Do You Need To Secure Wipe a Mac Drive?

When you sell, donate or recycle a Mac, you should absolutely erase your drive before it leaves your possession. With older Macs that use spinning hard disk drives, you should secure erase it. But for newer Macs with solid-state drives you can't secure erase and it really isn't necessary. In most cases your old data was encrypted anyway.
You can also watch this video at YouTube.
Watch more videos about related subjects: Security (133 videos).

Video Transcript

Hi, this is Gary with MacMost.com. Let's take a look at what you should do to protect your data before you get rid of a Mac. 
MacMost is brought to you thanks to a great group of more than 1000 supporters. Go to MacMost.com/patreon. There you can read more about the Patreon Campaign. Join us and get exclusive content and course discounts. 
So conventional wisdom says that before you donate, sell, or recycle a Mac you should do things to clean your data off of the internal drive so somebody can't get ahold of it and steal your information. Now exactly what you do depends on your Mac. There are three different situations. The first situation is if you have a much older Mac that has a spinning hard disk drive. Not a modern solid state drive. The second situation is if you have an older Intel Mac with a solid state drive but it's before Apple starting putting the T2 security chip inside the Macs. The third situation is if you have a modern Mac either with the M1 processor or an Intel processor including the T2 chip. Now in all those situations you want to erase the Mac's hard drive and reinstall the operating system from scratch basically resetting it to factory settings. 
Now the way you do this depends on the age of your Mac. With newer Macs you can go to System Preferences and then once you're in System Preferences you won't find an option for It here. You just go to System Preferences, Erase All Content and Settings. It's all right there! This is new in macOS Monterey. If you have an older Mac it's a little more complex. I'm not going to go into the details here because that's not what this video is about. But you can go to this page at Apple's site and it will walk you through how to reboot into Recovery Mode. Use Disk Utility there to erase your drive and then reinstall the operating system. The important thing to know is that when you get to the step where you erase your drive if you're using a spinning hard drive you'll have the option there to securely erase the drive. This is different than the basic erase. What a basic erase does is it gets rid of the directory of all the files and where all the parts of the files are. You see files are stored in individual little parts scattered throughout the hard drive. So this directory basically says this file has so many parts and they are scattered in different places and here's where to find them. You get rid of that and it's really difficult to put that file back together. Those parts are now just left out there and ready to be overwritten. So chances are if I erase the operating system you're going to overwrite a lot of those. So you're going to have scattered bits of files that are hard to decipher and, on top of that, there are going to be some of them that are missing. So getting data from a spinning hard drive that's been erased normally is actually really difficult. Remember that most applications don't store documents in a straight forward way. You may see a bunch of words in a word processing document but its actually stored in a binary format. There's a jumble of words and different data in there. It's really hard to tell what's going on if you ever look inside one of those files. Plus, on top of that, a lot of files are encrypted. For instance if you're using a Password Manager to store passwords that data is encrypted. Even if you could identify which parts made up your password file they're going to be encrypted and impossible to decipher especially since parts are probably going to be missing after you erase the drive. But you do have the option when erasing a spinning hard drive to securely erase the drive. What that does is in addition to deleting the directory of where these files are, it will also overwrite every piece of every file. So it zeroes everything out getting rid of all of your data. This will take a long time actually to go through the drive and write over everything. But it is generally recommended when you are erasing a spinning hard drive to do this. 
Now what about the second situation. You have an older Mac that has an Intel chip in it but it doesn't have the T2 security chip. First to identify whether or not your Mac has the T2 security chip you can go here. There's a list on this page of all the Macs that include it and also how to check on your Mac to see whether or not the T2 chip is there. So let's assume you don't have the T2 chip. Here you can do the same thing to erase your Mac. But there is no way to securely erase it because that's an option only for hard drives, not for solid state drives. So how do you zero out all the data on a solid state drive. Well, the short answer is you don't. You don't really need to. Solid state drives have the information even more fragmented than a spinning hard drive. It's even harder, almost impossible, to get data off of a spinning drive. There are far easier ways to commit data crimes than actually trying to find some Mac with a solid state drive that somebody hasn't zeroed out. For instance in the United States it's common to hand your credit card to wait staff who take it out of sight to run it and bring it back to you. That's a really simple way to steal somebody's credit card data and there are plenty of other ways to get valuable data like that as well that are way easier than trying to figure out the data on a solid state drive that's been erased.
But another thing to keep in mind is perhaps you're using File Vault. You can check to see whether or not you have Fire Vault on by going to System Preferences and then going to Security & Privacy. Then with Fire Vault you can see whether or not you have it on. So File Vault encrypts all of your data. This is mostly useful while you're actually using your Macs, especially a portable Mac that you bring around to different places with you. If somebody steals your Mac the data on the drive is encrypted. They can't get into it without your user password. Now when you erase a drive all that  encrypted data is now scrambled on top of being encrypted. It's impossible to get to. So there's no need to overwrite all the data because the data was encrypted in the first place. Now even if you're not using this and you erase the drive normally you really have got nothing to worry about. Maybe if you're the head of a major corporation or the head of a government then some spy agency might find it worthwhile to throw  lot of resources into trying to figure out what is on an erased drive. But chances are then you probably have a security department that handles that stuff for you. You're not asking me that question. 
However, if you did want to go and actually take extra precautions before selling, giving away, or recycling your Mac with a solid state drive there's something really simple you could do. Turn on Fire Vault. Before you do anything else when you're done with the Mac and you've moved onto your new one turn Fire Vault on on that old Mac, let it encrypt everything on the drive and then erase the drive and reformat. 
Now what about the third situation. That's where you have a newer Mac that either has Apple's own silicon processors in it like the M1 or it has an Intel chip but with the T2 security chip. Well, in those situations your drive is actually encrypted by default. You don't have to turn Fire Vault on for the data to be encrypted. So, if you now erase the drive you basically have fragmented sections of encrypted data. There's no way for anybody to get into it. So you're set! Just erase the drive, reinstall the operating system so whoever gets it next can use it, and you're set. Nobody can get to your data in that situation. 
So to summarize, in situation one with the hard disk drive you go into Recovery Mode, you erase the drive using Secure Erase. In situation 2, an SSD but before the T2 chip, if you have Fire Vault turned on there's nothing to worry about. Just erase the drive and any data on there is now useless. In situation 3 you are going to have an encrypted drive whether you use Fire Vault or not because the T2 chip and the M1 processor both work to encrypt your data on the drive so erasing the drive is all you need to do. 
Hope you found this useful. Thanks for watching.

