The theory that Mac users are safe online has been going around forever.
Unfortunately, if you're a Mac user, we're sorry to tell you that this isn't the case!
While Macs are more secure in some aspects, no system is ever safe when connected to the internet.
Luckily for you, we've created this huge Mac security guide to keep you safe and secure.
Even if you don't have time to read the whole article, we urge you to read and implement the top 10 Mac security tips, that you can find in the next heading.
Top 10 Mac Security Tips
Here are the top 10 things you should implement if you are short on time. Without implementing these, your Mac could really be at risk.
1. Use a Firewall
Turning on the firewall blocks unwanted incoming network connections. Many people think that Apple enables it as a default setting, but this is not always the case.
To turn on your Mac Firewall do the following:
- Go to System Preferences > Security & Privacy
- Click the Firewall Tab
- Click the padlock icon
- Enter your username and password to configure the tab
Another useful option is to enable Stealth Mode by clicking the Firewall Options button and then clicking Enable Stealth Mode in the dialog box. This makes your computer invisible on public networks.
2. Enable Automatic Updates
To protect your computer, it is essential that you enable automatic updates. Apple's developers are continually working to update macOS. This includs reacting to any emerging attacks to which your machine might be vulnerable.
Enabling automatic updates is super simple - just open System Preferences and click on App Store, where you can customize the update settings.
3. Use Strong Passwords
Using strong passwords for your user accounts is essential.
To do this, go back to the General section of the Security & Privacy settings.
You should also use a password manager to help create strong and unique passwords. We recommend 1Password, but discuss this in more later in this guide.
4. Disable Automatic Login
Disable this function for enhanced security, especially if you use a portable Mac. If someone steals your Mac, disabling automatic login will help to shield your private data from the thief.
If you would like to check your password strength or make your password harder to hack (but easy to remember), check out our article: https://www.bestvpn.com/password-strength-checker/
5. Disable Running Unsafe Applications
In the General Settings tab, you can modify and authorize which apps can run on your Mac. The safest option is to allow apps only from the App Store to run.
However, if you want greater freedom, you can choose to run apps from developers known to Apple, as well as from the App Store.
6. Enable FileVault
Enabling the FileVault is essential. With it on, you can encrypt all the files in your user account. To decrypt them, you must enter either your account password or the recovery key you created when you turned FileVault on.
7. Disable Java
One of the best features is the option to disable Java. Java is full of security holes. If you don’t run Java regularly, turn it off. If it can’t run, it can’t allow codes to create security gaps in your Mac.
You can turn Java off in your browser's security preferences. In Safari go to Preferences > Security, and uncheck the ‘Enable Java’ tab.
8. Require a Password on Wake/Screen Saver
If you have a MacBook, consider opening the Security & Privacy pane from System Preferences and setting the Require Password field to "immediately". With it on, you’ll need to re-enter your login credentials to log in into your account after your Mac has gone to sleep or the screen saver has activated.
9. Enable Two-Factor Authentication
Two-step or two-factor authentication is a system whereby your login to services or websites requires more than just your username and password. It also needs a numeric code. This two-step code is usually sent to you via a text message or phone call. Hacking it presents an additional challenge to hackers.
Services like Google’s Gmail have this feature, but you must enable it to use it. You can turn it on for Microsoft services and sites, as well as Dropbox. Two-step authentication can mean a slight inconvenience in the user experience, but the security that you gain far outweighs the minor hassle.
10. Install and configure an Anti-malware application
More and more malware is targeting Macs (although still at nowhere near the level that Windows users face). OS X features a powerful, always-running yet invisible anti-malware tool called Xprotect. Even so, you should occasionally fire up an app like Malwarebytes to scan your files. If you’re interested in full malware protection, check out our article on malware removal and protection.
Mac Network Security
One of the biggest dangers of using a Mac, or any computer for that matter, is being online.
So it's unsurprising, that we're kicking things off with network security.
In order to configure your network options, click the Apple menu at the top left of the screen. Open System Preferences and select Network.
Control Network Connections
If you have the expertise, you can set up network and connection rules on your own. Unfortunately, for most of us, this isn't the case. The apps we've listed below will help you keep track and secure your connections.
Hands Off! secretly monitors all activities of any applications running in the background. As soon as an app tries to run without a rule previously defined, Hands Off! warns you with a notification. This message contains all relevant information about the operation and asks you to make a decision. Until you respond to the notification, Hands Off! blocks the operation and protects you.
