Pin Me

Secure Your Mac Laptop – FileVault and Firmware Passwords

written by: Joli Ballew•edited by: J. F. Amprimoz•updated: 2/5/2009

If you have a laptop, there are ways to keep its data secure, even if it’s stolen or lost. Additionally, there are multiple ways to keep your Mac laptop physically safe and secure when you’re traveling with it, including encrypting your Home folder with FileVault and securing boot up with a firmware password.

  • slide 1 of 3

    Basic Security Measures

    If you carry a laptop, you’re more vulnerable to attacks than if you had a desktop computer. Laptops may be configured to use wireless networks (which can be very insecure) and they can be stolen and their contents pilfered. To secure your laptop requires that you do all of the security tweaks mentioned in other articles on this site religiously, including keeping the computer physically safe at all times, securing the login process, enabling a firewall, and using Secure Empty Trash. However, you can do even more to protect yourself.

    Consider these additional security measures:

    ·         When going through airport security, never take your eye off your laptop. If possible, allow a traveling companion to go through before you, and watch your laptop as it comes through the scanner.

    ·         Purchase a good, sturdy carrying case that locks.

    ·         If you’re on the road a lot, consider purchasing a nondescript carrying case; one that does not scream, “Hey, look! I’ve got a laptop over here!”

    ·         Don’t leave your laptop on your front seat of your car when you go inside somewhere; lock it up in the trunk.

    ·         When in a hotel room, physically secure the laptop to something large in the room if possible.

    ·         Label your laptop with gusto. Consider having information etched onto the back of the case or applying a large sticker with your name on it. This will make pawning it harder.

    ·         Encrypt your Home directory with FileVault. There’s more on this in the next section.

    ·         Create a firmware password. There’s more on this later in the article.

    ·         Purchase tracking software from a third-party vendor. When thieves log on to the Internet with your machine, their location is tracked and hopefully the police can find them.

  • slide 2 of 3

    FileVault

    FileVault allows you to encrypt your Home folder. Encryption scrambles the data in your home folder so that the information is secure if your computer is ever lost or stolen. It automatically encrypts and decrypts your data on the fly, and you won’t even know or notice that it’s happening.

    You should use FileVault if your Mac contains sensitive information that would ruin you or your company if it was ever stolen. In addition, I think anyone with a laptop should seriously consider it. Unfortunately, using FileVault can interfere with scheduled backups or access to shared folders, and it might not be for everyone.

    Tip: Apple’s online Help files are amazingly helpful on this subject. If you’d like more information, check there.

    To use FileVault, follow these steps:

    1.      Open System Preferences>Security.

    2.      Read the information regarding FileVault. Pay special attention to the warning “Your Files Will Be Encrypted Using Your Login Password. If You Forget Your Login password And The Master Password Is Not Available, Your Data Will Be Lost Forever.” If you’re willing to take that chance, select Set Master Password.

    3.      Fill out the required information in the Security dialog box and click OK. This will require you to input and verify a master password.

    4.      To turn on FileVault, select Turn On FileVault.

    5.   Input your administrator password, click OK, and then click Turn On FileVault from the new Security dialog box.

    6.   The computer will restart.

  • slide 3 of 3

    Set an Open Firmware Password

    Any intruder can hack into your Mac by restarting it and holding down the proper key combinations. Someone could restart your Mac by using the Restart command or by simply unplugging and plugging back in the machine. During the restart process, intruders can boot to a CD, boot up in FireWire Target Disk Mode, start up in the Unix console, and more. Think of the damage one could do if an intruder connected his or her laptop to your Mac, and booted it up in FireWire Target Disk Mode! If you really want to secure your Mac, you have to block this security hole.

    To keep intruders from gaining access to your Mac in this manner, you’ll have to create an open firmware password. Creating the password blocks intruders from using these key combinations to get to your Mac. You have to input the open firmware password to use these alternate boot methods. Creating this password is serious business; if you forget the password you create, you’ll be in deep trouble. You won’t be able to use these alternate boot methods either. Even Mac support can’t get you out of this mess.

    With those cautions in mind, if you’re ready to create an open firmware password, follow these steps:

    1.      Visit www.apple.com and select the Support link.

    2.      In the Search box, type Set Open Firmware Password and click Go.

    3.      Locate, download, and install the Open Firmware Password program that matches your Mac version.

    4.      Once it’s installed, open the Open Firmware Password application.

    5.      Click the padlock to authenticate yourself and enter your administrator password.

    6.      Click Change.

    7.      Select the check box Require Password To Change Open Firmware Settings.

    8.      Type your password in the Password and Verify boxes.

    9.      Click OK and confirm your decision.

    10.  Click the padlock to prevent further changes.

    11.  Choose Open Firmware Password>Quit to close the application.