25 Mac security tips and settings

Whether you just purchased a MacBook Pro or are updating your Mac operating system software, it’s smart to keep up with all of Apple’s latest enhancements — including how new features may help or hinder your device security and online privacy.

Malware can be a threat to the security of your Mac devices and data. That might include viruses, worms, trojans, ransomware, and spyware. If you surf the web, receive email or text messages, or lose your Mac, you could be vulnerable. Cybercriminals use malware to gain control over your computer and access your personal data. They might use that sensitive information to commit crimes such identity theft and fraud.

You can help protect your computer and data by learning how to operate your Mac security settings and understanding any limitations.

Need help? We took a closer look at the many Mac security and firewall settings you can activate, along with other steps you can take to help to keep your Mac and the data on it safe and secure.

1. Require separate user log-ins

If you’re not the only one using your computer, you probably don’t want others to have administrative access. Mac computers allow you to set up separate users, requiring each user to log-in. You’ll have administrator log-in access, but other people will not.

This gives other users access only to their files and settings, protecting yours as the administrator. You can let people who only use your computer occasionally log in as guests. You can also create groups.

Also, consider creating and using a standard, or non-administrative account for your own daily activities. This could offer additional protection from certain types of malware, or at least alert you to any suspicious activity.

How to add a user:

Select the Apple menu logo > System Preferences > Users & Groups > click the padlock to unlock > enter your administrator name and password > click the Add button > click the New Account pop-up menu > choose a type of user or group > set up the user or group.

2. Disable automatic login

Disabling your Mac’s automatic login will ensure a layer of protection if your Mac is lost or stolen.

How to disable automatic login:

Select the Apple menu icon > System Preferences > Users & Groups > click Login options > turn off automatic login

3. Turn off your Wi-Fi connection’s auto-join feature

You don’t want your computer connecting automatically to any Wi-Fi connection without your knowledge and permission. A hacker could use that same service set identifier — SSID, for short — as an access point to capture your traffic and data.

How to turn off the auto-join feature:

Click on the Apple menu icon > System Preferences > Networks > select the Wi-Fi you want to stop joining automatically

4. Set your privacy & security settings for optimal protection

Apple’s security and privacy settings offer several ways you can enhance protection of your device. These Mac security settings include:

• Location Services – control which apps, if any, can access your location data.
• Contacts – decide which apps can access your information.
• Photos – restrict which apps can access your photos.
• Accessibility – set which apps can control your Mac.
• Analytics – prevent Apple and app developers from sharing data on your use of apps.

How to find your privacy options:

Click on the Apple menu icon > System Preferences > Security & Privacy > Privacy > click on the settings in the sidebar that you want to audit

5. Monitor your privacy settings

You might sometimes install apps that are used for a short time and then end up just sitting there, taking up space on your phone. It’s a good idea to periodically perform an audit of those apps. Why? They could pose a security risk, as well as drain your battery and slow down your device. Plus, sometimes privacy policies of apps change, so it’s important to revisit apps and read the fine print.

How to monitor privacy settings:

Click on the Apple menu icon > System Preferences > Security & Privacy > Privacy. You’ll find the master list of all permissions, along with which apps you’ve granted them to. Go through them and revoke any app permissions that aren’t necessary.

6. Set up Find My Mac

If your Mac is lost or stolen and you want to find it, setting up the Find My Mac feature can help. Here’s how. You’ll need to turn on Location Services (as noted above) in your privacy settings and select Find My Mac in the list of apps that can use your location.

Not only will this tool help you find your Mac, but it will also enable you to wipe your drive remotely your device if lost or stolen.

You’ll then need to set up Find My Mac:

Click on the Apple menu icon > System Preferences > Security & Privacy > Location Services > click the padlock and enter your password > select Enable Location Services > select Find My Mac > lock the padlock to prevent further changes

7. Set your Safari privacy settings

The Safari browser also has privacy settings you can turn on to help keep your internet activity safe from eavesdroppers:

• New Private Window (Shift + command + N): enables private browsing, allowing you to browse the web without recording your visits in the History menu.
• Clear History in the Safari menu: erases cookies and other cached data in the History menu.
• Privacy section in Safari’s Preferences: helps prevent websites from tracking you or storing cookies on your computer.

8. Set a strong computer passcode

Cybercriminals sometimes use your passwords to access your personal information. The importance of setting strong, unique passcode is no big secret. But here are some tips to help ensure your passcodes remain a secret:

• Don’t use any personal information.
• Don’t use your name, the names of family members, or any other identifying information.
• Don’t use real words.
• Do use a random combination of special characters, numbers, and uppercase and lowercase letters.
• Create longer passwords.
• Change your passwords regularly.
• Don’t reuse passwords.
• Use different passwords for different accounts.
• Don’t enter your passwords on another person’s computer or on networks that aren’t yours.

