Mac: Manage Your Privacy and Passwords

Anyone with a little bit of know-how, and physical access to your computer, has the ability to access your data. However, you can take measures to protect your privacy.

Mac: Manage Your Privacy and Passwords

If you are worried by the prospect of someone else being able to access your data, make sure you have a password set up for your account. Also make sure that you have disabled Automatic Login so that no one can access your account when switching on your Mac.

To disable Automatic Login, open System Preferences – Accounts and click Login Options. You may first have to click the lock icon at the bottom.

Next, set your Mac to request your password when it is awoken from sleep (standby), or from a screen saver. You will find this option in the Security panel of System Preferences.

With this setting turned on, no one will be able to gain immediate access to your files, but that does not mean your data is safe. For example, anyone set up as an administrator on the computer can easily reset your password and log in. Even if you are the only administrator, someone with a Mac OS X install CD can reset your password. It is also possible to pilfer data by booting a Mac as a hard drive..

More Security

FileVault

FileVault was introduced with Mac OS X v.10.3. This feature brings high file encryption to your home folder. It scrambles the folder so that even if someone can access your system by booting from the CD, or if someone removes the hard drive, they will not be able to access your files without your password.

One problem with FileVault is that, since it encrypts and decrypts your data in real time, it can slow down your computer. Today, the effect should not be all that noticeable, but it still might bother you. Also, note that some users have reported strange problems that have been solved simply by turning off FileVault.

To switch on FileVault, look in the Security panel of System Preferences. Before doing so, consider setting up a master password for your computer, if you have not done so already. This will serve as a backup in case you ever forget your account login password. Be sure to make note of this password, if you forget both, you will not be able to recover your files.

How to Encrypt Files and Folders

If you want to restrict access to certain files and folders, rather than restrict access to your whole account, the easiest option is to put the data you want to encrypt into an encrypted disk image file. It will be a bit like making a password-protected folder.

First, assemble the files you want to add to a folder to be protected. Then, open Disk Utility from Applications – Utilities. Next, click File – New – Disk Image from Folder, pick a name and location, choose either 128-bit AES or 256-bit AES from the Encryption menu (the latter is more secure but takes longer to encrypt), and hit Create. When prompted, enter a password, and deselect Remember password for extra security.

Alternatively, click the New Image button to create a disk image of any size, which leaves room to drag in extra files later.

Your new disk image file will appear and be “mounted” as if it were a hard drive. Once all your private files are in the DMG file, you can delete or “secure” delete the original files. Next time you want to access the files, or add extra files to your protected area, double-click on the disk image file and enter your password. Keep the password in a secure place or, as with FileVault, your files will be lost forever.

Note that FileVault and encrypted disk images are based on the Advanced Encryption Standard (AES), a sophisticated system that marks a vast improvement over the Digital Encryption Standard (DES). AES is essentially impossible to crack. According to Apple’s calculations, a computer capable of cracking DES in a single second would take nearly 150 trillion years (longer than the life of the Universe) to work out your AES FileVault or disk image password.

Open Firmware Password

If you don’t want to use FileVault, but you want to protect your files, or the entire computer, then employ the Open Firmware Password utility (you can find it on your OS X software installation CD under Applications – Utilities). Once installed, the system will not allow any of the special start-up routines that can compromise security, such as booting from a CD or starting up as a target drive.

If, for some reason, you do need to boot from a CD, or use any other special start-up routine, hold down the Command key + Option + O + F and power up your Mac. When the Open Firmware prompt appears, type reset-nvram and hit Enter. Key in the password you created when installing the application, and hit OK. When the Open Firmware prompt appears, type reset-all and hit Enter.

Password Keychains

Computer users quickly accumulate lots of passwords. The typical user has passwords for internet connections, email accounts, websites, routers, network folders, online banks, disk images, and many more. When you enter a password on your Mac, OS X will usually offer to remember it. If you accept the suggestion, you will not need to enter that password again, as it will be stored in your virtual Keychain, and OS x will insert it when required.

Keychains are very handy, but if you are worried about someone being able to access all your passwords when you leave the room for a few minutes, you could ramp up the security by asking OS X to lock the Keychain, either permanently or after a period of inactivity. When locked, the Keychain will request your overall Keychain password before disclosing any information.

If you ever forget a password that has been stored on your Keychain, open Keychain Access and locate the relevant item in the list. Double-click it and select Show Password. You will need to enter your Keychain password (the same as your account password unless you have changed it), and then the missing password will be revealed.

Note that by default, the Keychain password is the same as your account password, which is handy. However, it also means that if someone can access your account, they can also access your passwords. For even more security, you should change your Keychain password, or even add a second Keychain with a separate password.

All these changes can be made within the Keychain access utility, accessible from the Applications – Utilities folder. Click the padlock icon to toggle the lock on or off, or select Change Settings for Keychain Login or Change Password.

Other Privacy Issues

Deleting files: When the user deletes Keychain Login (your default Keychain) from the Edit menu, it goes to the Trash, so anyone with access to the account can recover it. Emptying the Trash stops this from happening, though in theory the deleted files could still be recovered using special recovery software. To prevent someone from recovering your deleted files, select Secure Empty Trash from the Finder menu, and the files will be completely erased from your hard drive.

Private browsing: Your browser records all the websites you have visited in your history, cookies, searches and more. To prevent this, enable Private Browsing from the File menu in Safari. You can also choose Reset Safari to delete all the saved info.

Recent Items: If you do not want all your recently accessed files and programs, as well as any servers you have connected to, to be listed for all to see, go to the Apple icon – Recent items, and click Clear Menu in the bottom. Individual applications usually have a similar list in the File menu.

Forgotten Password

If you are locked out of your account:

  • Turn off your computer, and insert the Mac OS X CD that came with your Mac or copy of OS X.
  • Press C while you turn on your Mac and keep it held down until the Apple logo appears.
  • Choose Reset Password from the installer menu and choose your username – not “System Administrator”. Then follow the prompts. This should not affect your keychain or any other passwords.

Tips

Unless you have a bad habit of saving or moving files to random places on the hard drive, all your private data is located in your home folder. It includes not just documents and movies, but all your e-mails, cache, saved passwords and everything else on your desktop. All of these are saved in your Library.

If you just want to password protect some text information, numbers and the like, create a Secure Note using Keychain Access.

Be sure to also consider privacy threats on the internet and over your wireless network.

Links

  • Your old Mac is worth money! Check out our prices. We pay the best price on the online market for your secondhand device: Sell Macbook.
  • An interesting discussion about the troubles one runs into if forgetting the master password to their MacBook, one of many such Apple related discussions on Apple’s self-help forum: discussions.apple.com/thread/4058352?tstart=0

Comments

This post currently has 2 responses

  • I just bought a used iMac and it has extremely private pictures on it, what should I do?

    • This happened to us. In rare cases we at iGotOffer.com get devices with a series of cleavage shots down the shirt-front of a lady or even a bunch of financial documents. We delete them by wiping/re-imagening the device without notifying the ex-owner if it’s family pictures. If we see financial/tax records, or some sort of business correspondence, we try to reach out to the previous owner and warn him/her about this. Then we delete (wipe) the content, as aforementioned. Anyway, we all have private lives. So we think you should do exactly what you’d hope someone would do if you were in the same position.

Leave a Reply

Your email address will not be published.

Sidebar