Mac OS X

The following security settings can be applied to your Mac OS X system to provide some additional protections on top of system defaults.

Please bear in mind that some of these settings , if adjusted inappropriately, might impact the system's functionality. You should always consult your system administrator or IT support before applying them.

Mac OS X Configuration Tasks

  • Disable Automatic Login
    • While automatic login is convenient, it can also allow an attacker with physical access to your computer to access all of your files.
    • You should consider disabling automatic login by heading to System Preferences, and selecting Users & Groups (called "Accounts" in earlier version of Mac OS X). Then update the Automatic Login field under Login Options.
  • Require a Password to Wake your Mac
    • To minimize the risk of unauthorized access while you are away from your Mac, you can require a password to wake it from sleep or from a screensaver. While most Macs are set by default to sleep after a period of inactivity, the screen saver functionality often needs to be manually enabled if you'd like to use that as well. Both of these options can be configured from System Preferences, albeit from different sections:
    • You should set an automatic screensaver and/or sleep timeout. You can also put the computer to sleep manually when you walk away from the Apple menu, or set one of the screen corners to the same function with Exposé.
  • Automatically Lock the Login Keychain
    • The Keychain on a Mac is used to store all of your passwords and credentials. To secure it, locate the Keychain Access tool in Spotlight search (which is the magnifying glass icon in the top-right of your screen). Select the login keychain, then select the "Edit" menu (top-left corner of screen), and click "Change Settings" to open the login keychain settings. Update the values to lock after e.g. 10 minutes of inactivity.
  • Avoid installing unnecessary software
    • Always be fastidious in installing software downloaded from the Internet, as this is one of the main ways in which computer security can be compromised.
    • Mac OS X 10.7 and later do not contain Oracle® Java™ or Adobe© Flash© Player by default. if these tools are not needed, then don't install them.
    • Please note that Google Chrome includes a bundled version of Adobe© Flash© Player.
  • Enable Full-Disk Encryption with FileVault 2
    • This prevents unauthorized persons from accessing your information even if your machine is stolen.  If you're uncomfortable with enabling encryption, make sure to get help from a friend, or your tech support.
    • Always back up with data, e.g. with Time Machine, before encrypting your hard drive.

This article was updated: 06/25/2015