SECURING YOUR USER ACCOUNTS

It has been said that a computer is only as secure as the user. That’s why we begin our journey of making your Mac more secure here: if the user level of your Mac is left unsecured, then you are vulnerable to unwanted access to your machine. Let’s look at how we can make this part of your computing workflow safer.

SETTING PASSWORDS

The first line of defense in any computer system is to secure your user account with a strong password. When someone has access to your user account, they have access to all of your files, your browsing history, your applications, and sometimes even your online accounts and passwords (if they are not stored securely). This is why it is very important to create good passwords and rotate them frequently.

Rotating (or changing) your passwords ensures that if someone were to get your password, it will not work once it has been changed. For system account passwords, we recommend changing them anywhere between every six months to a year.

If you have never set a user account password in OS X, then your system can be easily accessed by just specifying your username. This can be fixed by setting up your password for the first time. To do this, open System Preferences by going to the Apple menu and selecting «System Preferences.» Next, navigate to Users & Groups > Your User Account > Password. Once there, click on the «Change/Set Password» button.

In the dialog that appears, enter your old password (if there is no old password, then leave this field blank), then type in your new password and verify it. You can optionally set a password hint, but ensure that the password hint only jogs your memory about the password you’ve set and does not include any information about the content of your password.

When you’re ready to secure your account, click on the «Change Password» button. Remember this password, as you’ll need it to log into your computer and to make changes to your system.

ENABLING FILEVAULT

Setting a password is essential, but there’s another oft-forgotten piece of the puzzle: your hard drive. Even though you’ve got a password set on your account, it controls only your login and access to your account. Files in your account are still written to the hard drive in plain sight. If someone is able to get physical access to your Mac, then they can easily read the files from the internal drive by connecting it to another machine while your Mac is in Target Disk Mode (http://bit. Iy/ml_targetdisk), or by removing the drive and placing it in another computer.

To solve this, Apple introduced FileVault. This feature of OS X encrypts your entire drive, files and all. This means that if someone were to gain access to your hard drive, they would not be able to read your files. The only way that the drive can be unencrypted is if someone had access to your OS X user password or had access to the recovery key.

Setting up FileVault to encrypt your Mac is an easy process. To enable it, visit System Preferences > Security & Privacy > FileVault. Once here, click the «Turn On FileVault…» button. After doing this, you will be presented with a «safety net» passcode. Write down and keep this passcode in a safe place. If you forget your user account password, this passcode can be used to decrypt your Mac’s hard drive.

On the next screen, you have the option to store your recovery key with Apple. If you choose to store your password with Apple, then you will be able to contact Apple to retrieve the passcode should you forget it in the future. This added level of safety means that you can still access your files, even in the worst-case scenario. After selecting your options and filling in the security information, you will be prompted to restart your Mac. This will begin the encryption process.

Upon restarting, your Mac will begin the lengthy process of encrypting your hard drive and all of its files. This process can take quite a while, so you may want to start this in the morning and let it run all day. Depending on the size of your drive, it can take upward of 12 hours or more. The wait is worth it: your Mac will be better protected once the encryption process has completed.

One difference with your Mac that you will notice is the startup: on the Apple boot screen, you will now be prompted to sign into your Mac’s user account. This is due to the fact that your Mac must now decrypt the hard drive before booting into OS X.

3 SYSTEM PREFERENCE TO PROMOTE SECURITY

With a little help from System Preference, you can further lock down your Mac to prevent unauthorized access to your computer.

TURN OFF AUTO LOGIN

Having your Mac automatically log into your user account poses a huge security risk. You can reduce this security risk by visiting System Preferences > Users & Groups > Login Options. Once there, ensure that the drop-down menu option for «Automatic Login» is set to «Off.» Note that if you’ve turned on FileVault, then Auto Login will be turned off by default.

Turning off Automatic Login limits unauthorized access to your Mac to those with knowledge of your user account password.

TURN ON PASSWORD REQUIREMENTS

When you leave your Mac unattended without any password requirements, then anyone can easily walk up to your machine and access the entire computer, files and all. To curb this issue, OS X features password requirements that can be set in System Preferences > Security & Privacy > General. Ensure that the checkbox for «Require password immediately after sleep or screen saver begins» is checked so that you’ll be required to enter your password in order to start using your Mac again. Block unauthorized access by automatically locking down your Mac when you’ve stepped away from it.

TURN ON FIREWALL

While the router on your network provides a firewall to the outside world via the Internet, whenever you’re on a public network, your Mac (just like all other computers) is vulnerable to network trickery. To enable the firewall, visit System Preferences > Security & Privacy > Firewall. Once there, click on «Turn On Firewall.» From this point on, any unauthorized incoming network connections will be blocked. We especially recommend turning this on when using a portal Mac over an open, shared Wi-Fi network connection.

Enable the OS X Firewall to turn away unauthorized incoming network connections.

Like this post? Please share to your friends: