All Articles Mac OSX
5 Mac OS X Security Tips You May Not Be Using
Francesco Schiavon on Thu, October 23rd 2 comments
With most of our private information, bank accounts and more stored on our computers, it's more important than ever to keep it safe and secure. Francesco Schiavon has the key for Mac OS X users!

As our devices and lives get more connected, our privacy and security becomes more top of mind, or at least it should. If you are the kind of person that says "I don't worry; I have nothing to hide", I'd like to ask you for your credit card number and its security code, please. After all, we all DO have something to hide.

I'm a bit paranoid about privacy and security. I'm not totally obsessed about it, but it's always top of mind for me. I could go on and on and on about the many mistakes that people do everyday sacrificing their privacy and security. Instead I want to share with you a few tips I use everyday to keep my information and data private and secure on my Mac.

1 - Require Password After Sleep or Screen Save Begins

Pic 1

This is my number one tip. If your Mac doesn't challenge you to enter your password after waking up or when exiting the screen saver, follow me now:

  1. From the Apple menu, select "System Preferences..." and from the System Preferences click on "Security & Privacy".
  2. On the "General" tab, if it reads "A login password has not been set for this user" with a button that reads "Set Password...", click on it and set a password for your user account.
  3. Check "Require password XYZ after sleep or screen saver begins". For XYZ I prefer "5 seconds" or "1 minute" instead of "immediately" as it gives you a bit of time to come back to your Mac without re-entering your password if the screen saver kicks in while you're around your Mac.
  4. And of course, check the "Disable automatic login" so that when the Mac boots up it requires your password to get to your account.

General tab of the Security & Privacy System Preferences.

General tab of the Security & Privacy System Preferences.

Yes, it may be a bit inconvenient to enter your password every time your Mac wakes up or to disable the screen saver, but this will dramatically reduce the chances of peeping eyes from looking at your files.

Requiring password 5 seconds after sleep or screen saver begins, in combination with a hot corner that triggers the screen saver or puts the display to sleep is a great way to quickly lock your Mac with a simple gesture (moving the pointer to the hot corner). You can set the "Hot Corners..." at the bottom of the "Mission Control" or the "Desktop & Screen Saver" (Screen Saver tab) system preferences.

Enabling a

Enabling a "Hot Corner" to put the display to sleep from the "Mission Control" System Preferences.

2 - FileVault


In simple terms, FileVault encrypts the system drive. That means that to be able to read and write to and from the drive, the FileVault password must be provided. In more practical terms imagine that someone steals your iMac after you enabled FileVault. When the iMac is switched on by the thief it will ask for the FileVault password to boot up from the internal drive. Even if the iMac boots up from another drive, the internal drive won't mount until the FileVault password is entered. This at least keeps your personal data on the drive secured.

Like everything else there are a couple of gotchas with FileVault:

  • If you loose or forget your FileVault password, and you didn't registered it with your Apple ID, you won't be able to recover the data in the encrypted drive.
  • If you use a MacBook and you never power it down, the drive is decrypted (unlocked) until you unmount it or shot down the MacBook. So if you loose your MacBook and requires no user authentication to log in (see my first tip above), when someone else finds it without powering it down, they'll have access to the drive when it wakes up. As mentioned above, make sure your account is password protected and that it engages after sleep.
  • You must have physical access to the Mac to enter the FileVault password. If the Mac reboots when you're not in front of it, say a reboot after a power failure or you rebooted the Mac with Remote Desktop, the Mac simply won't restart. You need to physically be present to enter the FileVault password or select another drive to boot from.
  • And a minor thing is that when you first enable FileVault on a large drive full of files, it takes a while to do the initial encryption. The good news is that once the drive is encrypted, then there is no more waiting as you add, edit or delete files.

3 - Encrypted Disk Images

Encrypted Disk Images

If you carry important information and files on a USB flash drive, you could save those files inside an encrypted disk image and open (or decrypt) the disk image only when needed. If the concept of an encrypted disk image sounds confusing, think of an encrypted "folder". Once encrypted you need to enter the password before you can read from and write to that "folder".

