An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 1 of 2 1 2
Securing a desktop mac
#30698 08/01/14 04:42 PM
Joined: Sep 2009
deniro Offline OP
OP Offline

Joined: Sep 2009
This may sound paranoid, but many break-ins nearby got me thinking about whether I should take steps to make my mac secure. Maybe you can afford $1000 for a new computer for two years, but I can't. I've had this one for eight.

1) Do you think I should log in/log out of my account when I startup my Mac and shut it down? I find it annoying, and since I'm the only user.

2) I've read about cables that attach to the mac, locking it to a table or something. What do you think about this?

I know laptops get stolen, but I would think my desktop is safe.

I appreciate your responses.

Re: Securing a desktop mac
deniro #30700 08/01/14 05:08 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
I'm afraid you can't have it both ways: either you opt for ease of use, or for security. It's up to you to assess your risk, given your home and its security. Adding theft impediments like security cables will thwart casual or hit & run theft, but may not deter the determined burglar who manages to get in when you're out. But the age of your Mac is a deterrent by itself, because the halfway knowledgeable thief will pass it by for greener pastures...


alternaut moderator
Re: Securing a desktop mac
deniro #30701 08/01/14 05:19 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: deniro

1) Do you think I should log in/log out of my account when I startup my Mac and shut it down? I find it annoying, and since I'm the only user.

I've taken to setting/enabling "Require password for for sleep and screen saver" under Security & Privacy in System Preferences. There are a number of time frames which one can choose; I chose "after 1 hour". I don't find that it's all that inconvenient. And it would foil "drive-by" thieves.
I've also disabled automatic login.

Re: Securing a desktop mac
grelber #30703 08/01/14 06:32 PM
Joined: Sep 2009
deniro Offline OP
OP Offline

Joined: Sep 2009
When it comes to theft, I guess I'm not just worried about the computer itself, but what I have on the hard drive. Some minor financial stuff, letters, address book, calendar, personal but not especially vital stuff, except for my passwords.

Re: Securing a desktop mac
deniro #30704 08/01/14 07:05 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
If you're worried about data, I recommend keeping good backups on external media. (You do do that already, right? Right?)


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Securing a desktop mac
deniro #30705 08/01/14 07:21 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
You've mentioned that you work with highly confidential proprietary info; how does it fit into your equation, if at all?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Securing a desktop mac
deniro #30707 08/01/14 07:32 PM
Joined: Aug 2009
Moderator
Offline
Moderator

Joined: Aug 2009
deniro,

As regards the files on your hard drive which you do not want to be accessible to a thief, you might review and experiment with the information in: How to create a password-protected (encrypted) disk image.

My usernames, passwords, account numbers, answers to security questions, and social security numbers are accessible only through a strong password for my .sparsebundle disk image.

Special Note: Important: If you forget the password, data stored in the encrypted disk image cannot be retrieved. If you have saved the password in the keychain, the password will be available to you there.


Back up everything you can't afford to lose: documents, mail, movies, music, photos, and other data and settings.
Re: Securing a desktop mac
dianne #30709 08/01/14 07:51 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: dianne
My usernames, passwords, account numbers, answers to security questions, and social security numbers are accessible only through a strong password for my .sparsebundle disk image.

Special Note: Important: If you forget the password, data stored in the encrypted disk image cannot be retrieved. If you have saved the password in the keychain, the password will be available to you there.

My passwords, etc. are similarly protected, but it should be noted that storing the sparse image's p/w in your keychain leaves its p/w no stronger than your keychain's, because it will be auto-entered.

In my instance, my sparse image's p/w is not stored in my keychain and is protected by a much stronger p/w, because the info it contains is far more critical. (I never allow keychain to auto-enter critical p/w's.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Securing a desktop mac
artie505 #30711 08/01/14 08:57 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
You can have it both ways. I have a second keychain, set to auto-lock after 5 minutes, that contains all my high-security passwords. The login keychain contains low- and medium-security passwords.

My financial records are stored in an encrypted disk image file, with a ridiculously long password. That password is stored in my high-security keychain.

When I launch an application like Quicken that wants access to my financial records, it tries to auto-open its most recent document, which through the magic of aliases causes the encrypted disk image to try to mount.

The disk image needs a password to mount, but the system notices that the password is in the high-security keychain, so it asks first for the password to that keychain. If I enter the correct password, the keychain unlocks, the disk image password is retrieved, the disk image mounts, Quicken is happy, and in short order the keychain auto-locks. (Quicken continues to be happy; the disk image's password is needed only to mount it, not to keep it mounted.)

