Mac security tips: best Mac security settings 2019
Keeping your information private and secure is an important aspect of browsing the Web and using your system in general. Unfortunately, many users simply do not bother to deepen their knowledge of online security, which makes them an easy target. This article provides you with useful tips that you can follow in order to make sure that your Mac stays protected at all times.
Security and Privacy Settings
One of the most basic tasks you can complete is checking your security and privacy settings. If you go to System Preferences -> Security & Privacy, you will find the following four tabs: General, FileVault, Firewall, and Privacy. Here you will be able to change your settings, however, you will need to have an administrator account in order to do so. You will also need your user name and password. Please note that changes made by an administrator will be applied to the whole computer.
GeneralThe first tab in the security preferences is called General. On this tab, you will see the option to set or change your password. Once the password is set, you will be able to change further settings like whether or not the password is necessary to unlock your computer after sleep or screen saver. For security reasons, you should enable this setting. Another safety tip is to Disable automatic login, which prevents other people from turning on your Mac without entering a password. Needless to say, your password should be difficult to guess and it should not be written down anywhere near your device.
The next box you will see in this tab is Allow your Apple Watch to unlock your Mac. If you select this option, your device will be unlocked whenever you are near it wearing your Apple Watch.
The last section in the General tab has to do with app downloads. The safest option is to only allow apps downloaded from App Store. The other, less restricting, but still safe option is to allow apps from App Store and identified developers. On older Macs, there is also an option to allow apps from anywhere. Of course, this is the least safe option, and we urge you not to choose it.
The second tab in your preferences is FileVault. This service allows you to encrypt your files thus preventing other users from accessing them. When you turn on FileVault, you are required to create a password and you also receive a recovery key. In order to decrypt your files, you will need to enter one of them.
There are some drawbacks to using FileVault like the fact that it takes quite a long time to encrypt your files, not to mention that entering your password every time you want to open your files can be rather tiresome. Still, if you have data that you need to keep as secure as possible, FileVault may be the most suitable option for you.
Probably the most important tab in your settings is Firewall. We cannot stress enough how important it is to have your Firewall turned on. Keep in mind that it is not always enabled automatically, so you may have to do it yourself. Here is how:
- Go to the Firewall tab in the System Preferences -> Security & Privacy
- Click the padlock icon to unlock system settings
- Type in your password when asked
- Click the Turn On Firewall button
As important as it is to have your Firewall enabled, it must be noted that it cannot protect your from all online threats. Firewall focuses on limiting incoming connections, but it does not control outbound connections. Blocking outbound connections is possible with third-party apps, however, MacOS itself does not provide this option.
Check your privacy settings
The final tab, Privacy, presents you with a number of settings including Location Services, Contacts, Calendars, Reminders, Photos, Twitter (Facebook, LinkedIn), Accessibility, and Analytics.
- Location Services can be used to control which apps and services have access to your location. You can turn off location services completely or choose which apps you do not wish to grant with your location information.
- Contacts, Calendar, and Reminders settings allow you to choose which apps can access the data stored in these core OS X apps.
- In the Photos section, you will see which apps have access to your photos.
- The Twitter, Facebook and LinkedIn sections will give you details about which apps have access to your social networking sites.
- The Accessibility section allows you to control which apps can change settings on your Mac or manage it in some other way.
- The last section, Analytics, is concerned with gathering data about the use of your apps. This data can help app developers to improve their software. You can, however, choose not to share your information, if you wish.
There are some additional privacy settings offered by your browser, which you should be aware of. Safari Preferences has a Privacy section, which allows you to stop websites from tracking you and to choose which pages can store cookies on your computer.
Other helpful settings include New Private Window and Clear History. These settings allow you to visit sites without them being added to History and to delete cookies and other cached data added to History. You can access these settings from File or by pressing Shift+command+N.
