Time for a Mac Security Checkup!

3 minute read
| Quick Tip

The new year is gonna be here before we know it, and what a nutty one 2016 has been! Well, to celebrate the end of the craziness, let’s take a few minutes and think through our security on our Macs. I’m such a party animal, aren’t I? Hey, I can’t think of any worse ways to start 2017 than with compromised data, so let’s go over the security stuff I recommend first and then party afterward. I’ll bring the booze, friends.

Analyze your password policy

If you’ve never done this before, it should be your first priority, yes, even before buying anyone presents. Don’t use the same password (or permutations of the same one, like fluffy123 and Fluffy123) for multiple websites. Make your passwords as lengthy as you can. Use two-factor authentication for websites and services that support it, like your Apple ID. And for goodness’ sake, get a password manager to keep track of everything. My favorite is 1Password—I’ve been using it for years and years, and I’ve been very happy with it.

1Password is a great tool for managing your passwords and other sensitive data

And the program has such a nice icon, too.

But seriously, folks, think this through. I know your devices ask you for your Apple ID 43,782 times per day, but better a little bit of frustration when typing in a long password or dealing with two-factor authentication than a data breach.

And no, a paper sitting next to your Mac that has your passwords written on it isn’t a secure system. Trust me.

Protect physical access to your devices

If someone stole your Mac, how easy would it be to get private stuff off of it? If you don’t have a password set and there’s an Excel document on your desktop called “PasswordsAndBankAccounts.xlsx,” then you could probably do things better. For starters, I’d strongly recommend you consider turning on FileVault within System Preferences > Security & Privacy.

Use FileVault on your Mac to encrypt all of your data

FileVault encrypts and protects your Mac’s files and other data

FileVault encrypts the contents of your disk, so if anyone takes your computer, he won’t be able to access the data on it.

Here are a few other related suggestions:

  • Make sure your iPhones and iPads have passcodes to unlock them, and use six-digit ones if you can.
  • Consider encrypting any backup drives you use, whether they’re Time Machine backups or created with another system like Carbon Copy Cloner.
  • Configure your computer to require a password after sleep, and be sure that happens fairly quickly. Don’t let your Mac wait for a whole hour before it makes someone enter a password!

Consider your online security practices

This year, I’ve seen successful phishing attempts that led to compromised email accounts pretty often. Change your account password and then it’s no big deal, right? Wellllll…maybe. But have you ever emailed someone your credit card number or, say, a PDF containing your social security number? Yeah. Don’t do that. (And pay attention to the tip I wrote earlier this week about encrypting PDFs if you do need to send something private through email.) The best practice is to always think through what information you’re giving to website forms or what you’re emailing, for example.

Don't email passwords, bank account info, or other personal sensitive data without encrypting it first

Sending unencrypted sensitive data through email is a bad idea

Don’t be like me. And by that I mean don’t be a total smartass (evidence for same shown above).

Never, ever, ever give an unverified person remote access to your machine

This year, I had a bunch of clients think they were calling AppleCare or Microsoft support or what have you, and their Googling led them to call scammers instead. A quick installation of remote control software later, and a not-nice person had full power over their Macs. In most cases, this just led to the scammers trying to extort money for fake tech support, but if you let someone into your computer, you’re taking a huge risk.

Sometimes, of course, this is unavoidable—if you do call AppleCare, they may need to log in to your Mac to help you out. But be very sure that you’ve called the right number! And please don’t leave your Mac alone while someone’s logged into it, especially with the aforementioned “PasswordsAndBankAccounts.xlsx” file on your desktop.


Well, those are my favorite security tips! What say you? Do you use and love a different password management program? Got anything to say about something else security-related? Sound off in the comments!


Much appreciation goes to my pal Bryan Mahler for suggesting info for this article. Thanks, Bryan!

4 Comments Add a comment

  1. geoduck

    I like the idea of two factor authentication. But it isn’t working for me. Oh, I had it working. My iMac, my iPad, my iPhone are all on the same account. Occasionally I’d get a request on one to allow one of the others to do something and it was all fine.

    Then this week was a big update to iOS. Suddenly my iPad and iPhone are demanding approval, but the system won’t send codes or requests to the other devices because they aren’t approved. I went around and around. Finally I turned two factor off. Authenticated everything to my AppleID accounts and then let things set for a day. All was cool. Then last night I tried turning two factor back on and the mess started all over. It’s really hard to approve a device to connect to iCloud services when none of the other devices get a request to authorize. It’s especially maddening when the devices had already connected to my account. So after fighting with it for an hour last night two factor is off again.

    Anybody have a suggestion? I”d like to go back to two factor.

  2. wab95


    I agree, two factor authentication is peace of mind. When it works. Given your IT background, I’m not sure that I can offer meaningful help, but a possible crapshoot is to go back to your Apple ID and change your password. It will require you to do so on all your devices as well. Once done, go back and re-initiate two factor. It might bring everything back into harmony. Or not.


    Phishing scams abound. One that has come to me more than once, is a group that somehow glommed onto me in the UK (I’m not certain how they initially made contact), but someone with a North Indian accent (yes, accents vary across India) initially called me from a local UK phone number to my US iPhone to assist me with my alleged request for assistance with my computer. I challenged him as to when I had subscribed to their service, and for what device and/or OS. It was clear he thought that I was using a Windows PC. I politely told him to sod off.

    The only related request I made was in trying, earlier that year, to get MS Outlook mail client to work on my Mac when there was an incompatibility between Apple Mail and MS Exchange, which my university mail uses. That request for help appears to have been routed to India. Perhaps a leak at MS led to the phishing attempt, not sure.

    Then, earlier this year, another call, this one with an Eastern European accent reminding me of the previous contact in the UK and how they helped me with my machine and alerting me that my computer was compromised and not to use it until they ‘helped me’. I politely told this bugger to sod off after his colleague.

    This particular phishing scam appears to be a bit more coordinated and using specific terminology to sound like a legitimate security service.

    If anyone does get such a call, be sure to query them about your supposed subscription to their service.

    Anyway, back to my day job.

  3. Scott B in DC

    Click… replay old news… make a few wording updates to make it look fresh… post it… record it for doing the same thing later.
    One would think at some point there would be something new to say. No?

  4. Microsoft Support

    Protection is the basic need of each and every person. There should be two-step verification. An unverified person should not access your personal information. Online protection is a very important concern. For more help, visit Toshiba Support

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account