To create a blank or empty encrypted disk image follow these steps:

  1. Open "Disk Utility" (it's inside the Utilities folder or use Spotlight to find it)
  2. From the "File" menu choose "New -> Blank Disk Image..."
  3. Give the .dmg file a name and choose where you'll save it.
  4. Select a name (this will be the name that shows on the desktop and side bar when you open or decrypt the .dmg file) and choose a size for it.  Here you'll have to guess how much space you'll require to store your files.
  5. From the Encryption popup menu choose either 128 or 256-bit. In most cases I'd choose 256-bit because I don't need to constantly access the files I put in the encrypted disk image. But if you'll be reading and writing from to the encrypted disk image often, you may want to make it faster by choosing 128-bit.
  6. Hit the "Create" button. You'll be prompted to give the .dmg file a password and verify it. If you need help coming up with a password, click the key button to the right of the password field. I disable "Remember password in my keychain" to make sure that even on my machine the password is required. Otherwise it kind of defeats the purpose.

Creating an encrypted disk image.

Creating an encrypted disk image.

By the end of the process you'll have what looks like a removable drive on the Desktop and under Devices in the Finder sidebar. You can now move files inside this "removable drive". In effect what happens to those files is that they're added to the disk image and get encrypted in the process. To close the encrypted disk image, simply eject the "removable drive".

To later access your encrypted files inside the .dmg file, double-click on it and the Mac will ask you for the password you entered in step 6 above. If you enter the correct password, the "removable drive" will appear again on the Desktop and Finder sidebar.

You can copy the .dmg file anywhere, like your USB flash drive to take the encrypted data with you. Mind you that you'll need a Mac to decrypt and mount the disk image. Meaning that if you stick the USB flash drive on a Windows PC it won't know what to do with the .dmg file and won't allow you to access the encrypted data within.

4 - Time Machine AKA Backup, Backup, Backup!

Time Machine

I keep saying this, over and over: if you don't use Time Machine with your Mac go buy yourself an external hard drive and start using Time Machine, now!

The thing is that we can be as safe as we want, and as paranoid about privacy and security as we want, but if we loose data, even if no one else can access it, it's a nightmare.

In the past few years I cannot count the number of times that Time Machine has saved my bacon. From catastrophic drive failure, to having a botched update, to recovering a file I deleted by mistake, Time Machine has always been there.

What can be better than backing up to an external hard drive? Backing up to multiple locations would be optimal. Even if you're on a MacBook where it would not be practical to carry a backup drive with it, your routine should be to plug your external backup drive to your MacBook as soon as you get home, and better, also as soon as you get to your office. You should plug in an external hard drive at these locations so your Mac can keep track of the changes on your Mac. What I mean, is actually having one backup drive at home and another at the office.

Time Machine drive

Time Machine allows for multiple combinations. From a simple setup where you only have one backup drive, to more complex ones. Like having 2 backup drives at the same location, say at home. Another option is having one backup drive at each location you use frequently, like at home and at the office, as I was saying earlier. Another alternative is having a file server (great if you have an old Mac you don't use much) and using that as a Time Machine backup. Furthermore, backing up to a Time Capsule with the option to mix and match with an external drive, or a file server, etc. The idea is to backup, backup, backup!!!!

5 - Keychain Access as an Every Day Tool


Keychain Access is this very unceremonious application that sits in the Utilities folder. It gives you access to many administrative tasks all related to security and authentication. Apart from those obscure administrative tasks it has some powerful tools that few people know about. These are two of the ways I use Keychain Access almost every day: 

  1.  Provides me access to saved passwords, which is handy when you forget what password is associated to what account.
  2.  Create and access encrypted notes.

Retrieve forgotten passwords

Retrieve Forgotten Passwords

I'm pretty sure you've found yourself in this situation. You create an account on a website, and to avoid the hassle of typing your password you agree to Safari's "Would you like to save this password" dialogue box. You use the site for a while, but because you never type the password you just forget what it was. Then you need that password (for example to update your profile on that site) but you simply don't remember it. Well, apart from being able to retrieve the password from Safari's preferences window, you can also retrieve it with Keychain Access. In fact, Safari stores and gets the passwords from your keychain. Keychain Access not only stores Safari's passwords. Every time that you see a "Remember this password in my keychain" checkbox, like when you mount a remote file server, screen share a remote Mac, save your password for some applications like Skype, etc., those passwords are saved in your keychain and you can find them with Keychain Access.

