Tips and tricks for securing your Mac

SecurityIconXSecuring your Mac and the online services you use revolves around layering your security options, so not only do you have your computing content secured by a proper password, but it is also properly packaged for security. In addition, how you configure your Mac can greatly affect how secure it is.

There are several easy approaches you can follow to ensure your Mac is as secure as possible, especially as malware and online security threats from an increasing cybercrime community are developed, and snafus such as the recent Heartbleed OpenSSL bug occur that could potentially compromise your data.

Securing Passwords

First and foremost, neither your system nor online services can be secured without proper passwords that themselves are also secured. Often I see people place passwords in a large text document on their desktops, which may make them easily accessible, but also somewhat defeats their purpose. If you need to manage your passwords, then use a reputable password manager:

  • Apple’s Keychain
    Safari password generation

    Safari will suggest robust passwords to use. If possible, I recommend you use them.

    This option is built into OS X and is the default way that you can manage passwords. When you enter your password into a password field, the system may request you store it in your keychain. This is an encrypted document that is unlocked when you log into your system with your current password. If you change your password by means other than the Users & Groups system preferences, then this file cannot be unlocked and people entering your account or who might otherwise have access to the file will not be able to open it.

  • Third-party solutions

    There are a number of third-party password managers that will serve instead of Apple’s keychain. One popular one is 1Password, but in addition there is LastPass, OneSafe, PassLocker, and Keeper (not to be confused with MacKeeper).

  • Password Documents

    If you still wish to use a text or Word document to store your passwords in a list, you can make this somewhat more secure by storing the file in an encrypted disk image. This approach will encrypt the passwords like password manager tool does, and unlock them with a master password. With this approach you can also store the image in online disks and potentially insecure locations. The down-side to this is passwords will not be dynamically accessible by programs.

Apple password assistant

Apple’s password assistant is a good way to check your password strength, or generate one from a number of different schemes.

Regardless of your approach for managing passwords, consider using a password generator for your passwords, and regularly update or change your passwords with it. While it might seem convenient to use a simple password, or follow a basic scheme for your passwords (ie, the name of the service, followed by a small number sequence), these will be far easier to crack than the complex codes made by password generators.

Apple’s built-in password generator can be launched by clicking the key next to most “new password” fields, one of which can be found when creating a new user account, and another if you create a new keychain entry in the Keychain Access utility. For online data, Apple’s keychain will suggest robust passwords to use, and then automatically save them. I recommend you make use of this feature, as it will ensure your passwords are complex, centrally managed, and can be updated and changed quickly.

Securing sensitive data

For any data you have stored on your Mac, consider securing it with file-level encryption. While Apple offers its FileVault full-disk encryption routines, this is only for protection against physical theft of the drive. When the drive is connected and unlocked, any program you run can access its contents.

Some options for encrypting your data include using GPGTools or other GPG or PGP options to encrypt files and e-mail. These are third-party options, often open-source, but can be quite effective.

If you want to use a more native option for securing files, then you try creating an encrypted disk image to store specific files. These can be useful not only on the local drive, but also if you plan on storing your files online, or on external drives that may be accessed by others. There are a variety of options you can choose from for creating encrypted images—my recommendation is to create a dynamically resizing image that will only be the size of the contents it contains.

Securely using your Mac

The biggest security measure you can take is in how you configure and use your Mac. This breaks down to three general steps:

  1. Only install it if you need it
    System Information showing installed applications

    You can use the System Information utility to list your applications, and get details on their locations, so you can either look into updating them or removing them from your system.

    If you are considering installing a program on your system, only do so if you think you will use it. Do not install any program you come across, even to try it out. If you find yourself wanting to do this, then consider installing OS X a virtual machine or creating an external clone of your system in which you can tinker around with new software. This is especially true for software from relatively new, or otherwise unknown developers.

    This idea also pertains to Apple’s built-in features, such as its sharing services. If you do not use file sharing, for instance, then keep this service disabled to prevent any unwanted access through it.

  2. Uninstall it if you do not need itIf you have a program installed that you have not used in a while, or which you do not think you will use, then consider uninstalling it. This is especially true if it uses the internet, contains an application runtime (e.g., Java, or Flash), or runs in the background. Even though most software you do not use will just reside on your system with no harm done, with fewer software installed on your system, the less likely you will be vulnerable to attack. To uninstall programs, be sure to use an uninstaller created by the developer, and do not simply drag the application file to the trash.
  3. Update it if you install itIf you need specific software on your system, then ensure it is fully updated. This is true not only for third-party software, but also that which Apple packages with your Mac, including OS X itself. Be sure to regularly run Software Update (or schedule it to run automatically), and then install any updates that appear as soon as possible, especially if they are security updates. While at times it may be prudent to wait a few days to ensure no bugs squeezed past Apple’s testing of a new update, be sure to patch your system ASAP.Keep in mind that not only will main software need updating, but also add-ons for this software. For instance, plug-ins and extensions for Safari and Mail can easily be overlooked, and an outdated version of one can potentially be a security risk.

Beyond software updates, consider switching your main user account to a non-administrative one, since when running as admin, programs can sometimes get around security measures. Changing your account to a non-administrative one only takes a few steps:

Admin status box in OS X

Uncheck this box to make an account a standard one.

  1. Create a new admin account in the Users & Groups system preferences.
  2. Log out of your account and into the new admin account.
  3. Go to the Users & Groups preferences, select your main account, and uncheck the box that allows the user to administer the computer.

For the most part, running in a non-admin account will only require you to authenticate with admin credentials when installing programs and performing other administrative tasks. At most, you might need to switch to the admin account to get some specific configurations accomplished, but this is relatively easy to do in OS X.

Finally, do not alter the permissions of any default folder on your Mac, unless you have specific instruction that outlines what the modifications are (so you can revert them, if needed), and what the modifications will do to the accessibility of the folder. The default folder permissions on your Mac ensure you have full access to your account, while preventing anyone else (be it another user on the system, or on the network) from accessing your files.

If you modify the permissions and make a mistake, you can suddenly make all of your files accessible to everyone who has access to your computer, or even destabilize your system and prevent it from booting or running properly.

Computing “Street Smarts”

Beyond these details for configuring your computer, basic computing “street smarts” will be the best way to secure your system. Overall, these amount to “if it looks too good to be true, then it probably is,” especially if it pertains to an update or security measure for your system.

Avoid any offer, deal, or claim by a third party that your system needs a piece of software you otherwise had no intention of installing. If you encounter a warning that a specific piece of software is out of date, then close down the warning and do not click any included links to a software update it provides. Instead, go directly to the software developer’s Web site and install the update from there, or use an official route such as the App Store, Apple’s Software Update service, or the application’s built-in updater (if available) to install any available updates.

While you might consider using a malware detection tool, keep in mind that these tools are just available to help you detect malware, and do not magically secure your system. While they can be useful, some are less effective than others, and some can be intrusive and cause a significant level of frustration by destabilizing or slowing your Mac. Having an anti-malware tool installed does not mean you are armored against all threats, so even with it installed, still exercise the same precautions as you would without it installed.