Little Snitch is a firewall for incoming connections. It reveals any outgoing network connection attempts, ensuring your private data doesn’t leave your computer. It offers the same level of control for incoming connections.
Murus is a firewall management tool. You don’t have the be an expert in security to use all the functions of this streamlined and user-friendly app. One great advantage of Murus is its built-in graphical ruleset editing tool, which you can use to create customized rulesets for every occasion.
Radio Silence is a super tiny network monitor app. It helps you to protect your privacy and prevent apps from sending out your sensitive data in the background. Using this app has no side effects in your Mac’s performance and it doesn’t send you pop-up notifications all the time.
Firewall on Mac
Controling network connections is one thing. You also need to make sure that nothing creeps in. Therefore, using a firewall is a must.
All versions of Macintosh through 10.4, called Tiger, had a Unix-based firewall system to protect the user from malicious attacks. Apple named it ipfw. It managed incoming and outgoing connections, letting the user to pass or block them. These firewall systems arranged traffic by type, origin and destination.
In the next version of Mac OS (Leopard), Apple updated the ipfw with a new add-on called Application Firewall, to manage apps’ network requests. When a program asks for network traffic, the socket filter checks the right to do it. If the program isn’t on the list, OS X asks you to allow it to proceed.
While enabling the default firewall, we'd also recommend using one of the third party firewalls mentioned above. These are useful, as it's their dedicated business, so they are more likely to stop unwanted traffic.
It's one thing to make sure nothing bad goes in and out of your network. It's another keep your connections private.
A VPN (Virtual Private Network), encrypts your data. Thereby hiding it from unwanted eyes. There are a lot more advantages to using a VPN as well, such as unlimited global streaming. If you'd like to find out more read our in-depth comparison of the best VPNs for Mac.
Now that you've got your network under control, it's time to take your files into your hands. However, be careful when it comes to data protection. If you do things incorrectly, you could end up locking yourself out of your files. Therefore, before you start, make sure you back up your data. (Though you should regularly backup your data regularly.)
Use FileVault to encrypt your data.
What is FileVault?
FileVault is a disk encryption program within Apple’s operating system, macOS. FileVault uses 128bit AES encryption with a 256-bit key to lock down the disk and all files on it.
Why Should You Use FileVault?
Encrypting your personal data is strongly recommended for portable devices in order to secure your data and files. It can be useful in many instances, particularly when someone tries to gain unauthorized access. Additionally, if you misplace or lose your Mac, your data will be safe.
Is FileVault Safe?
If you lose your password and recovery key, your data will be inaccessible forever - you won’t be able to recover any of your files. FileVault encryption is so powerful that it would take 100,000 years to break, so it’s impossible to hack it.
Apple helps you to store the recovery key in its backup. This decreases the risk of losing it. However, if you’re forgetful or tend to lose things, FileVault may not be for you.
How to Turn on FileVault
From the Apple menu, open System Preferences and go to Security & Privacy.
Choose the FileVault tab and click the little lock icon in the lower left corner, then enter the administrator password.
Next, click the “Turn On FileVault” button to start the setup process.
If your Mac has multiple users, you’ll need to enable FileVault access for each of them.
Find a safe space for your 24-character alphanumeric password and click Continue.
You can ask Apple to store your recovery key. If you choose to do so, you’ll have to answer three security questions. This will help you to connect with Apple and authorize yourself.
After you finish answering the security questions, hit the Restart button.
Encrypting your data can be a very slow process. Every 50GB take between 5-15 minutes to encrypt, depending on your Mac’s performance. The best way is to let it run at night. You can check the progress if you navigate back to the FileVault tab in Security & Privacy.
To turn FileVault off, reverse the order of the steps above. Decrypting will take just as much time as the encryption did. The whole thing depends on your drive size, drive speed, and Mac’s performance. During encryption/decryption, your computer may feel sluggish, but don’t worry.
Fix the Security Hole
If you’re unconvinced about FileVault’s security and still worry about being hacked, we can help.
When your Mac enters Sleep Mode, it has a potential security hole. This is because the passwords required to decrypt FileVault are stored in its memory. Essentially, someone could wake it up and retrieve the key without the login password.
If you are paranoid about security, you can do the following.
CAUTION: In everyday use, you’ll need to type your login password twice and your Mac will be a little slower when waking from sleep mode.