9. Use a password manager

It’s important to create complex secure passwords using a unique combination of uppercase and lowercase letters, numbers and symbols. The problem is that every device and application requires a new password. It might be tempting to reuse old passwords or create simple and similar passwords that you’ll remember, but that can make it easier for hackers to figure them out.

Enter the password manager. A password manager can help keep your passwords organized and safe from hackers. Your account information and passwords are stored in a so-called vault where they are encrypted. The vault stores one strong master password that gives you easy access to all of your accounts, while helping to maintain the privacy and security of your computer. There are various password-manager options on the market.

Another option is to use Apple’s built-in password manager, known as iCloud Keychain. This tool helps set up and saves your passwords in applications such as Safari, keeping your website and Wi-Fi passwords up to date across your Mac and other devices.

How to set up iCloud Keychain:

Click on the Apple menu icon > System Preferences > Apple ID > tap iCloud in the sidebar > Keychain > enter your Apple ID password and activate the OK button > set a four-digit security code

10. Set up two-factor authentication

When enabled, two-factor authentication, or 2FA, gives the identity verification process a second layer of security. That’s because hackers will need more than just username and password credentials to access your devices and accounts. On your Mac computer, this second layer of security consists of the biometric authentication of your fingerprint.

How to set up 2FA:

Click on your Apple menu icon > System Preferences > Touch ID > add your fingerprint(s)

11. Consider using an authenticator app

Authenticator apps take two-factor authentication a step further by generating unique codes right there, rather than sending them via SMS text message, which cybercriminals might intercept. Some password managers also offer this service.

12. Use a physical security key

What’s another method of implementing 2FA? You could use of a physical security key, or token, which is like a smart card that provides your digital signature. You might consider this option if you want even more protection. If you have a security key, neither you nor anyone else will be able to gain access to your Mac without presenting your security key or token. Even if someone has your password, it won’t do them any good.

13. Use a VPN

Setting up a virtual private network is a good way to help ensure your internet connection is secure and encrypted — and safe from eavesdroppers. A VPN acts like a tunnel, encrypting data you transmit and receive while on public Wi-Fi.

How to set up a VPN on your Mac:

Choose the Apple menu icon > System Preferences > Network > click the add button > click the Interface pop-up menu > choose VPN > click the VPN Type pop-up menu > choose the VPN you want to set up > select Create button

14. Encrypt your data with FileVault

You likely have sensitive data that you want to protect on your computer. The Mac OS offers built-in disk encryption known as FileVault. It encrypts your hard drive and files using 128-bit AES encryption with a 256-bit key.

Why is this good? This tool gives you full-disk encryption, protecting your files from being seen or copied. When the tool is turned on, it also turns on other security features such as Find My Mac, which allows you to wipe your drive remotely if someone steals or finds your computer. It’s important to set a strong password to underpin the strength of this encryption.

FileVault also lets you create a recovery key, in case you forget your login password. It’s good to keep the recovery key in a separate location.

How to turn on FileVault disk encryption:

Click on the Apple menu icon > System Preferences > Security & Privacy > FileVault tab > click the padlock in the bottom left corner > enter your administrator name and password > click Unlock > turn on FileVault > relock the padlock

15. Activate multi-layer firewall security

Turning on your firewall for Mac offers an additional layer of protection. It can help block unwanted inbound network connections and regulate app access to your network to keep out malware. The Mac firewall isn’t enabled by default, so you’ll have to turn it on.

How to turn on your firewall:

Select the Apple menu icon > System Preferences > Security & Privacy > Firewall tab > unlock system settings by clicking the padlock at the bottom left > type in your username and password > select Turn on Firewall button > click Firewall Options > click Enable Stealth Mode > relock the padlock to prevent further changes

Keep in mind Apple’s built-in firewall only offers inbound protection. That means it won’t stop malware already on your Mac from connecting to the internet. That would require outbound protection.

No doubt you don’t want malicious software sending out your data. What to do? Consider multi-layer protection by running a two-way firewall — that includes outbound protection — for more comprehensive anti-malware security.

16. Set your app download preferences

Cybercriminals sometimes use fake apps to trick you into entering your personal information and downloading malicious software. That’s why it’s a good idea to download your apps directly from Apple — and possibly from “identified developers.” More on that below.

