ads

Secure Your Apple Mac Pro

Authored by:
Support.com Tech Pro Team
This Guided Path® was written and reviewed by Support.com’s Tech Pro team. With decades of experience, our Tech Pros are passionate about making technology work for you. We love feedback! Let us know what you think about this Guided Path® by rating it at the end.

1 Introduction: macOS: Security

Mac has been built from the ground up to provide excellent security. This guide will assist you in enabling these security features as well help you with the setup and configuration process. You must be an administrator of your Mac to perform these tasks.

Topics this guide will cover:

  • Using strong passwords
  • Gatekeeper
  • FileVault
  • Automatic updates
  • Setting up backups with Time Machine

We'll begin by setting up a secure password for your user account.

2 Security: Select Password

Wherever possible, you should pick a password that is impossible to guess and is also resistant to brute-force attacks. Note that some devices or systems do not allow special characters or they may have their own requirements.

Best practices for picking a strong password:

  • Passwords should be around 8 to 12 characters, but can be longer.
  • Avoid using words that are in the dictionary.
  • DO NOT use information that is easy to guess or phish for such as:
    • Important dates such as birthdays, anniversaries, etc.
    • Names of pets, friends, family, locations, etc.
  • Add some complexity to your password by adding at least:
    • 1 Capital letter
    • 1 Small letter
    • 1 Symbol
    • 1 Number
  • Try replacing letters with symbols, for example:
    • "Abc?123!" is easier to guess than "@B(?123!"
    • "Password!?" is easier to guess than "P@$$w0rd!?".

? Would you like to change your password now?

  1. Yes
  2. No

We're here to help!

Connect to a Tech Pro

Call or chat with a Tech Pro 24/7.

ads

Mac has been built from the ground up to provide excellent security. This guide will assist you in enabling these security features as well help you with the setup and configuration process. You must be an administrator of your Mac to perform these tasks.

Topics this guide will cover:

  • Using strong passwords
  • Gatekeeper
  • FileVault
  • Automatic updates
  • Setting up backups with Time Machine

We'll begin by setting up a secure password for your user account.

Wherever possible, you should pick a password that is impossible to guess and is also resistant to brute-force attacks. Note that some devices or systems do not allow special characters or they may have their own requirements.

Best practices for picking a strong password:

  • Passwords should be around 8 to 12 characters, but can be longer.
  • Avoid using words that are in the dictionary.
  • DO NOT use information that is easy to guess or phish for such as:
    • Important dates such as birthdays, anniversaries, etc.
    • Names of pets, friends, family, locations, etc.
  • Add some complexity to your password by adding at least:
    • 1 Capital letter
    • 1 Small letter
    • 1 Symbol
    • 1 Number
  • Try replacing letters with symbols, for example:
    • "Abc?123!" is easier to guess than "@B(?123!"
    • "Password!?" is easier to guess than "P@$$w0rd!?".

It’s important to change your login password from time to time to protect your privacy.

  1. Choose Apple menu > System Preferences.
    Screenshot of the Apple menu with System Preferences selected.

  2. Click Users & Groups.
    Screenshot of the System Preferences screen with Users & Groups selected.

  3. Click Change Password.
    Screenshot of the Users & Groups screen with the Change Password button selected.

    Screenshot of the change password screen. The fields are as follows: new password, verify, and password hint. There is a change password button in the lower right hand side.

  4. Enter your current password in the Old Password field.
  5. Enter your new password in the New Password field, then enter it again in the Verify field.
  6. For help choosing a secure password, click the Key button next to the New Password field.
    Screenshot of the key icon.
      
  7. Enter a hint to help you remember the password.
  8. The hint appears if you enter the wrong password three consecutive times, or if you click the question mark in the password field in the login window.
  9. Click Change Password.

Some precautions should be taken in order to keep your password secure.

Best practices:

  • Do not use a master password that you use everywhere (such as email, work, school, home, network)
  • If possible, do not share your password with anybody.
  • Passwords that are shared with others, like for a home network, should only be shared if necessary.
  • Be aware when typing your password in public, or that in no way anyone is watching.
  • Some types of electronic devices like computers and smartphones can remember passwords, so beware of devices that are not yours.
  • Make a schedule of when to change your password. For example, every 180 days.
  • It is not recommended to write down passwords. But if you have to, make sure that it is neither physically nor visually accessible by others.

This only applies to the newer MacBooks with the Touch bar along the top. If you do not have a Touch Bar, it is okay to skip this step.

The Touch Bar, along the top of your MacBook Pro, not only provides a convenient way to access functions and menus in your favorite apps, but also provides an extra, convenient security option.

