macOS offers numerous ways to secure your data. Used together, these features mean that even if your Mac is stolen, the data on it is safe from prying eyes.
The most basic step of protecting your Mac is having a password set up for your user. If you don’t have one, it can be set up in System Preferences > Users and Groups.
While there, make sure the computer isn’t automatically logging in:
To change or reset the password, read through this support document.
A firmware password prevents a Mac from being booted from any device other than the internal startup disk. In its documentation, Apple includes this warning:
When you set a firmware password, make sure it’s one you’ll remember. You might want to write it down somewhere so that you don’t forget it. If you forget your firmware password, you’ll need to bring your Mac to an Apple Retail Store or Apple Authorized Service Provider to unlock your Mac.
To set it up, boot up into Recover Mode and select Firmware Password Utility from the Utilities menu. Once it is setup, if the Mac is prompted to boot from anything but the internal disk, the user will be prompted with a password field:
FileVault is macOS’ built-in tool for full-disk encryption:
FileVault full-disk encryption uses XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk.
It can be enabled in System Preferences > Security & Privacy.
macOS will generate a recovery key during the process, which you can either store in iCloud, or locally. It’s just a string of letters and numbers; there’s no file you have to keep up with. I opted for a local key — despite using two-factor authentication on my iCloud account. I’m storing the string of text in 1Password, another excellent tool in securing your data.
On my 2016 MacBook Pro with 120 GB of data, the encryption process took about an hour.
Now that it’s done, the Mac works and runs as normal. There’s a slight delay when logging in and out of my user account, but other than that, I can’t tell any difference in day to day use. I can feel secure that if my MacBook Pro gets stolen from the trunk of my car or lost in an airport, that the data on it is safe and sound.
Of course, most of the data on my notebook is also hosted by a cloud service. On that front, the best bet for securing that data is two-factor authentication. In short, these systems require your password and a random string of text to log in.
I linked to it above, but iCloud’s two-factor authentication system is probably the easiest to use, and the most important to me. iCloud stores copies of my photos, contacts, calendars, device backups and more. When prompted for a code, my devices show a pop-up, confirming the location of the device that is requesting a login key. I can simply tap accept and move on.
Other services aren’t as well-integrated into macOS and iOS as iCloud, however, and usually rely on sending you a SMS with a short code that the service’s website will prompt you for. Most of the time, these codes can be generated with an app like 1Password or Authy, if SMS doesn’t work for your setup.
Protecting our personal data is more important now than it has ever been. With a few steps, your Mac and the data on it can be more secure. These systems and features do their best to stay out of the way, which makes them easier to live with. I think any — or all — of these things are well worth the time and effort to implement.