Automatic Login And Why You Should Never Use It

You can set your Mac to not require a password when you start up, wake up or log in. However, you should never use this function. Doing so leaves all of your information vulnerable to anyone who gets physical access to your Mac. Even if you are using a Mac that is stationary and locked up, it doesn't make sense to take the risk. Entering a password every time you use your Mac is a small price to pay for good security. You can mitigate the number of times you enter your password by setting the Require Password time to something reasonable, such as 5 minutes.

Video Transcript
Let's talk about Automatic Login. Let me show you how to use it. More importantly how to disable it and why you should have it disabled. You should absolutely NOT be using automatic login. A lot of people don't want to have to enter a password every time they sit down at their Mac. I can understand. It's kind of annoying especially if you have a Mac that's on a desktop, it's sitting in your house. It's not a laptop. You're not moving it around. You think I'd should just be able to turn it on or hit the spacebar and start working. But a password protects your Mac.

So let's go and look at it first. In System Preferences there are two places where you talk about automatic login. The first is in Users & Groups. You go in there and you go to Login Options here. You can see Automatic Login. I've got it turned off. In order to work with it I need to authenticate, so I'll click here, and you can see I can set Automatic Login for one of the users on this Mac.

I'm going to leave it to Off but even if I switched it to On I could actually turn it off in a separate space by going back up to the main level, System Preferences, going to Security & Privacy and then under General you can see Disable Automatic Login. So that's checked because I have it Off. But even if I had it On and had it set to a user checking this box would then turn it Off. So there's two ways to turn it off. If you want to turn it on you would have to uncheck this then you would have to go back to where I was before and set a user to be the one for automatic login.

But you shouldn't do that. Obviously if you have a MacBook and you've ever taken it out of your house the reasons are obvious. It's easy for somebody to swipe it and then they have access to everything. They can check your email. They can do everything that's on your Mac because they don't need to login. But even if it's in your house or in your workplace and nobody is supposed to have access to it, well, you know, things happen. There are break-ins. There are ways people get access to your stuff. You know that one occasion where somebody actually does get access to it, they can get to everything. Which could be way more valuable that what's actually in your house.

It's so important. I know it takes you a few seconds to login. Actually if you're doing it on a regular basis, I probably have to login to my Mac a couple dozen times a day, it gets real quick. You know that password. It's fast. Of course, if you have a MacBook Pro with the touch ID it's even faster. But even if you enter the password super fast, it takes me a second just for my fingers to go over that password, so once you get used to it it's very quick. It's kind of like putting on a seatbelt when you get in the car. Right. I mean that takes a second to do and you have to do it every time you get in the car and take it off every time you get out. But you still do it because you know that is safer. It's the same thing here. You should absolutely be using a password and not using automatic login.

Now there is a way to alleviate things a little bit. You can set this Require password and you can set it to a time here. Just having it set to five minutes can actually cutout a lot of your logins. So, for instance, say you're in your office, you're working and your Mac goes to sleep. Now you think, oh great now I have to enter my password again. But if you have it set to five seconds, one minute, or five minutes then you know you could actually press the spacebar when you see that happen and you won't have to login again. Yet it's still providing most of the protections because chances are nobody is going to break-in to your house within five minutes of you getting up from your computer. I mean it probably is going to take you five minutes to get out of the house let alone for something bad to happen. Setting it to five minutes, maybe even fifteen, is a way to alleviate the issue. But anything longer than that you're entering into a kind of danger zone. I wouldn't go there.

You'll also want to make sure this item is actually checked. Without it checked that means if you walk away from your Mac it won't automatically log you out. You actually have to manually log yourself out. You want it to automatically log you out so that you don't have to worry about doing that. Think of it this way. When you get in a car you have to put your seatbelt on. It's a little bit of an inconvenience but it's definitely worth it for safety. But it's also inconvenient because then you have to take your seatbelt off to get out of the car. The great thing is with your Mac you don't have to take your seatbelt off. It's done automatically for you. You just have to worry about putting it on, entering the password, when you first start using your Mac.

So I can't stress enough how important it is that you do not use Automatic Login. It's just part of using a computer today. It's like wearing a seatbelt or wearing a bike helmet, or not giving your social security number to strangers. It's just one of those things that you need to do. Enter a password to startup or wakeup your Mac every time.

Comments: 18 Responses to “Automatic Login And Why You Should Never Use It”

    Shirley
    7/26/18 @ 9:25 am

    All good information except when one spouse dies and did not share the password.

    brad
    7/26/18 @ 11:13 am

    Ok you win. If it becomes too much of a hassle, we could set up another user that doesn’t have access to anything important, right?