  1. Your Touch ID button is on the far right-hand side of your Touch Bar on your Mac Book Pro.
    Mac keyboard with Touch bar, touch ID power button indicated

  2. Choose Apple menu > System Preferences.
    Screenshot of Apple menu with system Preferences highlighted

  3. Choose Touch ID.
    screenshot of system Preferences with touch ID highlighted

  4. Click the big plus sign to add a new fingerprint.
    screenshot of touch id preferences with add a new fingerprint highlighted

  5. Follow the instructions on the screen to add your fingerprint to Touch ID.
  6. Once your fingerprint is added, you can select to use your fingerprint to Unlock your Mac, for Apple Pay, and for iTunes & App Store purchases using the check boxes below.
    screenshot of touch id preferences with options to use touch ID for highlighted

Touch ID does not replace your password, rather it is added to it. Do not forget your password, you will need it in other places when Touch ID won't help.

A Lock Screen will help ensure that only you can use your computer, keeping your data safe. You will need to setup the Lock Screen first, then setup when the Lock Screen is used.

Setting up Lock Screen

  1. Choose Apple menu > System Preferences.
    screenshot of apple menu with System Preferences highlighted

  2. Choose Security & Privacy.
    screenshot of System Preferences with Security and Privacy highlighted

  3. In Security & Privacy, place a check mark next to Require password, and set the timer to something you are comfortable with, 5 minutes is the default. Place a check mark next to Disable automatic login. The Lock icon in the corner allows you to prevent further changes from being made, once you're done.
    screenshot of security and privacy Preferences with require password, disable automatic login, and lock icon highlighted

Set when Lock Screen is used

  1. Choose Apple menu > System Preferences.
    screenshot of apple menu with System Preferences highlighted

  2. Choose Desktop & Screen Saver.
    screenshot of System Preferences with desktop and screen saver highlighted

  3. Choose Screen Saver at the top. Pick a Screen Saver you like from the list on the left, and choose a time at the bottom. 20 minutes is the default.
    screenshot of screen saver Preferences with start after highlighted

  4. Hot Corners allows you to place your mouse cursor in that corner to instantly activate your screen saver. To configure this feature, click Hot Corners... in the bottom-right, then choose Start Screen Saver for one of the 4 corners.
    screenshot of hot corners dialog with one set to start screen saver as example

  5. Click OK to exit Hot Corners setup.

Some apps downloaded and installed from the Internet could adversely affect your Mac. Gatekeeper helps protect your Mac from such apps. When Gatekeeper is enabled, it will only allow trusted apps to be installed.

The most reliable place to get apps is from the Mac App Store as Apple reviews each app before it's accepted by the store. If there's ever a problem with an app, Apple can quickly remove it from the store.

For apps that are downloaded from places other than the store, developers can get a unique Developer ID from Apple to digitally sign their apps. This ID allows Gatekeeper to block apps created by malicious developers and verify that apps haven't been tampered with since they were signed. If the app has no Developer ID or it has been tampered with, Gatekeeper can block the app from being installed.

To set up Gatekeeper:

  1. Choose Apple menu > System Preferences.
    screenshot of apple menu with System Preferences highlighted

  2. Click Security & Privacy.
    screenshot of system preferences with security and Privacy highlighted

  3. Click the General tab.
  4. The Gatekeeper options are:
    • Mac App Store: Only apps that came from the Mac App Store can open.
    • Mac App Store and identified developers: Only allow apps that came from the Mac App Store and developers using Gatekeeper can open.
    • Anywhere: Turn Gatekeeper off. Allow applications to run regardless of their source on the Internet.
  5. Unlock the page and then select the recommended option "Mac App Store and identified developers."
    screenshot of security and Privacy preferences with lock and allow apps downloaded from sections highlighted

  6. Close the window.

To exempt an app from Gatekeeper:

  1. In Finder, Control-click or right click the icon of the app.
  2. Select Open from the top of contextual menu that appears.
    screenshot of Finder menu for an app with open highlighted
     
  3. Click Open in the dialog box. If prompted, enter an administrator name and password.
    screenshot of dialog for an app requesting permission to run
For the best security, we recommend keeping all apps and the operating system up to date.
  1. Choose Apple menu > System Preferences.
    Apple menu, with System Preferences selected. Screenshot.
  2. Click App Store.
    Screenshot of the System Preferences window, with App Store selected.
  3. Select “Automatically check for updates.
    • To have your Mac download updates without asking, select “Download newly available updates in the background.”
    • To have your Mac install app updates automatically, select “Install app updates.”
    • To have your Mac install macOS updates automatically, select “Install macOS updates.”
    • To have your Mac install system files and security updates automatically, select “Install system data files and security updates.”