Open Terminal (you can find it in Utilities folder or use Spotlight to search for it)
Type in: sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25
Hit Enter and reboot your Mac
This command makes your Mac enter standby mode instead of sleep mode. In standby mode, the contents of the memory are saved to disk and the computer enters a deep sleep mode. The command also tells your computer not to hold the FileVault key in the memory in standby mode.
To turn off the feature, open Terminal again and type: sudo pmset -a destroyfvkeyonstandby 0 hibernatemode 3
Then hit Enter and reboot.
With FileVault your data will be secure. However, you also need to have it backed up. It's no use knowing your data is secure if your laptop is stole, if you won't ever get that data back.
What is Time Machine?
Time Machine is a backup software developed by Apple and distributed as part of macOS. While there are plenty of other backup options out there, TimeMachine is perfect for Mac owners.
How Does Time Machine Work?
Time Machine makes hourly backups for the last 24 hours, daily backups for the last month and weekly backups for each preceding month. Backing up creates local snapshots of your Mac. A daily snapshot is saved every 24 hours. It starts after you turn on or restart your computer.
It feels like a lot of backing up, but Time Machine only backs up changes you have made to files. It stores multiple versions of each file. For example, if you edited a document 50 times, you would be able to restore the 15th version.
That’s why Apple calls it Time Machine: because you can go back in time to see files’ history.
How to Use Time Machine
Connect a storage drive to your Mac.
You should see an alert asking if you want to use the drive with Time Machine. Click Use as Backup Disk.
If you don't see the alert, open System Preferences > Time Machine.
Choose Backup Disk, select the storage device you wish to back up to, and click Use Disk.
You can choose to encrypt your backups. In this case, you’ll need a password to access them.
Mac Sharing Settings
Your Mac can share data in many ways, not just with other Macs. This can be useful in some cases, such as remote working. However, if you open a port on your Mac, you need to take care of its security to avoid potential attacks.
To configure your sharing settings, open System Preferences and click the Sharing icon.
In corporate environments, tech support may turn this option on so that they can see your screen and perhaps perform remote repairs or updates. Windows and Linux computers can also use this option to access your Mac's screen. Unless you need this support option, make sure it’s turned off.
File lets other computers on the network reach your computer's file system. Technically, the file sharing system is also used by the Back To My Mac service, which allows you to access your Mac's files from another Mac via the internet. If you don’t use any of these services, switch File off.
This shares any printer connected to your Mac with other computers on the network, including Windows and Linux machines. If you aren’t using your printer, turn the setting off.
Remote Login is about setting up connections to your Mac via SSH/SFTP. Techies use this setting to work remotely. Turn it off if you don’t use it.
You can share your Mac’s internet with another Mac. The history of this setting goes back 20 years to when people used dial-up internet. It’s increasingly worthless, so turn it off.
Turning this on makes your Mac able to send and receive files to and from another Bluetooth-enabled device, such as a mobile phone. Apple iPhones and iPads can't share files this way (although they also have Bluetooth). Thus you’re only likely to use it if you've got a phone that runs Android. If you haven’t missed this feature, presumably you don’t need it.
If you're not the only one using your computer, you need to make sure that others that have access to your computer aren't able to bring harm to it.
If you're the only one using your computer, feel free to skip this section.
What Does Multi-user Mean?
User management helps you share your computer with others without letting them edit your sensitive data. It’s one of the great benefits of being a Mac user.
Parents can also use User Management to control their kids’ accounts, by creating rules and restrictions.
How to Manage Multiple Users
To manage multiple users, open System Preferences and click Users & Groups. On the left, you can see the computer’s users. If you click the Lock sign on the bottom left of the window, you can set up new users.
Under Login Options, you can set up Fast User Switching. That means that you can change to another user’s profile with just a few mouse clicks. To do so, click on Show Fast User Switching Menu. Switching takes less than two seconds, depending on how many apps are open in each account.
User Management is about more than setting up accounts and helping them to switch places on your Mac. There are many reasons to set up multiple user accounts. For example:
If you’re having problems with a frequently used application, you may need to test it in a clean environment. Imagine, for example, that you’ve been using your browser happily for years, then installed a new add-on and the whole thing cracked. You aren’t sure whether it was the add-on or whether you accidentally downloaded malware to your computer. To test it, you can create a “test user” account and analyse the problem there. If it works fine there, you know that the problem must be in your regular user account.
2. Be a non-admin user
Being a full-access user is not always the safest way of using your computer. Just check the NSA’s snoop proof guide about security restrictions on Macs. On the other hand, requesting admin access to install apps can be a pain if you’re a non-admin user. As such, you could create an “admin only” account with full admin rights, and leave it logged in. You can use your regular account for your usual work, then fast-switch to the admin only account if you need to do any admin work.