If I don't enter the keychain password, clicking "Cancel" instead, the system says "OK, then, can you give me the password to the disk image?" If I knew it, I could enter it then.

When I'm through with Quicken, I have to remember to unmount the disk image, both to secure it again, and to let Time Machine know it's now safe to back it up. (TM will not back up a disk image, secure or not, while it's mounted.)

My login password is relatively strong, a compromise between security and convenience. I need to type it to log in, and to wake from sleep/screen saver. My high-security keychain has a much stronger password. I only need to enter it a few times per month, so brevity is not important.

Re: Securing a desktop mac
artie505 #30714 08/01/14 10:52 PM
Joined: Aug 2009
Likes: 3
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 3

Originally Posted By: artie505
You've mentioned that you work with highly confidential proprietary info; how does it fit into your equation, if at all?

Sure you're not thinking of JoBoy?



dkmarsh—member, FineTunedMac Co-op Board of Directors
Re: Securing a desktop mac
dkmarsh #30715 08/01/14 11:09 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
That thought crossed my mind shortly after I posted, and I immediately forgot to check.

Thanks for correcting me.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Securing a desktop mac
tacit #30717 08/02/14 01:09 AM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: tacit
If you're worried about data, I recommend keeping good backups on external media. (You do do that already, right? Right?)

I agree with Tacit about backups, but if there is any risk of losing physical control of your computer then local backups are unlikely to be of any use in data recovery because they will most likely be stolen along with the computer. A heart to heart conversation with your insurance provider would definitely be in order and they may be able to save you some money on offsite data storage.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Securing a desktop mac
ganbustein #30718 08/02/14 06:39 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: ganbustein
My financial records are stored in an encrypted disk image file, with a ridiculously long password. That password is stored in my high-security keychain.

If I don't enter the keychain password, clicking "Cancel" instead, the system says "OK, then, can you give me the password to the disk image?" If I knew it, I could enter it then.

My login password is relatively strong, a compromise between security and convenience. ... My high-security keychain has a much stronger password.

Isn't that scheme fallacious?

Your "ridiculously long" p/w is no stronger than the weaker, albeit "much stronger" one that unlocks your high-security keychain.

My login p/w is ridiculously weak, but there's no risk involved, because my deuced Mac(hina) is a one-person machine.

For peace-of-mind, rather than immediately necessary security, though, I use a much stronger p/w to unlock my keychain and a very significantly stronger one to unlock my sparse image.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Securing a desktop mac
artie505 #30734 08/03/14 09:50 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: artie505
Isn't that scheme fallacious?

Your "ridiculously long" p/w is no stronger than the weaker, albeit "much stronger" one that unlocks your high-security keychain.

My login p/w is ridiculously weak, but there's no risk involved, because my deuced Mac(hina) is a one-person machine.

For peace-of-mind, rather than immediately necessary security, though, I use a much stronger p/w to unlock my keychain and a very significantly stronger one to unlock my sparse image.

It would be fallacious only if I thought the ridiculously long password was the one protecting the disk image. I know the password of the keychain is the weak link, but I chose it to be strong enough for my needs. When I created the disk image, I let the system auto-generate a password what it believed to be a maximally secure. But such passwords are actually weaker; any password you cannot remember must be written down somewhere, and is only as secure as wherever it's written. The solution to this conundrum is to write it somewhere it's protected by a password you can remember.

This is the way password managers like LastPass or 1Password are usually used. The user lets the system auto-generate unique passwords that the user never intends to ever enter or even remember. It's up to the password manager to remember them, and the strength relies on a single "good enough" password that protects the password manager's data. Using a single password to protect all the "real" passwords makes that password easier to remember, by dint of being entered more often. You get the convenience of only having to remember one password with the security of having separate passwords for separate uses.

I'm too cheap to spring for a commercial password manager. This is how I set up my own system along the same model.

Re: Securing a desktop mac
joemikeb #30738 08/03/14 11:30 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
A former lover of one of my girlfriends had her house broken into and her iMac stolen, but the thief didn't take the external backup hard drive.