    Mr. Luigi
    7/26/18 @ 12:00 pm

    A little perk of owning an Apple Watch is it can automatically unlock your Mac. Safe, secure, and very convenient.

    7/26/18 @ 1:34 pm

    Shirley: A good practice is to have both spouses have an admin account on the computer, even if one never uses it. You can always force a password reset if you have access to an admin account.

    7/26/18 @ 1:38 pm

    brad: Not sure what you mean. You can set up another user, but that user should have a password too. All users need to have a password.

    brad
    7/26/18 @ 2:41 pm

    Hi Gary,
    My new account would be vanilla Mac without any secret information in any files–as if I sat down to a terminal in a library.

    I’d set it up with no password and restrict my original account up the wazoo (probably start with a much harder master password) since I wouldn’t be using it except rarely for sensitive tasks.

    I haven’t set up a new account in years & it’s probably more trouble than I remember but, I probably won’t go back to leaving her wide open.

    7/26/18 @ 2:52 pm

    brad: That’s not a good idea. I’m not sure what the purpose of a vanilla account would be. If you wouldn’t be using it for anything, then why have it at all? And if you will use it for something, then it should be password-protected. And if you create any account and it is unprotected then it could be a doorway into your Mac. As an admin account, it could grant access to the other accounts easily. And if not, then again, what’s the point?

    brad
    7/26/18 @ 5:01 pm

    “And if you create any account and it is unprotected then it could be a doorway into your Mac.”

    That’s the kind of thing that made me want to run it by you.

    Thanks agin!

    Bert Mullemeister
    7/27/18 @ 3:13 am

    Hi Gary, in previous videos you mentioned that it is wise to sleep your iMac
    I presume you would first log off

    7/27/18 @ 4:30 am

    Bert: unless you have set it otherwise, you should be automatically logged off when your Mac sleeps.

    Joe
    7/27/18 @ 10:23 am

    Hi Gary, by doing this, enabling a PW even from the sleep mode, will it it help to keep a hacker out too? Thank you for any advice you can offer on this topic…
    Joe

    7/27/18 @ 10:26 am

    Joe: Enabling with Sleep will keep someone out with physical access when you walk away. It also means you don’t have to remember to lock it all the time when you walk away. Just having the password (a strong one) will keep “hackers” out. But if it isn’t locked and they get hold of your computer, then the password isn’t much help.

    Joe
    7/29/18 @ 8:08 pm

    Hi Gary, thank you for your response. However, I don’t know what you mean by “Locked”?
    Also, will it help from being hacked through the network? Not just a physical hacking?
    Thanks again for your help…

    7/29/18 @ 10:42 pm

    Joe: Locked means you are logged out and the Mac is “locked” until you log in again. See the setting “Require Password” in System Preferences, Security & Privacy, General like I show in the video.
    Setting a password is definitely required to prevent someone from remotely logging in to your Mac. However, how it locks when you sleep doesn’t matter for that,

    Ian Leckie
    8/10/18 @ 7:46 am

    Hi Gary! I have my iMac login set up just as you recommend. But someone could remove one of my various external SSDs which I use for clones and Time Machine backups, and so have access to my data. What would you suggest is the best way to protect these external drives too? Thanks, Ian.

    8/10/18 @ 8:08 am

    Ian: Aren’t you using the Time Machine encryption option? If so, then they wouldn’t be able to access the data on your Time Machine drive without your password. As for clones, perhaps the cloning software you use has an encryption option. Or, maybe consider simply using Time Machine for a second backup instead of a clone. Consider the reasons why you have a clone too — they aren’t as useful as a real incremental backup like Time Machine and this security issue could be a big downside for you.

    Ian Leckie
    8/11/18 @ 3:47 am

    Thanks for replying and helping me, Gary! I´ve been using TM for years but have always overlooked the “Encrypt” option. Have now encrypted my TM drives. For cloning I use Carbon Copy Cloner, and it also has an encryption option I wasn’t aware of! Just goes to show that even as a long time Mac user (27 years!) you never stop learning!! Keep your excellent videos coming! Best regards, Ian.

    8/11/18 @ 6:36 am

    Ian: My problem with clones is that they are exact copies of your drive. So create file A on Monday. Clone Monday night. Delete file A on Tuesday. Clone Tuesday night. Wednesday wake up and realize that file A was very important so go to your clone to get it from there. But it isn’t there as the clone is an exact copy of your files from AFTER you deleted it.
    What clones are good for: Your drive fails and you have critical work to do today. You swap the clone for the failed drive temporarily to get the work done. Then after that you get a new drive, install the OS, and restore your files. But that’s not what most people in most situations would do today. You would get your Mac fixed right away, and maybe use another one if you needed to get something critical done right away.

Comments Closed.