When you sell, donate or recycle a Mac, you should absolutely erase your drive before it leaves your possession. With orders Macs that use spinning hard disk drives, you should secure erase it. But for newer Macs with solid-state drives you can't secure erase and it really isn't necessary. In most cases your old data was encrypted anyway.
▶ You can also watch this video at YouTube.
▶
▶ Watch more videos about related subjects: Security (138 videos).
▶
▶ Watch more videos about related subjects: Security (138 videos).
Video Summary
In This Tutorial
Whether you need to securely wipe a Mac's drive before selling, donating, or recycling it, covering the three types of Macs and why secure erase matters for old spinning drives but is unnecessary for modern solid-state drives.
Intro
- Conventional wisdom says to clean your data off a Mac's internal drive before donating, selling, or recycling it. Exactly what you should do depends on which of three types of Mac you have.
Three Situations
- The first situation is a much older Mac with a spinning hard disk drive, the second is an older Intel Mac with a solid-state drive made before Apple added the T2 security chip, and the third is a modern Mac with an M1 processor or an Intel chip that includes the T2 chip. In all cases you want to erase the drive and reinstall the operating system to reset it to factory settings.
Erase Your Drive
- On newer Macs running macOS Monterey you can use Erase All Content and Settings directly in System Preferences. On older Macs the process is more involved, requiring you to reboot into Recovery Mode, use Disk Utility to erase the drive, and reinstall the operating system, following Apple's support page.
Secure Erase
- A basic erase removes the directory that tracks where each file's scattered parts are stored, making files very hard to reassemble, especially as reinstalling the OS overwrites many of those parts and many files are stored in binary or encrypted formats. When erasing a spinning hard drive you also get a Secure Erase option that overwrites every part of every file, zeroing out all data, which takes a long time but is generally recommended for spinning drives.
SSD Before T2 or M1
- Solid-state drives cannot be securely erased because that option only applies to hard drives, but it is also unnecessary since SSD data is even more fragmented and nearly impossible to recover. There are far easier ways to steal data, such as handing a credit card to wait staff, than extracting data from an erased SSD.
How FileVault Protects After Erasing
- You can check whether FileVault is on under Security & Privacy in System Preferences, and it encrypts all your data, which is most useful while the Mac is in use or if it is stolen. After erasing, encrypted data is scrambled on top of being encrypted and impossible to access, so even erasing normally without FileVault is fine for most people. As an extra precaution before parting with an SSD Mac, you can turn on FileVault, let it encrypt everything, and then erase and reformat.
SSD With T2 or M1
- Macs with the M1 processor or the T2 chip encrypt the drive by default without needing FileVault, so erasing leaves only fragmented encrypted data that no one can access. You simply erase the drive and reinstall the operating system for the next owner.
Summary
For an old spinning-drive Mac, erase in Recovery Mode using Secure Erase, while for an SSD Mac before the T2 chip a normal erase is enough, especially with FileVault on. Modern Macs with the T2 chip or M1 processor have encrypted drives by default, so simply erasing the drive fully protects your data.
Video Transcript
Hi, this is Gary with MacMost.com. Let's take a look at what you should do to protect your data before you get rid of a Mac.
MacMost is brought to you thanks to a great group of more than 1000 supporters. Go to MacMost.com/patreon. There you can read more about the Patreon Campaign. Join us and get exclusive content and course discounts.
So conventional wisdom says that before you donate, sell, or recycle a Mac you should do things to clean your data off of the internal drive so somebody can't get ahold of it and steal your information. Now exactly what you do depends on your Mac. There are three different situations. The first situation is if you have a much older Mac that has a spinning hard disk drive. Not a modern solid state drive. The second situation is if you have an older Intel Mac with a solid state drive but it's before Apple starting putting the T2 security chip inside the Macs. The third situation is if you have a modern Mac either with the M1 processor or an Intel processor including the T2 chip. Now in all those situations you want to erase the Mac's hard drive and reinstall the operating system from scratch basically resetting it to factory settings.
Now the way you do this depends on the age of your Mac. With newer Macs you can go to System Preferences and then once you're in System Preferences you won't find an option for It here. You just go to System Preferences, Erase All Content and Settings. It's all right there! This is new in macOS Monterey. If you have an older Mac it's a little more complex. I'm not going to go into the details here because that's not what this video is about. But you can go to this page at Apple's site and it will walk you through how to reboot into Recovery Mode. Use Disk Utility there to erase your drive and then reinstall the operating system. The important thing to know is that when you get to the step where you erase your drive if you're using a spinning hard drive you'll have the option there to securely erase the drive. This is different than the basic erase. What a basic erase does is it gets rid of the directory of all the files and where all the parts of the files are. You see files are stored in individual little parts scattered throughout the hard drive. So this directory basically says this file has so many parts and they are scattered in different places and here's where to find them. You get rid of that and it's really difficult to put that file back together. Those parts are now just left out there and ready to be overwritten. So chances are if I erase the operating system you're going to overwrite a lot of those. So you're going to have scattered bits of files that are hard to decipher and, on top of that, there are going to be some of them that are missing. So getting data from a spinning hard drive that's been erased normally is actually really difficult. Remember that most applications don't store documents in a straight forward way. You may see a bunch of words in a word processing document but its actually stored in a binary format. There's a jumble of words and different data in there. It's really hard to tell what's going on if you ever look inside one of those files. Plus, on top of that, a lot of files are encrypted. For instance if you're using a Password Manager to store passwords that data is encrypted. Even if you could identify which parts made up your password file they're going to be encrypted and impossible to decipher especially since parts are probably going to be missing after you erase the drive. But you do have the option when erasing a spinning hard drive to securely erase the drive. What that does is in addition to deleting the directory of where these files are, it will also overwrite every piece of every file. So it zeroes everything out getting rid of all of your data. This will take a long time actually to go through the drive and write over everything. But it is generally recommended when you are erasing a spinning hard drive to do this.