3. Account for Presentations
If you use your Mac to give presentations regularly, you may want to avoid those apps that push you notifications and disturb your performance. Creating an account for presentations can avoid this. It also means that you can keep your messy desktop hidden from your audience!
Creating a clean account for gaming can provide you with enhanced performance and thus make the gaming experience more enjoyable.
5. Separate Your Work and Private Life
Sometimes we have to bring work home, but that doesn’t mean you have to mix your work and private life on your Mac. With separate user profiles, you can ensure that the performance of each profile is maintained. If you need to reach an exact file, you can do so by fast switching.
Mac Viruses - An Urban Legend?
Can my Mac get viruses? Do I need antivirus protection? These aren’t easy questions to answer. Macs are armed with Xprotect inside the OS and there are still fewer viruses for Mac than for Windows. However, the numbers are increasing as a result of Macs’ growing popularity.
A recent report suggested that Mac malware grew by 270% in 2017. Macworld compiled a list of malware and security flaws, where you can see a wide variety of Mac viruses. Despite this, Mac is a Unix-based OS, so it’s still one of the most secure operating systems. In addition, Apple constantly tries to make its products more secure.
Best AntiVirus Software for Mac
Kaspersky Internet Security is our favorite antivirus software for Mac. As well as finding viruses, it allows you to browse the web freely, without worrying that anything malicious will attack your computer. Scanning can be a little slow, but results in a detailed report. There’s also a fantastic Safe Money feature for protecting online payments.
Setting and remembering strong passwords isn’t easy. For complicated, ultra-long passwords, password management tools like Apple Keychain are a great memory aid.
What is Keychain?
Keychain is a cloud-based password manager tool from Apple. It is built into iOS and macOS. KeyChain helps users to create, organize and reach their passwords.
How to Use Keychain
To store your passwords, turn on KeyChain by opening Settings on your iPhone or iPad. Open iCloud and scroll down to tap Keychain to activate it by switching the toggle.
If you haven’t done so before, you’ll need to set up an iCloud Keychain password. If you’ve set one up before, you’ll have to verify yourself with another device. This function helps you to reach all of your secured data, whichever device you use.
Randomly Generated Passwords
If you run out of password ideas or you just want to ensure that your password is as secure as possible, Keychain has a fantastic feature for you - the password generator. To use it:
1. Open Keychain Access from the Applications screen and choose your category.
2. Click on the plus (+) button at the bottom of the screen. In the popup window, there are plenty of options, such as testing your password. Click on the key sign on the right to open Password Assistant.
3. Use Password Assistant to generate memorable, letters and numbers, numbers only, random, or FIPS-181 compliant passwords of different lengths. The quality bar will show you the security level of your password.
The Best Password Managers for Mac
If you aren’t satisfied with your Mac’s Keychain or you’re interested in something more, check out our guide to password checkers and tools. In short, these are the best alternative options:
Tracking Your Mac
If you've ever lost your Mac or iPhone, you'll know it's a horrendous feeling. It's even worse if it gets stolen. Luckily there are tools out there to help you find/retrieve it.
Find My Mac
What Is Find My Mac?
Find My Mac is an Apple service that lets an owner locate their lost product and, if necessary, erase it remotely.
How to Turn on Find My Mac
Go to System Preferences.
Clic the iCloud pane.
Scroll down to see if the Find My Mac checkbox is ticked.
If Find My Mac isn't already turned on, click in the box and, when prompted, click on Allow to turn it on.
How to Find Your Mac
If you’ve lost your Mac, go to iCloud.com. You will see a map showing all your nearby devices. You can view information about your devices by clicking on All Devices. The information includes details of whether the device is online or offline, and when it was last used.
You can click on a device to access various options: Play Sound, Lost or Erase.
Playing a sound is a useful option if your Mac is nearby but you just can't find it.
Undercover is a piece of software made to remotely track and monitor a missing Mac. It can even help to recover the stolen machine. You load it in the background of your computer to track your location constantly. Note that uninstalling Undercover is nearly impossible: only the Administrator can remove it from the Mac.
Mac Security: The Bottom Line
Mac security has changed a lot in recent years. Mac users now need to pay greater attention to the security of their devices, in the face of increased threats. If you want your Mac to be as secure as possible these days, it’s important to invest in making and keeping it secure.