How to Make it Harder For Someone to Hack into Your Mac.
When I was at Frankfurt Airport recently, I saw a businessman leave his very expensive MacBook Air on his desk to go for coffee. He was gone for five minutes, but in those five minutes someone could steal the computer or hack into it in order to obtain valuable data.
However, these days hackers don’t need physical access to a machine. Using network sniffers, they can scour public Wi-Fi hotspots looking for weak spots, or access private hotspots without passwords.
So from the very beginning, you need to protect your macOS computer from these “intruders”. However, before we proceed, you must remember that you will never have 100% reliable protection, and if you are confronting a government agency, these basic steps are unlikely to help.
But to stop the occasional opportunist? Read on.
Add a passcode to your computer
It’s not difficult at all, but I am amazed at the number of people who don’t like it. It’s like going on vacation, leaving the door unlocked and wondering when you got back why you got mugged.
Adding a passcode is easy. Go to System Preferences – Security & Privacy. On the General tab, you can set a password, as well as specify how long after the computer goes into sleep mode, the password is required. Obviously, immediate is the best option.
You can also add a hint to your password in case you forget your password, but unless you make the hint too vague for everyone who reads it, I wouldn’t recommend it. Just make the password something you remember exactly.
One of the great things about a macOS device is that when it’s completely turned off, the files on the hard drive are completely inaccessible. But to take advantage of this, you must enable FileVault.
FileVault, located in System Preferences – Security & Privacy, encrypts your hard drive, but encryption only works if the computer is completely turned off. Therefore, try not to use sleep mode too often, especially if you are away from home with your laptop in your bag.
When you turn it on, it will take hours to encrypt your entire hard drive, but for your peace of mind, it’s worth it. If there is only one thing you should do in this article, that is FileVault. The rest is just the icing on the cake.
Make sure Lock is turned on in System Preferences
Unauthorized changes to the system settings of your computer are prevented by a small lock icon in the lower left corner.
If you want to protect System Preferences, click on the padlock to close it. If you want to open it again to change something, you will need to enter your administrator password.
Do not log in as administrator
Another prohibition is to log into the system and use it for day-to-day tasks as an “administrator”.
A user with administrator rights can do everything on the computer. Installing and removing software, and adding and removing users are just two of them. If someone entered your computer, being already an authorized administrator, they will simply give him the keys to the kingdom.
To solve this problem, create a regular account without administrator rights and use it for everyday computer use. Leave the administrator account alone and only use this login information when the computer asks for it.
To create a new user, go to System Preferences – Users and Groups. Make sure the lock at the bottom is unlocked, then click the “+” under the login options. Make the new account the default.
Disallow guest users
Many people say that it’s a good idea for you to have a guest account so other people can use your computer. But I take the opposite point of view.
While the guest user has much more limited access to your computer, they still have access to two important areas. First, they have access to all installed applications that they can use to perform any malicious activity.
Secondly, they also have access to the tmp directory where malicious scripts and malware can be stored.
So go to System Preferences – Users & Groups and turn off the Guest option.
Make sure Automatic Updates is turned on
Like any other operating system, Apple regularly releases macOS updates. It’s the same with software – if a patch is needed, the developer will make it and ship it.
So it makes no sense if the patch is ready to be installed and you don’t have automatic updates enabled. If you don’t like to manually check every single day and who has time for it?
To enable automatic updates, go to System Preferences – Software Update. Check the box next to “Update my Mac automatically.”
If you then click the Advanced box, you will see the options available. I suggest checking them all.
Turn on Firewall
It’s not hard either, but again, a lot of people just don’t bother.
Compared to Windows firewalls, which can require a lot of customization, MacOS firewalls are just a click away. By going to System Preferences – Security & Privacy and then to the Firewall tab, you can enable the firewall with one click. And indeed it is.
I’ve never had to touch anything in the Firewall Settings section. I will write an article about “Stealth Mode” of the macOS firewall shortly, but in general leave everything as shown in the screenshot below.
Hide the network name identity of your computer
This is what a friend suggested to me not too long ago, and I never thought about it before.
If someone breaks into your network, they will obviously see the names of all devices connected to that network. If there is only one device (your macOS device) then it will not be affected in any way. But if you have multiple devices on your network, you can try to disguise your macOS device by anonymizing its name.
For example, until I was informed of this, my computer was called “Mark’s MacBook Air.” I mean, I could just as well have put up a sign saying “Come in! Get all my files here! “. But, having changed the name to something harmless, now it is among all my other connected devices.
This is obviously not reliable. Everyone can test each device individually, but it will take longer and make the task more difficult for them.
Go to System Preferences – Sharing and at the top you will see your computer name. Click on the padlock at the bottom of the screen, enter the administrator password, and the edit button next to the computer name will suddenly become active. Click on it.
Now you will be prompted to change the name to any other. Do not select the Use dynamic global hostname checkbox.
While you’re in the Sharing section, it’s time to turn off all of these options except for one – content caching.
From what I’ve been able to find, content caching works fine and seems to actually benefit you. This, in turn, includes Internet sharing, so I think you can leave that as well. But others like screen sharing, file sharing, remote login, turn them off (unless you need them).
As I said at the beginning, these measures will only stop the occasional nosy in a cafe or a thief who wants to steal your laptop to make a quick buck.
If you are attacked by a government agency or other specialist, these measures will slow it down, but only for a very short time.
But still better than nothing, right? Why would they make it easier?