Apple’s App Store only accepts and offers apps it has reviewed. It removes apps from its store that develop problems. Also, if you download and install Mac apps, plug-ins, or installer packages from outside the App store, macOS will check the Developer ID signature to ensure it’s from an identified developer.

It’s smart to read an app’s privacy policy. What personal information will the app collect and share with third parties? For instance, free apps often recover costs by mining your personal data and selling it to third parties. Another consideration: How will your data be stored and secured?

How to set your app download preferences:

Select the Apple menu icon > System Preferences > Security & Privacy > General > select if you want apps to be allowed to be downloaded from the App Store or “App Store and identified developers” known to Apple

17. Read reviews of apps

When you are considering downloading an app, it can help to read app reviews. Reviews may help you avoid malicious apps and ensure you’re downloading reputable software onto your computer.

18. Use caution when granting app permissions

Be careful before granting permissions to an app. Check to see what permissions you’re actually giving. Does the app really need them? How might it use the information? For instance, is there a good reason why an app might need access to your microphone, your contacts, or your social media profile?

19. Check your service sharing settings

If you want to limit your sharing, it’s a good idea to set your sharing preferences. The strongest protection would be to turn off sharing for all services until you need them. These services include Screen Sharing, File Sharing, Printer Sharing, Remote Login, Remote Management, Remote Apple Events, Internet Sharing, Bluetooth Sharing, and Content Caching.

How to turn on and off your service sharing settings:

Click the Apple menu icon > System Preferences > Sharing > click on or off the service options in the left-hand window, and if you’re allowing a service you can choose to allow all users or only certain users that you list.

20. Turn off your Mac’s suggestions

By default, your Mac gives what are called Spotlight Suggestions. This data, along with related search queries and usage, can be shared with Apple. For more privacy, you can turn off these suggestions.

How to turn off Spotlight Suggestions:

Click the Apple menu icon > System Preferences > Spotlight > Search Results tab > uncheck “Allow Spotlight Suggestions in Look up” and deselect which categories you don’t want to appear in Spotlight search results

21. Turn off Siri

Siri — your Mac’s intelligent personal assistant — can share your personal information, so another of our Mac security tips is to turn it off when not in use.

How to turn off Siri:

Select the Apple menu icon > System Preferences > Siri > toggle on or off Enable Ask Siri

22. Turn off Bluetooth

If you aren’t using Bluetooth — or if you’re near someone you don’t trust — turn it off. This decreases your computer’s discoverability and adds an extra layer of privacy. It can help prevent any potentially dangerous connections.

How to turn off Bluetooth:

Select the Apple menu icon > System Preferences > Network > Bluetooth > toggle Bluetooth to Off

23. Beware of phishing scams and pop-ups

Malware sometimes can infiltrate your Mac through mail and text messages. For instance, phishing scams involve compromised emails or text messages that seem like they’re from a reputable source — like your bank — but are actually fake messages from a scammer. Phishers try to trick you into sharing personal information by opening pop-up windows or other malicious links that ask for your personal data.

Here’s how you can help protect against these online fraud schemes: Never open suspicious or unsolicited emails or attachments. Never click on them or respond to them, and never provide personal information on a website that you aren’t sure is the real thing.

A good way to be sure a website is credible and secure is by always going directly to a secure “https” website on your own — not via someone else’s link.

24. Make sure automatic iOS updates are turned on

Be sure to update your apps and Mac operating system to help keep your computer secure. Why? Security updates address software vulnerabilities. These are security holes or weaknesses in an operating system or software program that cybercriminals could use to access your data. Hackers can exploit these types of weaknesses by writing code that targets a specific vulnerability.

Security weaknesses — if they’re not fixed — can let in malware, allowing a hacker gain control over your computer and steal your personally identifiable information. That might include everything from your passwords to your bank account information.

Cybercriminals might use your personal information to commit identity theft or financial fraud. Or they might sell it on the dark web for others to use.

One recent example that highlights the need to act immediately on security updates is Microsoft’s Windows 10 vulnerability that affects the operating system’s security encryption — and could have affected hundreds of millions of Windows 10 users if left unpatched.

How to turn on automatic updates:

Click on your Apple menu icon > System Preferences > App Store > enable automatic updates

25. Make sure your computer screen locks quickly when not in use

If you step away from your computer or lose it, you don’t want the person who finds it to be able to see — or do — anything. You can set your Mac to log out when you’re not using it. How? Set Require Passcode to Immediately. This will require you and anyone else to enter your passcode no matter how much time has passed since you last unlocked your computer.

How to set up Auto-Lock:

Click on the Apple menu logo > System Preferences > Security & Privacy > click on Require Password and set it to Immediately.