      App Store settings. Screenshot.

MacBook, MacBook Pro, and MacBook Air must have the power adapter plugged in to automatically download updates.

A firewall can help keep other computers from connecting to it when you don't want them to, such as when you're on the Internet or a network. However, it will still allow you to browse the web using Safari, for example.

  1. Choose Apple menu > System Preferences.
    screenshot of apple menu with system Preferences highlighted
  2. Click Security & Privacy.
    system Preferences with Security and Privacy highlighted
  3. Click Firewall at the top, then click the Lock icon in the bottom-left. Enter your administrator password to continue.
    security and privacy Preferences with firewall tab and lock icon highlighted
  4. Click on Turn On Firewall.
    firewall settings with turn on firewall button highlighted
  5. Click on Firewall Options...
    firewall settings with firewall options button highlighted
  6. By default, the Firewall is configured to allow most signed apps (those from Apple and trusted parties), and block unsigned apps. This will allow you to use your computer normally, and give you good protection from most threats. Just make sure the only two options selected are "Automatically allow built-in software to receive incoming connections" and "Automatically allow downloaded signed software to receive incoming connections".
    firewall settings with options for allowing built-in and signed software allowed highlighted
  7. Click OK at the bottom to exit Firewall setup.

Keychain Access is an app for macOS that stores and manages your passwords for other programs, such as your web browser, Safari.

The idea is to allow you to avoid password reuse. You can use a different password for each website or place, and Keychain Access will store them, and automatically fill them in for you.

Your Keychain password cannot be reset. If it is forgotten, you have to reset it to empty, and start again.

To open Keychain Access:

  1. Choose Finder from your dock.
    Finder Icon

  2. Click Go, Utilities from the menu at top.
  3. Double click Keychain Access
    Keychain Access icon.

From here, you can see and edit your saved passwords, and make secured notes that are only visible to you.

Safari, the default web browser for macOS, offers great security by default, but there are a few things that you can change to make it more secure, but still easy to use.

  1. Open Safari from your Dock. The icon looks like a compass.
    Safari Icon

  2. Choose Safari > Preferences from the menu at top.
    screenshot of safari menu with Preferences highlighted

  3. Choose General at the top. Make sure Safari opens with is set to A new window, to prevent malicious pages from loading when you start your browser. Make sure the Homepage is a page you want and recognize. You may wish to change how often History items are removed. Also, if you are regularly using your computer in public, changing Top Sites to something lower so others can't see where you go over your shoulder would be a good idea.
    screenshot of safari general Preferences highlighting security-related options

  4. Choose AutoFill at the top. If you do not want Safari to automatically fill in some of your data, remove the check mark here.
    Screenshot of autofill tab with credit card option unchecked

  5. Choose Passwords at the top. You can choose not to let Safari fill in your passwords, edit, or remove any you do not recognize for websites you don't use.
    screenshot of password Preferences

  6. Choose Search at the top. Make sure the Search engine is one you recognize and trust. Verify quick website search doesn't remember any pages you don't want it to by clicking Manage Websites... on the right.
    screenshot of search Preferences

  7. Click Security at the top. Make sure the check box for Fraudulent sites is selected. You can also choose to block pop-up windows here.
    screenshot of security preferences with Fraudulent sites and pop-up blocker options highlighted

  8. Click Privacy at the top. Cookies are used to perform most logins, so it's not advisable to block all of them, but choosing to allow only from websites you visit is best. Click Manage Website Data... to review cookies currently on your computer, and remove ones you do not want or recognize. You can also set the 'Do not track' option here, which will help.
    screenshot of privacy options with cookies setting and website tracking option highlighted

  9. Click Websites at the top. From here, the different features of your browser are in the list on the left. Choose each, and you'll see a list of websites that can use that feature. Pay special attention to Camera, Microphone, and Location and remove websites you do not recognize or want to give that private information to. Check Auto-Play and Notifications to make sure no odd sites are listed which end up being common annoyances and advertising sources. Look through any Plug-ins you have at the bottom.
    screenshot of websites preferences with sensitive settings highlighted

  10. Click Extensions at the top. Look through the list of extensions here carefully, and make sure you recognize each. If you don't recognize the extension, remove it.
    screenshot of extension preferences with left list highlighted

With FileVault 2, your data is safe and secure — even if your Mac falls into the wrong hands. FileVault 2 encrypts the entire drive on your Mac, protecting your data with XTS-AES 128 encryption. It can also encrypt any removable drive, helping you secure Time Machine backups or other external drives with ease.