Secure Notes

Secure Notes

This one I use everyday. For work I have to log in to multiple websites, with different accounts even for the same website but I don't want Safari to remember the passwords for security reasons. Instead of having a text file with all my accounts and passwords lying around, I have what Keychain Access calls a Secure Note. Pretty much a text file that is encrypted and stored in my keychain. This way, to read the contents of secure note I must enter my password, oposite to Safari just filling in the password automatically.

Creating a secure note in Keychain Access is super simple:

  1. Launch Keychain Access if you haven't done so (Keychain Access is in the Utilities folder, or use Spotlight to find it).
  2. On the side bar click the "login" keychain with a padlock icon. This is your keychain.
  3. From the "File" menu select "New Secure Note Item...".
  4. Give the note a name, and in the Note area enter whatever text you want to encrypt. If you want, you can also paste other things in the note like images or formatted text.
  5. To finish click the "Add" button at the bottom right.

To see the contents of the secure note, first select your "login" keychain on the sidebar (where the note was saved), then "Secure Notes" (also on the sidebar), and double-click the secured note you want to see. Keychain Access will open a window with the secured note but it appears empty. You actually have to click the "Show note" checkmark and then it will ask you for your account password (the password you use to login to your Mac; hence the "login" name of the keychain). Now the contents of the secure note should show up.

Secure Note Encrypted

iCloud Security Features


iCloud is a touchy subject for me. On one side it's super convenient with features like Keychain in the Cloud, Find My Mac, and even using your Apple ID to authenticate against a local file sever. On the other you delegate a lot of responsibility to a third-party, Apple, and if your Apple ID is compromised a lot more could also be compromised.

Personally I avoid using iCloud or other third-party services for my passwords and security, but that's just me. I really cannot recommend something I don't do, but also I won't say anything against those services, mostly because I don't have much experience with them. I rather be responsible for my own security, though.

Just to wrap up, these are just 5 tips that I use on a regular basis. There are so many other features and best practices that one can do to keep data and privacy safe, like disabling Flash, disabling iCloud, turning on the firewall, clearing your browser history/cache, avoiding third-party services, etc.

What are some of your favorite security and privacy tips?

Related Videos
Comments (2)

You must be logged in to comment.

  • John Bib
    Francesco, I'm new to Mac security - what did you mean about not wanting Safari to remember passwords? Quote: (under Secure Notes) This one I use everyday. For work I have to log in to multiple websites, with different accounts even for the same website but I don't want Safari to remember the passwords for security reasons. Unquote. I use Firefox to save passwords for me. No-one else has access to my machine, but being a Mac Mini (at home), it's vulnerable to theft. The boot-up is protected by a login password, so a thief wouldn't be able to get to Firefox after the machine was powered off.
    • 5 years ago
    • By: John Bib
  • Dyheway
    John, Thanks for your question. What I meant was that I save my web accounts and passwords as a secure note instead of allowing the browser to save them. This way, if for any reason someone gets access to my computer, they won't get access to my web accounts and passwords saved in the secure note. For example. Imagine you're logged in to your Mac and you leave it for a few minutes. If someone walks to it before the Mac sleeps and types a web address that the browser saved the password, the browser will autofill the web page login credentials without asking for any other password. That person clicks "log in" and they're inside your account for that website. In my case it's I sacrifice the convenience with the trouble of unlocking the secure note to then copy my account credentials from the secure note and paste them in the login form for those websites.
    • 5 years ago
    • By: Dyheway
The Finder Guidebook
OS X Yosemite 102
Dream It. Do It.
Do you want to learn The Finder Guidebook?
Yes, I want to learn!
No Thanks, I just want to read the article.
Course Advisor
Don't Know Where To Start?
Ask A Course Advisor
Ask Us!
Copy the link below and paste it into an email, forum, or Facebook to share this with your friends.
Make money when you share our links
Become a Affiliate!
The current affiliate rate is: 50%
Classes Start Next Week!
Live 8-week Online Certification Classes for: