Hello All,
Many people ask me: "I know Macs are safer than most PCs, but what extra steps can I take to ensure I am secure both online, and off?". Throughout the years, in part thanks to some paranoia, I have collected a few practices that I think most people should follow. Also, being the holiday season, I'm assuming many people might have gotten new Macs, so this is a good time to go through this. It is my hope that by following some, or all of these points, you can feel a bit more safe while using your Mac!
Important Note: NOTHING I post here is mine. This is all common knowledge/solutions that exist, I simply have compiled them into a list for convenience. I am in no way taking any credit for any of these practices, I am merely promoting their use. Additionally, if anyone else has anything to add, or change, please make yourself heard, I am not claiming to be a security expert, just someone who is aware!
-
Use 2 factor authentication. This one is a no-brainer, and one that I really hope everyone is already using! If you are heavily invested into the Apple ecosystem, as I am, the number one thing you don't want hacked is your Apple ID! It has credit cards, addresses, purchase history, everything on it! Make sure you utilize two-factor authentication to ensure that if someone hacks your iCloud password, they still can't access your account unless they have another trusted device of yours. This one alone can help immensely!
-
Use a firmware password on your Mac This is another one that is a no-brainer to me. Basically, when you set up your Mac, you give it an account password to unlock the computer and get into your user account. What a firmware password does, is lock down the entire operating system, making it unable to boot until the firmware password is entered. This is crucial, because if your Mac is stolen, and you don't have a firmware password, they can simply boot into macOS recovery mode and reinstall macOS, essentially making it impossible for you to ever track your computer through Find my Device. Important Note : make this password different than your normal user account password! Also, never forget this password, as doing so makes for a very, very tedious process requiring you to find your original proof-of-purchase (receipt) of the Mac and a service appointment at an Apple Store.
EDIT: Building on this point: /u/jmnugent added a great piece of advice: You can actually set a custom Lock screen message. This makes it so if your Mac is stolen or lost, can be returned to you (given you provide contact info). Additionally, if you have a firmware password, the thief wont be able to override this message, which is great because if they take it into a specialist to try to get it wiped, the specialist will see the lock message and pretty quickly be able to tell its stolen.
-
Make Sure Find my Mac is enabled at all times Im sure you all know what this is so I wont go into it as it is extremely self explanatory. However, with a Firmware Password, this is even more powerful, as you can lock it from iCloud.com, and then prevent your computer from ever booting while you track the thief.
-
Backups, Backups, Backups! In this online age less and less people are feeling the need to backup data. This is a terrible mindset. There are literally tons of methods to backup so I wont go to into depth. Personally, I do the following:
- Automatically backup my Documents/Desktop to iCloud Like most people, 95% of my data is stored within these two locations on my Mac. Having this on ensures that if my Mac crashes, I can always have a copy of my most important documents available. Extra iCloud storage is very cheap, I think I pay like 3/month for 200GB. There are also tons of other providers that can do this for you: Amazon, Google, Microsoft, Dropbox all have cloud storage that can be set up to automatically backup your most important files.
- Use Time Machine As extra redundancy, consider purchasing a extra hard drive you can use locally. This mirrors your entire Mac, so if it crashes, you can restore it exactly how it was. Hard Drives are extremely cheap nowadays, and you don't need to get an expensive one to do this!
-
Consider using a password manager. It's a common misconception that hackers can 'hack' your password easily. Most hackers have a database of commonly used passwords that they test against your account (Most people have ridiculously stupid passwords). Other methods for hackers involve brute forcing their way into guessing your password, which, if you have a semi-secure password, can literally take longer than the life of the universe to guess! With a single lowercase letter, a brute-force approach needs to guess 26 things, add in digits, it becomes 36 things, add in uppercase, the brute force now needs to guess 62 different options for just that single character. The takeaway is that a long-password with a mix of lower/uppercase letters and numbers is very, very difficult, if not impossible, to guess.
Using a password manager helps you create complicated passwords like this, and there are many options. iCloud Keychain, if you are heavily invested into Apple/Safari use, 1Password, LastPass, Keeper Desktop, etc.
EDIT: As some may have pointed out in the comments, try to never use the same password. I know this is tedious as hell, and can make for quite the headache, but it is more secure. Most people use the same password for everything. Many hackers, if they are able to hack into one of your accounts, may then try to apply that email & password combo to a host of other sites to see if they work. Don't let that happen!
-
Keep your Mac up-to-date at all times. As a university student, I shudder when I see somebody who has a relatively new Mac, and I see they are 1-2 macOS versions behind, or that they have ignored the "Important Updates Waiting to be Installed" notification for a year. I see this all the time. People, yes updates sometimes cause minor grievances, but they are literally released to help patch up security flaws. If Apple thinks the problem is worth fixing, they will send out an update. Listen to Apple and update!
