Securing your MacBook: Going Beyond Tinfoil

fence

How do you secure the data on your portable computer from thieves, without having to chain your computer to a concrete slab?

I have just the answer.

Disclaimer: The methods I outline here are nowhere near foolproof. Always keep the possibility of theft in the back of your mind when you leave your gadgets unattended.

Tier 3: At Least You Tried

When setting up your MacBook, you are prompted to create a username and a password. In the event you didn’t (for some reason), I would highly suggest that you add a password to your account by going into System Preferences > Users & Groups:

Select your user account.

Select your user account.

Click this button next to the user image.

Click this button next to the user image.

Add your password (and don't forget to write it down and store it in a safe place!)

Add your password (and don’t forget to write it down and store it in a safe place!)

 

Then after you click Change Password, be sure to go here:

Click this.

Click this.

Set this to "off".

Set this to “off”.

If someone turns your Mac on from a cold-boot (e.g. shut down state), they won’t automatically be logged in. It would ask them for your password that you just added above!

That last thing you need to do is for when you put your computer to sleep rather than shut down. And that is to prompt the computer to ask for a password after disrupting the screensaver/sleep mode.

You can do this by going to System Preferences > Security & Privacy:

Go to Security & Privacy

Go to Security & Privacy

Set the first drop down to "immediately".

Tick and set the first drop down to “immediately”.

If a no-good thief decides to try and go through your personal files when you only put your computer to sleep/screensaver, he/she shall be thwarted yet again (and maybe curse a certain superhero under his/her breath).

Tier 2: Now I’m Getting Serious

Let’s outline the following scenario:

  • You go to the bathroom and tell your coffee-drinking buddy to watch your stuff.
  • When you leave, an evil-doer walks up and threatens your friend and demands your laptop.
  • Fearing for his safety, he obliges, lightning strikes in the background, and the thief runs off.

You come back to find your laptop missing but, at least your friend is still in one piece.

Unfortunately for you, your computer is in the hands of an evil-doer who is possibly rummaging through your personal data – be it bank account information, NDA-restricted information, or your note on how your mother loves lemon cake. But thankfully you did all of Tier 3 and added a password to your account.

While your username and password is your first line of defense from data intrusion, an extra layer of hard disk encryption via FileVault serves as your second line of defense against data theft.

FileVault enables you to encrypt your hard drive, essentially turning all the bits and bytes on the drive into mumbo-jumbo to the outside world, only until you enter your login password when your turn your computer on. That’s when FileVault decrypts (turns the jumbled bits and bytes into the proper data) the entire hard drive on the fly, enabling you to proceed with your computing needs. There is no risk of data loss or corruption (aside from you losing your password/recovery key entirely).

To enable FileVault, first go to System Preferences > Privacy & Security:

Go to Security & Privacy

Go to Security & Privacy

Click the "FilveVault" tab.

Click the “FilveVault” tab.

Write down the generated "Recovery Key" on a piece of paper and store it somewhere safe.

Write down the generated “Recovery Key” on a piece of paper and store it somewhere safe. Your key will be different from the one printed here.

Decide if you want Apple to store the recovery key on their servers, or if you want to keep it to yourself.

Decide if you want Apple to store the recovery key on their servers, or if you want to keep it to yourself.

Click "Restart" and the encryption process will take place. Note: Depending on how much data you currently have this process may take a while.

Click “Restart” and the encryption process will take place.
Note: Depending on how much data you currently have this process may take a while.

Warning: There are only two ways you can lose all your data using FileVault.

  • You forget your recovery key.
  • You forget your login password.

Be sure to always write down your password/recovery key and store it in a safe spot (if it’s that important, consider stuffing it in a safety deposit box). 

The reason for this is that since FileVault essentially encrypts all the data on the hard drive, if you lose your login password and recovery password, then FileVault cannot decrypt the drive, resulting in the loss of data on the entire drive and possibly a couple nights-worth of tears.

Ahem. So after the encryption is done, your computer should reboot and before it goes to the typical login screen, it will prompt you to enter your login password. After you do that it will complete the boot and you will be sent to the login screen.

Tier 1: Liam Neeson is Going to Find You

So you’ve made it this far. Maybe you thought adding a password to your account and encrypting the data on your hard drive was not enough, and you have such critical data that in the event your notebook is stolen, you will divert the entire power of the NSA United States into finding it.

Well, my friend, you’ve come to the right place.

Apple has such a wondrous tool included on every Mac and iCloud account, and that’s called Find My Mac.

When the device is powered on and starts searching for WiFi, it will use WiFi triangulation (e.g. using nearby WiFi networks to determine an approximate location) and display where it might be in the event that you use Apple’s Find My iPhone on iCloud.com.

Select the device you want to find from the drop-down list.

Select the device you want to find from the drop-down list.

You can zoom in and out on the map to see where your device is located.

You can zoom in and out on the map to see where your device is located.

From here you can either: Play a sound, Remote-lock the device, or Erase the information on the device.

From here you can either: Play a sound, Remote-lock the device, or Erase the information on the device.

Wrap Up


While these methods secure your data on your MacBook, always be sure to practice safe methods when using your device in a public space, or in an area where thefts/burglaries are common. Lock your doors and your windows when you’re not home, and if you’re out in public with a friend, have your friend watch your things when needed.

Congratulations on making it this far. I hope you enjoyed this guide as much as I did writing it. If you have any comments and/or questions be sure to share them in the comments section below!

  • http://www.40tech.com Evan

    I use an app called Undercover, which will take screenshots and video of a thief as he uses it, and send me that and his location. The problem is that you do need to set up an easy access guest account so that the thief can log in, and I don’t think it works with FileVault.

    • http://loneplacebo.com/ Tony Hue

      On my Nexus 4, I use Cerberus that offers a bevy of features that I can’t remember. One of my favorites though is this feature that can snap a photo using the front-facing camera on the nth failed attempt to unlock the phone’s passcode. Cerberus would then email me the photo. As long as their is cellular connection, I’m good to go.

  • http://www.spudart.org/ Matt Maldre

    Snap. I need to do at least the first step with my computer at home.