As our devices and lives get more connected, our privacy and security becomes more top of mind, or at least it should. If you are the kind of person that says "I don't worry; I have nothing to hide", I'd like to ask you for your credit card number and its security code, please. After all, we all DO have something to hide.
I'm a bit paranoid about privacy and security. I'm not totally obsessed about it, but it's always top of mind for me. I could go on and on and on about the many mistakes that people do everyday sacrificing their privacy and security. Instead I want to share with you a few tips I use everyday to keep my information and data private and secure on my Mac.
This is my number one tip. If your Mac doesn't challenge you to enter your password after waking up or when exiting the screen saver, follow me now:
General tab of the Security & Privacy System Preferences.
Yes, it may be a bit inconvenient to enter your password every time your Mac wakes up or to disable the screen saver, but this will dramatically reduce the chances of peeping eyes from looking at your files.
Requiring password 5 seconds after sleep or screen saver begins, in combination with a hot corner that triggers the screen saver or puts the display to sleep is a great way to quickly lock your Mac with a simple gesture (moving the pointer to the hot corner). You can set the "Hot Corners..." at the bottom of the "Mission Control" or the "Desktop & Screen Saver" (Screen Saver tab) system preferences.
Enabling a "Hot Corner" to put the display to sleep from the "Mission Control" System Preferences.
In simple terms, FileVault encrypts the system drive. That means that to be able to read and write to and from the drive, the FileVault password must be provided. In more practical terms imagine that someone steals your iMac after you enabled FileVault. When the iMac is switched on by the thief it will ask for the FileVault password to boot up from the internal drive. Even if the iMac boots up from another drive, the internal drive won't mount until the FileVault password is entered. This at least keeps your personal data on the drive secured.
Like everything else there are a couple of gotchas with FileVault:
If you carry important information and files on a USB flash drive, you could save those files inside an encrypted disk image and open (or decrypt) the disk image only when needed. If the concept of an encrypted disk image sounds confusing, think of an encrypted "folder". Once encrypted you need to enter the password before you can read from and write to that "folder".
To create a blank or empty encrypted disk image follow these steps:
Creating an encrypted disk image.
By the end of the process you'll have what looks like a removable drive on the Desktop and under Devices in the Finder sidebar. You can now move files inside this "removable drive". In effect what happens to those files is that they're added to the disk image and get encrypted in the process. To close the encrypted disk image, simply eject the "removable drive".
To later access your encrypted files inside the .dmg file, double-click on it and the Mac will ask you for the password you entered in step 6 above. If you enter the correct password, the "removable drive" will appear again on the Desktop and Finder sidebar.
You can copy the .dmg file anywhere, like your USB flash drive to take the encrypted data with you. Mind you that you'll need a Mac to decrypt and mount the disk image. Meaning that if you stick the USB flash drive on a Windows PC it won't know what to do with the .dmg file and won't allow you to access the encrypted data within.
I keep saying this, over and over: if you don't use Time Machine with your Mac go buy yourself an external hard drive and start using Time Machine, now!
The thing is that we can be as safe as we want, and as paranoid about privacy and security as we want, but if we loose data, even if no one else can access it, it's a nightmare.
In the past few years I cannot count the number of times that Time Machine has saved my bacon. From catastrophic drive failure, to having a botched update, to recovering a file I deleted by mistake, Time Machine has always been there.
What can be better than backing up to an external hard drive? Backing up to multiple locations would be optimal. Even if you're on a MacBook where it would not be practical to carry a backup drive with it, your routine should be to plug your external backup drive to your MacBook as soon as you get home, and better, also as soon as you get to your office. You should plug in an external hard drive at these locations so your Mac can keep track of the changes on your Mac. What I mean, is actually having one backup drive at home and another at the office.
Time Machine allows for multiple combinations. From a simple setup where you only have one backup drive, to more complex ones. Like having 2 backup drives at the same location, say at home. Another option is having one backup drive at each location you use frequently, like at home and at the office, as I was saying earlier. Another alternative is having a file server (great if you have an old Mac you don't use much) and using that as a Time Machine backup. Furthermore, backing up to a Time Capsule with the option to mix and match with an external drive, or a file server, etc. The idea is to backup, backup, backup!!!!
Keychain Access is this very unceremonious application that sits in the Utilities folder. It gives you access to many administrative tasks all related to security and authentication. Apart from those obscure administrative tasks it has some powerful tools that few people know about. These are two of the ways I use Keychain Access almost every day:
I'm pretty sure you've found yourself in this situation. You create an account on a website, and to avoid the hassle of typing your password you agree to Safari's "Would you like to save this password" dialogue box. You use the site for a while, but because you never type the password you just forget what it was. Then you need that password (for example to update your profile on that site) but you simply don't remember it. Well, apart from being able to retrieve the password from Safari's preferences window, you can also retrieve it with Keychain Access. In fact, Safari stores and gets the passwords from your keychain. Keychain Access not only stores Safari's passwords. Every time that you see a "Remember this password in my keychain" checkbox, like when you mount a remote file server, screen share a remote Mac, save your password for some applications like Skype, etc., those passwords are saved in your keychain and you can find them with Keychain Access.
This one I use everyday. For work I have to log in to multiple websites, with different accounts even for the same website but I don't want Safari to remember the passwords for security reasons. Instead of having a text file with all my accounts and passwords lying around, I have what Keychain Access calls a Secure Note. Pretty much a text file that is encrypted and stored in my keychain. This way, to read the contents of secure note I must enter my password, oposite to Safari just filling in the password automatically.
Creating a secure note in Keychain Access is super simple:
To see the contents of the secure note, first select your "login" keychain on the sidebar (where the note was saved), then "Secure Notes" (also on the sidebar), and double-click the secured note you want to see. Keychain Access will open a window with the secured note but it appears empty. You actually have to click the "Show note" checkmark and then it will ask you for your account password (the password you use to login to your Mac; hence the "login" name of the keychain). Now the contents of the secure note should show up.
iCloud is a touchy subject for me. On one side it's super convenient with features like Keychain in the Cloud, Find My Mac, and even using your Apple ID to authenticate against a local file sever. On the other you delegate a lot of responsibility to a third-party, Apple, and if your Apple ID is compromised a lot more could also be compromised.
Personally I avoid using iCloud or other third-party services for my passwords and security, but that's just me. I really cannot recommend something I don't do, but also I won't say anything against those services, mostly because I don't have much experience with them. I rather be responsible for my own security, though.
Just to wrap up, these are just 5 tips that I use on a regular basis. There are so many other features and best practices that one can do to keep data and privacy safe, like disabling Flash, disabling iCloud, turning on the firewall, clearing your browser history/cache, avoiding third-party services, etc.
What are some of your favorite security and privacy tips?