Anyone with a little bit of know-how and physical access to your computer – an unpleasant colleague, a thief, or whoever – could probably access all your data. You can protect yourself against these unfortunate events.
Mac: Manage Your Privacy and Passwords
First of all, if you are worried by the prospect of someone else being able to access your data, make sure you have a password set up for your account. Also make sure that you have disabled Automatic Login so that no one can access your account just by switching on the Mac.
To disable Automatic Login, open System Preferences – Accounts and click Login Options. You may first have to click the lock icon at the bottom.
Next, get your Mac to request your password when it is awoken from sleep (standby) or from a screen saver, You will find this option in the Security panel of System Preferences.
Thus no random outsider can get immediate access to your files, but that does not mean your data is safe. For example, anyone set up as an administrator on the computer can easily reset your password and log in. Even if you are the only administrator, someone with a Mac OS X install CD can reset your password. It is also possible to pilfer data by booting a Mac as a hard drive.
FileVault was introduced with Mac OS X v.10.3. This feature brings high file encryption to your home folder. It scrambles the folder so that even if someone can access your system by booting from CD or if someone removes the hard drive, they will not be able to access your files without your password.
One problem with FileVault is that, since it encrypts and decrypts your data in real time, it can slow down your computer. Today, the effect should not be all that noticeable, but it still might bother you. Also, note that some users have reported strange problems that have been solved simply by turning off FileVault.
To switch on FileFault, look in the Security panel of System Preferences. Before doing so, though, consider setting up a master password for the computer – if you have not done so already. This is basically just a backup in case you ever forget your account login password. Make a note of this one somewhere – if you forget both, you can kiss goodbye all your files forever.
How to Encrypt Files and Folders
If you want to restrict access to certain files and folders, rather than restrict access to your whole account, the easiest option will be to put the data you want to encrypt into an encrypted disk image file. It will be a bit like making a password-protected folder.
First, assemble the files you want to add to a folder and protect them. Then open Disk Utility from Applications – Utilities. Next click File – New – Disk Image from Folder, pick a name and location, choose either 128-bit AES or 256-bit AES from the Encryption menu (the latter is more secure but takes longer to encrypt) and hit Create. When prompted, enter a password and deselect Remember password for extra security.
Alternatively, click the New Image button to create a disk image of any particular size, which leaves room to drag in extra files later.
Your new disk image file will appear and be “mounted” as if it were a hard drive. Once all your private files are in the DMG file, you can delete or “secure” delete the original files. Next time you want to access the files, or add extra files to your protected area, double-click on the disk image file and enter your password. Keep the password in a secure place or, as with FileVault, your files will be lost forever.
Note that FileVault and encrypted disk images are based on the Advanced Encryption Standard (AES), a sophisticated system that marks a vast improvement over the Digital Encryption Standard (DES). AES is at the moment essentially impossible to crack. According to Apple’s calculations, a computer capable of cracking DES in a single second would take nearly 150 trillion years (longer than the life of the Universe) to work out your AES FileVault or disk image password.
Open Firmware Password
If you don not want to use FileVault but you want to protect your files (or if you are keen to protect the entire computer rather than just your home folder) then employ the Open Firmware Password utility (you can find it on your OS X software installation CD under Applications – Utilities). Once installed, the system will not allow any of the special start-up routines that can compromise security – such as booting from a CD or starting up as a target drive.
If for some reason you do need to boot from a CD, or use any other special start-up routine, hold down the Command key + Option + O + F and power up your Mac. When the Open Firmware prompt appears, type reset-nvrom and hit Enter. Key in the password you created when installing the application, and hit OK. When the Open Firmware prompt appears, type reset-all and hit Enter.
Computer users quickly accumulate lots of passwords: for Internet connections, email accounts, Websites, routers, network folders, online banks, disk images, the list goes on. When you enter a password on your Mac, OS X will usually offer to remember it. If you accept the suggestion, you should not need to enter that password again, as it will be stored in your virtual Keychain, and OS E will insert it when required.
Keychains are very handy, but if you are worried about someone being able to access all your passwords when you leave the room for a few minutes, you could ramp up the security by asking OS X to lock the Keychain, either permanently or after a period of inactivity. When locked, the Keychain will request your overall Keychain password before disclosing any information.
If you ever forget a password that has been stored on your Keychain, open Keychain Access ad locate the relevant item in the list. Double-click it and select Show Password. You will need to enter your Keychain password (the same as your account password unless you have changed it), and then the missing password will be revealed.
Note that by default, the Keychain password is the same as your account – which is handy. However it also means that if someone can access your account, they can also access your passwords. For even more security, you could change your Keychain password, or even add a second Keychain with a separate password.
All these changes can be made within the Keychain access utility, accessible from the Applications – Utilities folder. Click the padlock icon to toggle the lock on or off; or select Change Settings for Keychain Login or Change Password
Other Privacy Issues
Deleting files: When the user deletes Keychain Login (your default Keychain) from the Edit menu, it goes to Trash, so anyone with access to the account can recover it. Emptying the Trash stops this from happening, though in theory the deleted files could still be recovered using special recovery software, To avoid that anyone could resuscitate your deleted files, select Secure Empty Trash from the Finder menu, and the files will not only be deleted but completely blanked from the hard drive.
Private browsing: Your browser records all the Websites you have been to in your History, cookies, searches and more. To stop this from happening, enable Private Browsing from the File menu in Safari. Or choose Reset Safari to delete all the saved info.
Recent Items: If you do not want all your recently accessed files and programs – as well as any servers you have connected to – listed for all to see, go to the Apple icon – Recent items and click Clear Menu right at the bottom. Individual applications usually have a similar list in the File menu.
If you are locked out of your account:
- Turn off your computer, and insert the Mac OS X CD that came with your Mac or copy of OS X.
- Press C while you turn on your Mac and keep it held down until the Apple logo appears.
- Choose Reset Password from the installer menu and choose your username – not “System Administrator”. Then follow the prompts. This should not affect your keychain or any other passwords.
Unless you are in the bad habit of saving or moving files to random places on the hard drive, all your private data is located in your home folder. It includes not just documents, movies, etc. But all your e-mails, cache, saved passwords and everything on your desktop. All of these are saved in your Library.
If you just want to password protect some text information – numbers and the like – create a Secure Note using Keychain Access.
Consider privacy threats on the Internet and over your wireless network.
- Your old Mac is worth money! Check out our prices. We pay the best price on the online market for your secondhand device: Sell Macbook.
- An interesting discussion about the troubles one runs into if forgetting the master password to their MacBook, one of many such Apple related discussions on Apple’s self-help forum: discussions.apple.com/thread/4058352?tstart=0