How to Protect Your Mac with Built-In Security Features

Popular articles

20 / 04 / 2017

How to Protect Your Mac with Built-In Security Features

Mac computers are famous for their security, and this is the most powerful argument in the ‘Mac or PC’ discussion. Although Mac settings are almost always already predefined in a reasonable way, you can customize some preferences for even deeper confidence in your safety

1. Require a password when login and after a screensaver

Go to System Preferences and choose General. In this section you can set up your Mac’s behavior for logging in:

  • Select the Require password after sleep or screen saver begins checkbox and choose immediately from the drop-down menu.

  • Select the Disable automatic login checkbox.

2. Turn on FileVault disk encryption

Another built-in security feature of Mac OS is disk encryption called FileVault. When you turn it on, your data on the hard drive is encrypted with strong XTS-AES 128 algorithm. This is the most secure algorithm that allows to securely encrypt your data. For decryption, it will require a 128-bit key (recovery key), and there’s no way to decrypt files without this key. That’s why you should be very attentive with encryption.

FileVault 2 technology allows encrypting the entire hard drive, not only the home folder. It will prevent the data from unauthorized access even if you plug the encrypted hard drive in another computer.  

How does it work? When a Mac starts up, the user sees only a normal login window and the system sends a request for decryption. When an authorized user enters their password, the drive becomes decrypted. In fact, the workflow does not change and a user can work as usual with the encrypted data. Such mechanism helps to avoid issues with software incompatibility because while your Mac is turned on, the disk is decrypted. However, this can also be considered a weakness as a person who managed to access your Mac when turned on and logged in can also access your data. The drive is locked up only when your Mac is shut down. However, you can still set up a timed log out after some time of inactivity. To do so, click the Advanced… button, and then turn on automatic log out after the set period of time.

Before turning on FileVault, make a full backup of your system. After it, proceed to encryption. To do it, you should be logged in as an administrator. Open System Preferences, choose FileVault, then click the lock to make changes, and then turn on FileVault.

After you turn it on, the system will ask you how to decrypt your data or reset the password if you forget it. You can do it either with your iCloud account or with the recovery key. Regardless of the option you choose, you will need to remember passwords for your accounts. The recovery key will be shown only once, so be attentive, write down the key and keep it in a safe place. You will also be given a possibility to keep a backup of your recovery key on Apple servers. In this case, you will need to set up answers to three security questions. Note that to decrypt your recovery key Apple will need the same exact answers.

After you turn on FileVault, you will be logged out. When the encryption process is completed, you will see the login screen. Use your login password as usual, and if you forget your login password, you can click the question mark and enter the recovery key that you were given.

3. Turn on Firewall.

What’s Firewall? It is basically a filter that controls the incoming and outgoing traffic. You can set rules and define whether to allow or block different connections with services, programs, etc. If a connection is flagged by a firewall, the computer will not allow it through.

To access the firewall settings, open System Preferences and go to the Firewall tab. As usual, you need to click the padlock to make changes. After you turn the Firewall on, you would be able to customize its preferences.  

  1. The Block all incoming connections option will prevent any incoming connections except the essential ones.

  2. The Automatically allow signed software to receive incoming connections option will automatically add the secure connections to the whitelist. You can edit this list by adding or removing the items with the +/­– buttons.

  3. The Enable stealth mode option will make your computer ‘invisible’ for hackers as it will not respond to traffic queries on the network.  

4. Control your Privacy.

When you open the Privacy tab, on the left you will see a list of items containing your personal information, and on the right, you’ll see the applications that requested access to that information (e.g. Contacts, Calendars, Facebook, etc).

The Accessibility page needs a bit more attention. If you install an app that requires access to this setting, you will see the dialog that you need to add the app to this section. The app appears in the list on the right, and you just need to put a checkmark next to it. Examples of such apps are Script Editor, LaunchBar, etc.

The Location services page shows you apps that request access to your location. Here you can also allow or prohibit them from accessing that information.

Understanding the security settings will help you to protect your Mac computer in a good way. This knowledge will make you more confident in your cyber security.