Now what about the second situation. You have an older Mac that has an Intel chip in it but it doesn't have the T2 security chip. First to identify whether or not your Mac has the T2 security chip you can go here. There's a list on this page of all the Macs that include it and also how to check on your Mac to see whether or not the T2 chip is there. So let's assume you don't have the T2 chip. Here you can do the same thing to erase your Mac. But there is no way to securely erase it because that's an option only for hard drives, not for solid state drives. So how do you zero out all the data on a solid state drive. Well, the short answer is you don't. You don't really need to. Solid state drives have the information even more fragmented than a spinning hard drive. It's even harder, almost impossible, to get data off of a spinning drive. There are far easier ways to commit data crimes than actually trying to find some Mac with a solid state drive that somebody hasn't zeroed out. For instance in the United States it's common to hand your credit card to wait staff who take it out of sight to run it and bring it back to you. That's a really simple way to steal somebody's credit card data and there are plenty of other ways to get valuable data like that as well that are way easier than trying to figure out the data on a solid state drive that's been erased.
But another thing to keep in mind is perhaps you're using File Vault. You can check to see whether or not you have Fire Vault on by going to System Preferences and then going to Security & Privacy. Then with Fire Vault you can see whether or not you have it on. So File Vault encrypts all of your data. This is mostly useful while you're actually using your Macs, especially a portable Mac that you bring around to different places with you. If somebody steals your Mac the data on the drive is encrypted. They can't get into it without your user password. Now when you erase a drive all that encrypted data is now scrambled on top of being encrypted. It's impossible to get to. So there's no need to overwrite all the data because the data was encrypted in the first place. Now even if you're not using this and you erase the drive normally you really have got nothing to worry about. Maybe if you're the head of a major corporation or the head of a government then some spy agency might find it worthwhile to throw lot of resources into trying to figure out what is on an erased drive. But chances are then you probably have a security department that handles that stuff for you. You're not asking me that question.
However, if you did want to go and actually take extra precautions before selling, giving away, or recycling your Mac with a solid state drive there's something really simple you could do. Turn on Fire Vault. Before you do anything else when you're done with the Mac and you've moved onto your new one turn Fire Vault on on that old Mac, let it encrypt everything on the drive and then erase the drive and reformat.
Now what about the third situation. That's where you have a newer Mac that either has Apple's own silicon processors in it like the M1 or it has an Intel chip but with the T2 security chip. Well, in those situations your drive is actually encrypted by default. You don't have to turn Fire Vault on for the data to be encrypted. So, if you now erase the drive you basically have fragmented sections of encrypted data. There's no way for anybody to get into it. So you're set! Just erase the drive, reinstall the operating system so whoever gets it next can use it, and you're set. Nobody can get to your data in that situation.
So to summarize, in situation one with the hard disk drive you go into Recovery Mode, you erase the drive using Secure Erase. In situation 2, an SSD but before the T2 chip, if you have Fire Vault turned on there's nothing to worry about. Just erase the drive and any data on there is now useless. In situation 3 you are going to have an encrypted drive whether you use Fire Vault or not because the T2 chip and the M1 processor both work to encrypt your data on the drive so erasing the drive is all you need to do.
Hope you found this useful. Thanks for watching.
Great video; especially the part about using FileVault. I discover that a little while back and it has been invaluable. I have been suggesting that to family and friends when ever they move to a new Mac.
thanks again for all the great videos.
Thanks for the great video. I plan to give my old 2014 MBP (Retina Display). I was planning to erase the drive and reinstall Big Sur. Should I also encrypt the drive. They are SSD's.
Russ: If you like, you can encrypt the drive now (with your old data on it) before erasing for a bit of extra security. But it really isn't necessary. You don't need to encrypt the drive after you wipe it. It just needs to be running macOS so the next person can test it out properly.
Helpful video if the computer is working. Unfortunately, we have several MacBooks whose screens come on but they won't boot up, and another old one we inherited for which we don't know the password. Any thoughts on how to handle recycling old computers when you can't get into them to wipe them?
Thanks, BBW
Benton: It is unlikely that anything will happen if you just recycle them, especially if they are old and not working. You could always take them to a shop and pay someone to try some techniques to get in there to wipe the drives. But probably not worth it.
Excellent video Gary! Quick question, does it matter if it is a fusion drive (combo solid state and spinning drive?
Steve: Not sure what you can do with a Fusion drive. Never had one. If you have File Vault turned on, I guess it doesn't matter. Just erase and anything leftover will be indecipherable.