To set up FileVault:

  1. Choose Apple menu > System Preferences.
    screenshot of apple menu with system Preferences highlighted

  2. Click Security & Privacy.
    screenshot of system Preferences with security and Privacy highlighted
     
  3. Click the FileVault tab.
  4. Click to unlock the Lock button, then enter an administrator name and password.
  5. Click Turn On FileVault.
    screenshot of security and privacy Preferences with FileVault tab and turn on FileVault button highlighted
     
  6. If other users have accounts on your Mac, you might see a message that each user must type in their password before they will be able to unlock the disk. For each user, click the Enable User button and enter the user's password. User accounts that you add after turning on FileVault are automatically enabled.
    screenshot of enabling FileVault dialog with enable user and continue button highlighted

  7. Choose how you want to be able to unlock your disk and reset your password, in case you ever forget your password:
    1. If you're using OS X Mavericks, you can choose to store a FileVault recovery key with Apple by providing the questions and answers to three security questions. Choose answers that you're sure to remember.
    2. If you're using OS X Yosemite or later, you can choose to use your iCloud account to unlock your disk and reset your password.
    3. If you don't want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk.
      screenshot of dialog to create a FileVault local recovery key

      If you lose or forget both your account password and your FileVault recovery key, you won't be able to log in to your Mac or access the data on your startup disk.

  8. When FileVault setup is complete, your Mac restarts and asks you to log in with your account password. Your password unlocks your disk and allows your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.

Find My Mac isn't just handy for locating a missing computer, it can also be used to lock or erase a device in a worst case scenario.

  1. Choose Apple menu > System Preferences.
    screenshot of apple menu with system Preferences highlighted

  2. Choose iCloud.
    screenshot of system Preferences with iCloud highlighted

  3. Scroll down, and make sure Find My Mac is checked.
    Screenshot of find my mac option

Use Find My Mac

  • Using the Find My iPhone app on another mobile device.
  • Using the Apple iCloud website: https://www.icloud.com/

Find My Mac will only work on a Mac if it is connected to a cellular network or wireless network. If the Mac does not have connectivity, Find My Mac will not be able to communicate with the device.

Data Backup

Now that we've covered updates and security, let's go over some best practices for backing up your data.

  • First and foremost, it is always wise to backup you data and backups should be performed regularly. Even beyond the scope of malware or security, it is always prudent to have frequent backups because hard drives can fail, systems can crash, things can break, "life can happen", so you're always better off safe than sorry.

  • Data backups, just like any type of backup are a matter of redundancy. One backup solution is good, two or more is better.

  • Offsite backups are always a good idea, especially as a secondary backup. That way if an event happens such as a fire, flood or theft, you have the remote offsite backup to fall back on.

  • It is always prudent to set your backups to use a versioning scheme. That way if files are corrupted, infected or locked, you don't have to worry about having only one backup which may be the bad version.

  • If you are using a local backup such as an external hard drive it is always a good idea to disconnect the drive when it is not in use. The reason being, some forms of malware can encrypt or corrupt all data on all connected drives, so a drive that is not connected will not be affected.
  1. Purchase an external hard drive at least as large as how much information you have to back up. To see approximately how much space you'll need:
    1. Choose Apple menu > About This Mac.
      screenshot of apple menu with about this mac highlighted

    2. Click the Storage tab.
      screenshot of storage tab
       
  2. Connect the external hard drive to your computer, and power the drive, if required.
  3. Choose Apple menu > System Preferences.
    screenshot of apple menu with system Preferences highlighted

  4. Click Time Machine.
    screenshot of system Preferences with time machine highlighted

  5. Click Select Backup Disk, Select Disk, or Add or Remove Backup Disk.
    screenshot of time machine Preferences

  6. Select a backup disk from the list, then click Use Disk.
  7. Click the Time Machine Small time machine icon icon on the top-right side of your Mac, and choose Back Up Now.

Your initial backup will take a while to complete. Do not turn off your Mac, but you may continue using your Mac. A message will pop-up in the top-right corner letting you know when the backup is complete.

You can check the status of the backup by clicking on the Time Machine small time machine icon icon in the top-right.

MacOS is designed to help keep you safe. Remembering a few, simple rules allow you to keep your digital life safe.

  • Secure, complicated passwords that you use only once per site or program.
  • Not sharing your passwords, or allowing others to see your password.
  • Using Keychain Access to keep a large list of passwords secure.
  • Making sure Gatekeeper is enabled and keeping you safe.
  • Using file encryption with FileVault.
  • Making a backup and making sure it's up-to-date.
ads
ads