I keep good backups on more than one external hard drive, one of which is actually in a physically different location and accessible over the Internet. smile


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Securing a desktop mac
deniro #30748 08/04/14 06:57 PM
Joined: Aug 2009
Likes: 7
Offline

Joined: Aug 2009
Likes: 7
A lot of this may have already been discussed, but it's still worth reading How to secure and lock down your Mac.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Securing a desktop mac
ganbustein #30753 08/06/14 05:09 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
OK, that makes sense. You had me worried for a moment.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Securing a desktop mac
tacit #30754 08/06/14 05:16 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Thieves are after readily salable big bucks items, and an HDD doesn't qualify unless the thief has broken in to your home looking for info, in which case you're in more trouble than you think.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Securing a desktop mac
artie505 #30802 08/13/14 10:18 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
My two cents:

My friend works with high security financial information and all of it is stored on the cloud and is accessed via a memory stick key. I don't know how it is done because it is top secret, James Bond kind of stuff.

Second, as with everything else in your home, or apartment, you should have insurance that covers REPLACEMENT value. In addition, you get stuff like liability in case anyone injures themselves on your premises, and you can get a rider for equipment that you take with you, such as a camera.

Re: Securing a desktop mac
slolerner #30812 08/14/14 09:30 PM
Joined: Aug 2009
Likes: 14
Online

Joined: Aug 2009
Likes: 14
Originally Posted By: slolerner
….as with everything else in your home, or apartment, you should have insurance...

And you should think about where you hide stuff. A security expert told me that professionals, looking for high-value, easy to carry items, go straight to the main bedroom. They know that's where they'll find all kinds of jewelry, et cetera.

He said the best place to hide those items is in a rusty tin can in the garage.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Securing a desktop mac
ryck #31245 09/22/14 02:32 AM
Joined: Sep 2009
deniro Offline OP
OP Offline

Joined: Sep 2009
Someone mentioned 1Password. Has anyone used it or any other password manager? Any opinions about them, other than the comments in the previous post? I don't like using so many IDs and passwords for web sites.

Last edited by deniro; 09/22/14 11:59 AM.
Re: Securing a desktop mac
deniro #31248 09/22/14 08:34 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
I keep mine on an excel spreadsheet, but don't leave it on the computer or any backup drive, on a CD and update the file and print it up occasionally, write updates on the printout, and then update the file now and then and make a new CD. Could use a memory stick I guess, but I like having the CD.

Someone I know mentioned creating passwords they can remember by using a number and letter password that is always the same except including the name of the website somewhere in the password, like every other letter, or some other formula. This is probably ok for websites that don't store your credit cards or access your financial information. For those, I use a separate email created for that purpose or sign in name and the passwords relate to that info, easier to remember both.

Last edited by slolerner; 09/22/14 08:36 AM. Reason: clarity
Re: Securing a desktop mac
deniro #31249 09/22/14 10:53 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
I use eWallet. It got very good reviews on the app store and it syncs with ewallet for the iPad. It was a little tricky the first time syncing to my iPad. I have no idea what eWallet Go does. As far as the technicals of how secure I can't address that as I don't have the expertise to analyze it, but it says it uses strong 256-bit AES encryption. It is easy to use and I like having all my passwords in one place and only having to remember one password. It also syncs with DropBox. Mark
Just to add as joemikeb said if you lose the master password you're in trouble.
I use with my iMac and iPad.

Last edited by MarkG; 09/22/14 02:27 PM.
Re: Securing a desktop mac
deniro #31253 09/22/14 01:06 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: deniro
Someone mentioned 1Password. Has anyone used it or any other password manager? Any opinions about them, other than the comments in the previous post? I don't like using so many IDs and passwords for web sites.

I have tried several password managers and keep coming back to 1Password. It pretty much does everything, has very flexible options for generating passwords, and can synch with my iPhone and iPad via WiFi or iCloud. One warning, if you forget the "master password" the only recovery is starting over from scratch.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Securing a desktop mac
deniro #31259 09/22/14 03:45 PM
Joined: Aug 2009
Likes: 14
Online

Joined: Aug 2009
Likes: 14
Originally Posted By: deniro
Someone mentioned 1Password. Has anyone used it or any other password manager?

I've been using Dataviz' Passwords Plus for so long I can't recall when I first started. It's been very good...easy to use, et cetera. The one drawback was that it doesn't sync my desktop iMac with my iPad...unless they've fixed that since I last asked - about 18 months ago. (I haven't checked recently)

Originally Posted By: joemikeb
[quote=deniro]Someone mentioned 1Password. .... One warning, if you forget the "master password" the only recovery is starting over from scratch.

Ditto for Passwords Plus.

Last edited by ryck; 09/22/14 03:46 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Page 1 of 2 1 2

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.043s Queries: 66 (0.030s) Memory: 0.7100 MB (Peak: 0.8913 MB) Data Comp: Zlib Server Time: 2024-03-28 08:22:21 UTC
Valid HTML 5 and Valid CSS