machine into TargetDisk mode and accessing data without logging in.

How do I set up a firmware password?
  1. Reboot and hold "Command" and "R" while rebooting
  2. When you are on the "OS X Utilities" screen, click on "Utilities" on the top menu
  3. Click on "Firmware Password Utility"
  4. Click on "Turn on Firmware Password..."
  5. Type the password twice and confirm
  6. To restart, click on the apple on the top left of the screen and click on "Restart"

Use MacThief

You can find MacThief here.

Protect your confidential documents with GPG

You can protect your documents with GPG with https://www.gpgtools.org

Activate the Firewall

It will block incoming connections from non-signed softwares.
  1. Open "System preferences"
  2. Select "Security & Privacy"
  3. Select "Firewall"
  4. Click on the lock and type your password
  5. Click on "Turn On Firewall"

Keep your computer up to date

Keep your computer up to date: install all the updates.

How can I check for updates?
  1. Open "App Store"
  2. Click on "Updates"

Do you think I forgot something?

Feel free to contact me to let me know about it.
Last update of this page: March 27, 2017
Please do not copy any of the content of this website without asking me first.