Unlike Windows, macOS doesn’t give me a persistent feeling like I’m being spied on, or my personal data is being sent to who-knows-where, but in the end, that’s just a perception. I think Apple is doing a better job when it comes to security and privacy, but there are still a few ways I like to tighten things up when I set up a new Mac.
Locking down login and password behavior
This counts for any computer, but it’s important to ensure that your Mac requires a password or biometric login immediately after sleep or screensaver.
Go to System Settings > Lock Screen and Set “Require password after screen saver begins or display is turned off” to Immediately.
I also check that automatic logins are disabled by going to System Settings > Users & Groups and then set “Automatic login” to Off.
Note, that the only way automatic login can be active is if your Mac doesn’t have FileVault activated. So you should also enable FileVault as soon as possible if it wasn’t already. This is Apple’s full disk encryption solution, and is essential to keeping your personal data out of the wrong hands.
The last step here is to go to System Settings > Touch ID & Password and change your password to something longer and more complex, if needed.
Obviously, since this is a password that you’ll have to type in at least once a day when your biometric lock times out, it can’t be a super-strong password made of random characters, but try to make it both hard to guess and memorable. My own MacBook password is 15 characters long and consists of random words, symbols, and numbers that I personally can remember.
Tightening app and system permissions
Just like a smartphone or tablet, apps on macOS have certain permissions that determine whether, for example, they can access external storage or use your webcam.
After you’ve set up your Mac for the first time with the apps you need, and then with every new app installation, you should head over to System Settings > Privacy & Security and audit important sections like camera, microphone, location services, full disk access, and so on. If an app doesn’t need to know your location or listen through a microphone, remove those permissions from it if it has them.
When you look through this section, it’s always a good time to flag apps for removal that you don’t use anymore.
Securing iCloud and Apple ID access
While you don’t need an Apple ID to set up a Mac and create a user account, most people (myself included) want to benefit from the many services tied to an Apple ID. If you do make use of an Apple ID, it’s the most important thing to protect in your Apple ecosystem. So here are some essential things you should check off your list when securing your Mac:
Go to System Settings > Apple ID > Sign-In & Security and turn on Two-Factor Authentication.
One menu back under your Apple ID, scroll down to Devices and remove anything you don’t recognize or no longer use.
That’s going to make your Apple ID much harder to compromise and make your Mac safer.
Hardening network and sharing settings
One awesome thing about Macs and the Apple ecosystem is all the different ways you can easily share things, but if you don’t use certain sharing features, these can become security issues. At best, it means someone might bombard you with unwanted sharing requests in public spaces, or from a mischievous neighbour.
Go to System Settings > General > Sharing and switch off File Sharing, Printer Sharing, AirPlay Receiver, and anything you don’t actively need.
In System Settings > Wi-Fi click Details next to your network list and turn off “Auto-Join” for public or semi-public hotspots. Your Mac should be set to ask you before joining an unknown network and to notify you when it’s joined a known network by default, but you can tighten this to making it ask before joining or simply turning the feature off.
Lastly, go to System Settings > General > AirDrop and Handoff. Make sure that AirDrop is set to “Contacts Only” or “No One” if you don’t plan on ever using it. If you want to receive AirDrops from someone who isn’t a contact, toggle this to “Everyone” in Control Center temporarily, and then change it back after the transfer is complete.
Improving system-wide privacy and tracking protection
The last bit of housekeeping has to do with tracking, which is just a fact of life in commercial operating systems, but Apple does give us a decent level of control here.
Go to System Settings > Privacy & Security and then check both the Analytics & Improvements and the Apple Advertising sections. I turn off all sharing and tracking here, and if the option is available, also disable personalized ads.
These are the fast and easy ways you can instantly improve the security and privacy of your Mac on top of its out-of-the-box experience or even right now after using your Mac for some time. It will only take a few seconds, so why not check if your Mac is set up with your best interests at heart?