Comments: 7 Comments

    Russell Tolman
    3 years ago

    Great video; especially the part about using FileVault. I discover that a little while back and it has been invaluable. I have been suggesting that to family and friends when ever they move to a new Mac.

    thanks again for all the great videos.

    Russ Winkler
    3 years ago

    Thanks for the great video. I plan to give my old 2014 MBP (Retina Display). I was planning to erase the drive and reinstall Big Sur. Should I also encrypt the drive. They are SSD's.

    3 years ago

    Russ: If you like, you can encrypt the drive now (with your old data on it) before erasing for a bit of extra security. But it really isn't necessary. You don't need to encrypt the drive after you wipe it. It just needs to be running macOS so the next person can test it out properly.

    Benton Wood
    3 years ago

    Helpful video if the computer is working. Unfortunately, we have several MacBooks whose screens come on but they won't boot up, and another old one we inherited for which we don't know the password. Any thoughts on how to handle recycling old computers when you can't get into them to wipe them?

    Thanks, BBW

    3 years ago

    Benton: It is unlikely that anything will happen if you just recycle them, especially if they are old and not working. You could always take them to a shop and pay someone to try some techniques to get in there to wipe the drives. But probably not worth it.

    Steve J
    3 years ago

    Excellent video Gary! Quick question, does it matter if it is a fusion drive (combo solid state and spinning drive?

    3 years ago

    Steve: Not sure what you can do with a Fusion drive. Never had one. If you have File Vault turned on, I guess it doesn't matter. Just erase and anything leftover will be indecipherable.

Comments are closed for this post.