-
Use FileVault Not going to get into the technical bits of this, basically it encrypts your Macintosh HD using a industry-standard XTS-AES 128 bit encryption. Really good!
As /u/DomPhotography pointed out below, make sure you also use this to encrypt any external drives that have your data on them (such as Time Machine external hardrives)
-
If you are not a very technical person, consider only allowing apps to be downloaded from the App store or identified developers. Most technical people I know can spot a malicious program from a mile away, but this is obviously not the case for everyone. Go to Sys Prefs --> Security & privacy --> General to see where Apps are allowed to be downloaded from. If you don't trust yourself, only download from the App Store! This isnt an insult at your intelligence, simply being vigilant.
Additionally, consider doing research on every program you download. It takes a few seconds to google the program name and you'll find out pretty quickly if its safe!
-
Make sure you Firewall is on. The standard fire wall that comes with macOS is great and catches just about anything. Make sure it is on, by going to Sys Prefs --> Security & privacy --> Firewall.
-
See which Apps have location services enabled Do this by going to Sys Prefs --> Security & privacy --> Privacy. As a general rule of thumb, no app should be collecting location data unless you absolutely need it to, or if you use it for some sort of time/location based logic, such as f.lux.
-
If you follow these general, practices, you shouldn't need extra security software. This is a BIG one. So many people download fraudulent "Cleaning" apps that are quite literally cancer for your Mac. Anything that claims to "clean" or "secure" your Mac, is probably fake(side note: Im working on making a list of apps that are definitely dangerous, AFAIK nobody has compiled a recent list like this) . If you feel like you must run extra software, get it from a reputable developer. Amongst these, Norton Symantec, Bitdefender, and Sophos are all great options.
-
Watch out for Phishing. This one is scary nowadays. Developers make websites that look exactly like the real thing! Consider this recent case of how a developer made a login page that looked exactly like an Apple Site: Link. As a general rule of thumb, you can usually see if the website is legit or not by simply observing the URL before you click it. If it is something like http://apple.co/2imwMto? it is probably SAFE, but if it something like http://bit.ly/2iz4wHt it is definitely FAKE!.
-
Whenever you visit a site that you enter your Credit Card into, first check the URL bar. If it starts with an 'https' then you should be safe (assuming the website is safe) to enter your credit cards the 'https' means that the communication is secure. If it simply says 'http' do not trust this website to reliably transport your credit card info!!
-
Many people are paranoid about their webcams, and have them covered up with tape. Let me first say, unless you are really stupid and got a terrible virus, the little green light will always come on when your iSight is being used!. However, if you are still paranoid, do the following:
Spotlight Search "Activity Monitor" --> Click the "CPU" tab at the top --> Search for "VDCAssistant". This is the process that uses the iSight camera. If its %CPU reads 0.0 percent, then it is not being used.
-
Know your network. Any time you use your Mac in a public network, you put yourself at an elevated risk level. Of course, if you follow the previous 14 points i mentioned, this shouldn't be a problem, but it is important to know where you are, and who can see you from your network!
as /u/git pointed out int he comments, try to never connect to unsecure networks. These are the networks that do not require any password. When you connect o this, any and all of your traffic can be viewed.
-
Never use an Admin account. No offense, but most people aren't wise enough to be using an admin account. When you set up your Mac, make an admin account, and then make another user account that you will actually be using. You an check what type of account you have by going to : Sys Prefs-> Users & groups and then observing what it says underneath the "Current User" Field.
-
Never plug in a USB thumb drive unless you absolutely know what it is, or who it came from. USB drives can be loaded with executables that can carry out malicious tasks the second they are plugged in. If you find a USB stick, or SD card in the library, for example, return it or leave it, but do not plug it in!
-
Automatically update apps. Do this by going to Sys Prefs -> App Store and checking for automatic updates. Just like with updating macOS, updating apps can also alleviate many security issues.
-
For the love-of-God, always require your password for purchases in the app store. You may not believe it, but some people actually keep this off because "it takes a lot of time" Well, I can guarantee it'll take even more time trying to recover a
stolen credit cardpurchases made on your account that were not approved by you! -
As my final point, I want to make it clear that solving security issues is a team effort. If you discover a flaw, or patch, or virus, or whatever, please share it!. Nobody will think you are annoying or over-paranoid, the more people we have contributing to cyber-security, the better we all are!
I'm sure I missed some points, but this post is already ridiculously long, and for that I apologize.
I hope that by utilizing some, or all of these tactics you can feel more safe with your costly Mac. Again, I want to reiterate, if anyone has any additions, or edits, please let me know, I will make those changes as soon as possible.
Happy holidays and stay safe everyone!
[link] [comments]
Ei kommentteja:
Lähetä kommentti
Huomaa: vain tämän blogin jäsen voi lisätä kommentin.