Similarly to other browsers, Safari also presents you with Auto Fill option. If you are worried about your logins and passwords being stored online, you can un-check these boxes in Auto Fill and Passwords sections.
Check what you’re sharing
As you already know, you can share files stored on your computer with other Macs. Sharing also comes with its own security flaws, so if you are not using it, it is best to keep sharing turned off. Here is how you can do that:
- Open System Preferences
- Click the Sharing icon
- Remove ticks from services that you are not using
An additional security layer that you can apply is the firmware password, which is required when somebody attempts to turn on your computer using a USB or the Recovery Console. The following instructions can help you set it up:
- Restart your computer
- Before the Apple logo appears, press and hold Command+R
- Let go when the boot-time progress bar appears
- Choose your language and location
- Click Utilities -> Firmware Password
- Follow the instructions
Please keep in mind that knowing your firmware password is extremely important. If you forget it, only Apple will be able to unlock your system.
Enabling a guest user account may seem like going against logic, because it allows anyone to use your computer, however, it can also be used as a part of Find My Mac service in case your device gets stolen or lost.
You can check if you have a Guest User enabled by accessing System Preferences -> Users & Groups. You can also find out if you have Find My Mac enabled in iCloud by opening System Preferences and clicking on the iCloud icon. Here, you should check whether the Find My Mac box is ticked.
Two-step authentication (or two-factor authentication) requires an additional code together with your username and password. This code is usually sent to you via a text message or generated by a specific application. Using this verification method is a very good idea as it provides you with a serious protection layer, so we strongly recommend it. Here is how you can set it up:
- Go to System Preferences -> iCloud -> Account Details
- Log in with your Apple ID
- Select Security
- Turn on Two-Factor Authentication
- Enter your phone number
- Click Get A Verification Code
- You will now receive a code from Apple
- Enter the code into the verification screen
Once you have your two-step authentication set up, you will be notified on your trusted devices each time that you sign in on a new device. The notification will provide you with your location and a six-digit code that you will need to enter in order to prove your identity. You should also enable two-step verification on other sites and services like Gmail, Dropbox, and others.
Using two-step authentication is just as easy as setting it up. Some websites and services will send you a code in a text message that you will have to use when logging in. Others may use an authentication app. To use the app, you will need to open it on your device, select adding a code, and point your camera at the bar-code presented on the site. If there is no camera on your device, you can enter the authentication code manually. After you set it up, you will need to use the app each time that you log in.
Virtual private network (or simply VPN) service encrypts all data, which makes it impossible for other computers on the same network to spy on you. This service is especially useful when you browse the Web using public WiFi. VPN does not restrict your browsing, in fact, it even allows you to overcome online censorship in some cases.
MacOS comes with a built-in VPN utility that you can access through System Preferences -> Network. Once there, click on the plus button under the list of connections and choose VPN from the drop-down list. Then choose the service type (usually L2TP) and click Create. Fill in the login and server details provided by the service.
Another abbreviation worth knowing is HTTPS or Hypertext Transfer Protocol Secure. Websites that use secure transfer protocol start with https://, so it is rather easy to check whether the page you are visiting is trustworthy or not by simply looking at the address bar.
Another thing you can do to make sure that the site is safe is check its certificate. Click on the padlock icon in the address bar and select Certificate. If the certificate is legitimate, you will see information about which company issued it and for how long it is valid.
The newest version of Safari also provides you with clear warnings of unreliable sites as does Google Chrome. We suggest that you take these warnings to heart and follow the advice to stay away from unsafe domains.
Although MacOS does not suffer as many attacks as do other systems, it does not mean that there are no malicious programs targeting Macs either. The in-built anti-malware utility, Xprotect does a good job of keeping your computer safe, however, having an additional security tool never hurt anyone. Implementing a reliable anti-malware tool will allow you to browse the Web even more safely as it will protect you from various online threats in real-time and keep your device clean from a variety of intruders like adware, ransomware, Trojans, crypto-miners, and more.