How to password-protect your Mac--and keep other people from using it

Since you use your Mac on a regular basis, it has most likely become a treasure box full of your personal information that you might wish to keep as private as possible. This may especially ring true for your portable MacBook that you bring around different people and use in various locations, but is also applicable to your desktops Mac that others may use when you're not around.

Whether you just bought a brand new MacBook or are tethered to a long-lasting Mac Pro, security should be a priority. Here are a few tips for keeping your Mac secure and making sure your personal data stays away from prying eyes.

Password management

To really keep your Mac secure, you absolutely have to use a complex and unique account password--and you should set parameters that require users to enter this password whenever possible.

OS X has some services that can help you choose a good password:

Start by going to System Preferences > Users & Groups.

From there, select your account, and then click the option to change your password.

In the panel that appears, you'll see a small button with a key in it. Clicking this will bring up the password generator tool, which will give you various options for passwords you might find useful, and give you a feedback gauge for determining how robust it is.

Recently, analytics group SplashData released a list of 2014's most common and insecure passwords, so if your password choices are among them--or conforms to similar common patterns and phrases--then consider changing it to something more unique.

Once you have a good password in place, ensure it properly locks your system when you step away. Typically, this happens automatically when you log out of your account--you'll be prompted to enter your password when you want to use your Mac again. However, OS X has a few options that allow you to do this quickly, and without interrupting your workflow.

First, be sure you require your password immediately after your Mac goes to sleep or starts its screen saver. (You can set this by going to System Preferences > Security & Privacy.) Then use any of the following options to lock your system:

Screen Saver password: The easiest way to lock your Mac is to require a password immediately after waking up from Sleep mode or interrupting its screen saver--and also putting your Mac to Sleep or turning on your screen saver whenever you leave your system. You can set this by going to System Preferences > Security & Privacy > General, and checking the option to require a password with "immediately" as your time frame. When done, you can invoke Sleep either from the Apple menu, by closing your MacBook's lid, or by briefly pressing its Power button. For the screen saver, you can set up a hot corner in System Preferences > Desktop & Screen Saver--then all you have to do is move your cursor to that corner to start the screen saver.

The login window: If you use a shared Mac--perhaps among family members--another approach is to use the login window, which gives you an easy way to lock your account while allowing other users to access their accounts. OS X is perfectly set up for this, since it enables fast user switching by default. This is available in the User menu, which is housed under your in the Menu Bar.

The Keychain Menu: OS X includes a status menu for your keychain--just as it does with features like your Mac's volume and Wi-Fi options, found in the Menu Bar--which can be used to lock your keychain and your screen (without activating the screen saver). To use this menu, open the Keychain Access utility and check the "Show Keychain Status In Menu Bar" box in the General section of the program's preferences. You'll then see a new menu that looks like a lock in your Menu Bar, which you can access to quickly lock your screen when you leave your system.

System Sleep: By pressing Option-Command-Eject (or the Power key if you do not have an Eject button), you can put your system immediately to sleep. Alternatively, you can use the options in the Apple menu, close the lid of your laptop, or press and hold the power button for three seconds to bring up the Power menu. Putting your system in Sleep mode will save a little power or battery life.

The Display Sleep hotkey: By pressing Shift-Control-Eject or the Power key, you can put your Mac's display to sleep while keeping the system running. As with the other options I mentioned, this will force you to supply your password to resume work. This approach is good for saving a bit of power without powering down completely.

Dedicated user accounts

Password requirements can lock your system, but that doesn't really address the concerns you might have when you have to surrender your Mac to someone else--like if you're having it repaired (even by reputable servicemen at places like an Apple Store).

Since 90 percent of your Mac's content is the experience displayed in your personal account, consider keeping dedicated accounts for both guest users and administrators to keep your own settings and Keychain passwords protected. You can set both of these up by going to System Preferences > Users & Groups.

If you set up a separate administrative account, you won't need to log into it every time to change anything--you can just create it, save its password for use, and then authenticate for administrative purposes using your new admin account. You can optionally demote your main account from being administrator, which is recommend for additional security.

Your hardware and hard drive

Finally, consider protecting your Mac's hard drive and the computer itself. Even with robust OS X passwords in place, your drive can be removed or otherwise accessed directly in Target Disk Mode if you don't have encryption set up--which means its data could be copied without restriction. To prevent this, you should first enable FileVault encryption on your drive, and then enable a firmware password.

FileVault will ensure that your entire drive's contents cannot be read without first supplying a valid password, and a firmware password will ensure that your Mac cannot be booted into alternative boot modes that would bypass OS X's built-in security (things like Single-User mode, Target Disk mode, and to alternative external boot drives).

For hardware security, there may be some limitations--for example, Apple has done away with Kensington lock holes on many of its systems--however, you can still purchase a number of third-party locking devices that will secure your system either by a clamp or cable.

Join the CSO newsletter!

Error: Please check your email address.

Tags SplashDataApplesecurityAccess control and authentication

More about AppleKensington

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Topher Kessler

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts