Here are some settings you may want to check out if you are concerned about security on your Mac. Not all of these are necessary, but you may want to consider them.
You can also watch this video at YouTube.
Watch more videos about related subjects: Security (132 videos), System Settings (172 videos).
You can also watch this video at YouTube.
Watch more videos about related subjects: Security (132 videos), System Settings (172 videos).
Video Transcript
Hi, this is Gary with MacMost.com. Today let me show you ten security settings on your Mac that you should take a look at.
MacMost is brought to you thanks to a great group of more than 900 supporters. Go to MacMost.com/patreon. There you can read more about the Patreon Campaign. Join us and get exclusive content and course discounts.
So there are a ton of settings in System Preferences and elsewhere on your Mac. I want to show you ten that have an impact on the security of your Mac. Now I'm not going to tell you that you need to set every single one of these. But it's important to know what they are and what they do. You may want to turn some of them on and leave others off. I'll categorize each one one of three ways either as a top priority, something you should really consider doing, a just do it, in other words it probably doesn't hurt to turn this on, or a best practice, something you may want to consider but not everybody wants to turn on.
So as you can imagine a lot of these are going to be in System Preferences, Security & Privacy. So let's start off there. Under General there's a setting for Require Password after a certain number of minutes. Now you should definitely have this turned on. You want to require a password to make sure if somebody steals your Mac they can't get into it and get access to all of your documents, passwords, accounts, and other things. But you also want to make sure you set this time to something pretty low. I would never set it for anything more than 5 minutes. Now I know that can seem inconvenient. You go leave to get a cup of coffee, come back, and have to enter your computer password again. But it's just basic security. You shouldn't mind having to type your password a few dozen times a day if that's what it takes to keep everything that you've got secure. Five minutes is probably fine for a desktop Mac. Something that never leaves your home or office. But you may want to consider going down to one minute if you have a portable Mac. Something you might be bringing around with you throughout the day or taking with you on travel. Or even have it set to Immediately which is how I do it on my MacBook.
Now while we're here we've got another setting you should look at which is Just Best Practice. Click on the padlock here to Authenticate and now you've got show a message when the screen is locked. Here you can turn that on and you can set a message. This will appear on the locked screen. So in other words if you loose your Mac it's easy for somebody to open it up and see either a phone number or an email address or someway to contact you or a place to take the MacBook. The less people that have to handle your MacBook if you loose it the better. The first person to find it has a way to get in touch with you then great. Otherwise they may turn it into somebody who then may turn it into a lost and found and it may just keep going down the line. Every person that touches it that means it will take longer to get back to you and more of a chance of somebody just trying to steal it or take it for parts or something.
Now also right here in Security & Privacy, in General, there's Allow apps dowloaded from. So here you can set it to App Store or App Store and identified developers. Now for the higher security you want to set it to App Store. Only Allow Apps from the App Store. It does not mean you can't go in here to change this to download another app that you may need that's only available directly from the developer's site and it should be, of course, a developer's site that you trust. But having it set by default to App Store will prevent you from accidentally making a mistake or maybe if somebody else also uses your Mac having them make a mistake as well.
Now in Security & Privacy the second tab is FileVault. So FileVault will encrypt everything on your drive. Without FileVault turned on, even is somebody can't get into your Mac because they don't know the password, technically somebody could take the drive out of it, connect the drive to another computer and all the data is there. However if you have FileVault turned on everything on the drive is encrypted. I'll classify this as a Best Practice but really just for Desktop Macs it's the Best Practice. If it's a MacBook definitely have this turned on. I make it a Top Priority. It's painful though to turn this on if you've already been using your Mac and have it off. It's going to take awhile to turn this on if you've already been using your Mac and you have it off. It's going to take a while to encrypt everything. So if you've been using your Mac with FileVault off and you don't think you're in much danger of having your Mac Stolen, then maybe keep in mind for the next Mac to have this turned on from the get go.
Now let's go back to the top level of System Preferences. Go to Sharing. Now in Sharing on the left you have File Sharing. Now if you have that turned On anybody on the same network can see your computer, they can see that you're there, the name of your computer and even stuff you have shared. If you have anything shared without a password like Public Folder, then they'll have access to it. Now no problem if you're at work or at home. These are private networks. But the minute you log onto a network, say at a school or maybe at a hotel other people can see your Mac. As a matter of fact sometimes when you travel you may notice other people's hard drives popping up in left side of the Finder window because they have File Sharing turned on and they are on the same network as you. So turn off File Sharing. In most cases it's not a big security issue but it just gives you peace of mind to have that turned off. If you need to use File Sharing for something when you're at home or at work you can turn it on, use it, and then turn it off again.
Now in System Preferences you can go to Siri. Under Siri what you see depends on whether or not you have Touch ID on your Mac. So if you have a MacBook with Touch ID you're going to have the option here to allow you to activate Siri using your voice even if your Mac is locked. Now this usually isn't a big issue. But people can access certain things and send text messages and do stuff using this. So for peace of mind it's a best practice to have this turned Off for security reasons. But if you have a good reason to have this on, like if you often find that you need to be able to activate Siri with your voice through your Mac, then you could argue that you should have it turned on.
Now under Network in System Preferences if you go to WiFi you'll see that you've got a list of network names and for each one, when you select it, you have Automatically Joined this Network. Now that makes sense. It's only going to have networks in this list that you've already joined and having it automatically joined it again saves you a lot of time. But keep in mind sometimes you may join networks that you don't fully trust like maybe one at a coffeeshop. So you join the network, you use it for some basic things, something that doesn't really need security, but then you forget that you've got it in your list here and then next time you're in that area it's going to automatically join that network. This time you may not realize it and actually do something that requires a little bit better security. So, every time you join a new network make sure you look in here for the network name and maybe turn off Automatically Join this Network if it's only one you kind of trust.
Next let's look at Users & Groups. If you go to Login Items here and Authenticate first it goes without saying you should have Automatic Login turned Off. You should definitely not be using Automatic Login. It's a big security issue. So that's a Top Priority. But in addition what you may want to do is Display Login Window As, Name and Password. So when you go to login you have to type in your user name and your password. Otherwise if you use List of Users it gives all of the user names. You see all of the users on the computer and this may give clues as to who you are. Who owns this Mac. But also then all that somebody who steals your computer has to do is then guess the password. But if you say Name and Password they have to guess both your user name and your password which makes it so much harder for them to break into your Mac.
In Safari, if you go to Safari Preferences, under General, there's an option for Open safe files after downloading. So in other words if you were to download a pdf it would automatically open up that pdf. Well first I find this a little annoying sometimes. Sometimes I just want to download something. But also years ago there were exploits that abused this to install malware. You would click on a link that would download something that would automatically open it up in another app and then use an exploit to install malware. Now there's nothing like that out there right now. So really it kind of makes no difference whether you have this turned on or off. But I feel it's a good security measure to have this turned off. After all if you want to view a file you can download it and then double click it to open it. It's not like it's that hard to view a file once you've downloaded it. So this little convenience isn't worth the risk.
Now back in System Preferences there's Software Update and you should really have Automatically keep my Mac up to date. Under Advanced all of these checkboxes checked. Remember it's not just important to keep your system up to date to get all the security patches but apps as well. So having app updates from the App Store install new apps automatically is really important. There may be apps that you rarely use and you may not notice when there are new updates that include important security patches until it's months later. But having all the apps up to date will keep your Mac more secure.
Here's a bonus one. In Time Machine Settings when you go to create a new Time Machine Backup, some of you select disk. Look at the bottom here. There's a checkbox here for encrypt backups. So here's the issue. Say you're using FileVault on your Mac to keep everything there secure but somebody breaks into your office, steals your Mac and the Time Machine drive. If the Time Machine drive isn't encrypted they've got all your files. All they need to do is hook it up to any other Mac and all the files will be there. Only if it's encrypted will they not be able to get to the files there. So you should definitely use encryption on a Time Machine backup. However, if you have a Time Machine Backup now that's not encrypted it's painful to encrypt it. If you turn on encryption it's going to take days for it to finish that encryption. It'll do it in the background but it will still take a long time. So if your drive is relatively secure, you're not really afraid of somebody stealing that Time Machine backup drive, then you may want to hold off and simply use encryption the next time your get a new Time Machine backup drive or decide to restart your Time Machine backup from scratch.
So hopefully you're already doing a lot of these. You may not want to do all of them. You may want to judge based on your own security risks and how you use your Mac. But if you're not doing very many of these hopefully you'll consider adding a few of them just to make your Mac a little bit more secure.
I am 75 years old and I have needed this topic for a long time.
You are such a knowledgeable person for the Mac.
I so appreciate your video's
I will definitely be using the Firewall (I never knew this before)
Thank you
when Filevault is enabled it always shows every user and only requires a password. Is there any way to just show the boxes; user name an password.
thanks.
Russ: System Preferences, Users & Groups, Login Options, "Display login window as."
I am on Mojave. sorry I for got to mention. Name and user name appears when I have logged out. It does not appear when I start up from a complete shutdown. Is that because I am on Mojave and not on Big Sur. I have external drives with Big Sur on them I use for testing. I will try those and see how that works. Thanks for all your time and help.
Just verified that from a shutdown in both Big Sur and Mojave user name and password do not appear. The User appears and only a password is required when Filevault is enabled; either from an Internal or external drive. I must be doing something wrong. Any ideas? thanks again.
Russ: I'm not sure I fully understand what you want here. Just play around with that one setting, it is the only you can can change, and set it to be the best way for you.
Hi,
I really appreciate your video’s.
Thanks for sharing your knowledge, really helpful.
Hrz
Hi Gary. Re encryption. Files on my Macbook/Big Sur not encrypted. Neither on my external backup drive. Am considering to start backup afresh and encrypt. Will this be a problem (if HD on MacBook not encrypted) if I should have to use the Time Machine restore function? Kind regards Gary
Hubert: As long as you don't forget the password to the Time Machine backup, it will work just like before.
Hi Gary!
If I choose to encrypt my TM backup, will I still be able to retrieve a deleted file or folder from there?
Thanks in advance!
Robert
Robert: Of course. It will work the same, as long as you don't lose the password.
If your computer crashes big time and you have to start again on a other machine or new hard-drive, motherboard,etc, will encrypting your Time Machine back up lock you out of using your Backup to recover?
Dave: Not if you know the password you used to encrypt it.
Hi Gary. My issue is with enabling automatic software updates on my iMac. Enabling this feature has resulted in the massive destruction of my files in the Notes, Music and Photos Apps. I have lost thousands of photos because I had automatic software updates enabled. This has happened multiple times when Apple upgrades its whole operating system but not when Apple provides security updates. It's for that reason I have been reluctant to upgrade to Big Sur. Any comments or suggestions to help?
Tom: First, automatic updates will not do "whole operating system" updates, like going from Catalina to Big Sur, for instance. You always have to trigger those yourself. These would be updates like going from 11.1 to 11.2 or updating Safari or other apps, and security updates too.
As for why you have lost data when doing major updates in the past, I have no idea. That has certainly never happened to me and I haven't heard of it happening to others, at least not unless there has been another reason from the issue, like the user deciding to "wipe" the drive to do the update, or having physical hard drive issues.