An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 1 of 2 1 2 >
Topic Options
#30698 - 08/01/14 09:42 AM Securing a desktop mac
deniro Offline


Registered: 09/09/09
This may sound paranoid, but many break-ins nearby got me thinking about whether I should take steps to make my mac secure. Maybe you can afford $1000 for a new computer for two years, but I can't. I've had this one for eight.

1) Do you think I should log in/log out of my account when I startup my Mac and shut it down? I find it annoying, and since I'm the only user.

2) I've read about cables that attach to the mac, locking it to a table or something. What do you think about this?

I know laptops get stolen, but I would think my desktop is safe.

I appreciate your responses.
_________________________
OS X 10.11.6
iMac 21.5", Mid 2011
2.8 GHz Intel Core i7, 24 GB
AMD Radeon HD 6770M
Using Apple computers since 1980

Top
#30700 - 08/01/14 10:08 AM Re: Securing a desktop mac [Re: deniro]
alternaut Offline

Moderator

Registered: 08/04/09
I'm afraid you can't have it both ways: either you opt for ease of use, or for security. It's up to you to assess your risk, given your home and its security. Adding theft impediments like security cables will thwart casual or hit & run theft, but may not deter the determined burglar who manages to get in when you're out. But the age of your Mac is a deterrent by itself, because the halfway knowledgeable thief will pass it by for greener pastures...
_________________________
alternaut moderator

Top
#30701 - 08/01/14 10:19 AM Re: Securing a desktop mac [Re: deniro]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Originally Posted By: deniro

1) Do you think I should log in/log out of my account when I startup my Mac and shut it down? I find it annoying, and since I'm the only user.

I've taken to setting/enabling "Require password for for sleep and screen saver" under Security & Privacy in System Preferences. There are a number of time frames which one can choose; I chose "after 1 hour". I don't find that it's all that inconvenient. And it would foil "drive-by" thieves.
I've also disabled automatic login.

Top
#30703 - 08/01/14 11:32 AM Re: Securing a desktop mac [Re: grelber]
deniro Offline


Registered: 09/09/09
When it comes to theft, I guess I'm not just worried about the computer itself, but what I have on the hard drive. Some minor financial stuff, letters, address book, calendar, personal but not especially vital stuff, except for my passwords.
_________________________
OS X 10.11.6
iMac 21.5", Mid 2011
2.8 GHz Intel Core i7, 24 GB
AMD Radeon HD 6770M
Using Apple computers since 1980

Top
#30704 - 08/01/14 12:05 PM Re: Securing a desktop mac [Re: deniro]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
If you're worried about data, I recommend keeping good backups on external media. (You do do that already, right? Right?)
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#30705 - 08/01/14 12:21 PM Re: Securing a desktop mac [Re: deniro]
artie505 Online


Registered: 08/04/09
You've mentioned that you work with highly confidential proprietary info; how does it fit into your equation, if at all?
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#30707 - 08/01/14 12:32 PM Re: Securing a desktop mac [Re: deniro]
dianne Offline

Moderator

Registered: 08/04/09
deniro,

As regards the files on your hard drive which you do not want to be accessible to a thief, you might review and experiment with the information in: How to create a password-protected (encrypted) disk image.

My usernames, passwords, account numbers, answers to security questions, and social security numbers are accessible only through a strong password for my .sparsebundle disk image.

Special Note: Important: If you forget the password, data stored in the encrypted disk image cannot be retrieved. If you have saved the password in the keychain, the password will be available to you there.
_________________________
dianne • moderator

Back up everything you can't afford to lose – documents, mail, movies, music, photos, and other data and settings.

Top
#30709 - 08/01/14 12:51 PM Re: Securing a desktop mac [Re: dianne]
artie505 Online


Registered: 08/04/09
Originally Posted By: dianne
My usernames, passwords, account numbers, answers to security questions, and social security numbers are accessible only through a strong password for my .sparsebundle disk image.

Special Note: Important: If you forget the password, data stored in the encrypted disk image cannot be retrieved. If you have saved the password in the keychain, the password will be available to you there.

My passwords, etc. are similarly protected, but it should be noted that storing the sparse image's p/w in your keychain leaves its p/w no stronger than your keychain's, because it will be auto-entered.

In my instance, my sparse image's p/w is not stored in my keychain and is protected by a much stronger p/w, because the info it contains is far more critical. (I never allow keychain to auto-enter critical p/w's.)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#30711 - 08/01/14 01:57 PM Re: Securing a desktop mac [Re: artie505]
ganbustein Offline


Registered: 08/04/09
You can have it both ways. I have a second keychain, set to auto-lock after 5 minutes, that contains all my high-security passwords. The login keychain contains low- and medium-security passwords.

My financial records are stored in an encrypted disk image file, with a ridiculously long password. That password is stored in my high-security keychain.

When I launch an application like Quicken that wants access to my financial records, it tries to auto-open its most recent document, which through the magic of aliases causes the encrypted disk image to try to mount.

The disk image needs a password to mount, but the system notices that the password is in the high-security keychain, so it asks first for the password to that keychain. If I enter the correct password, the keychain unlocks, the disk image password is retrieved, the disk image mounts, Quicken is happy, and in short order the keychain auto-locks. (Quicken continues to be happy; the disk image's password is needed only to mount it, not to keep it mounted.)

If I don't enter the keychain password, clicking "Cancel" instead, the system says "OK, then, can you give me the password to the disk image?" If I knew it, I could enter it then.

When I'm through with Quicken, I have to remember to unmount the disk image, both to secure it again, and to let Time Machine know it's now safe to back it up. (TM will not back up a disk image, secure or not, while it's mounted.)

My login password is relatively strong, a compromise between security and convenience. I need to type it to log in, and to wake from sleep/screen saver. My high-security keychain has a much stronger password. I only need to enter it a few times per month, so brevity is not important.

Top
#30714 - 08/01/14 03:52 PM Re: Securing a desktop mac [Re: artie505]
dkmarsh Offline
Moderator

Registered: 08/04/09

Originally Posted By: artie505
You've mentioned that you work with highly confidential proprietary info; how does it fit into your equation, if at all?

Sure you're not thinking of JoBoy?
_________________________

dkmarsh • member, FineTunedMac Co-op Board of Directors

Top
#30715 - 08/01/14 04:09 PM Re: Securing a desktop mac [Re: dkmarsh]
artie505 Online


Registered: 08/04/09
That thought crossed my mind shortly after I posted, and I immediately forgot to check.

Thanks for correcting me.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#30717 - 08/01/14 06:09 PM Re: Securing a desktop mac [Re: tacit]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: tacit
If you're worried about data, I recommend keeping good backups on external media. (You do do that already, right? Right?)

I agree with Tacit about backups, but if there is any risk of losing physical control of your computer then local backups are unlikely to be of any use in data recovery because they will most likely be stolen along with the computer. A heart to heart conversation with your insurance provider would definitely be in order and they may be able to save you some money on offsite data storage.
_________________________
joemikeb • moderator

Top
#30718 - 08/01/14 11:39 PM Re: Securing a desktop mac [Re: ganbustein]
artie505 Online


Registered: 08/04/09
Originally Posted By: ganbustein
My financial records are stored in an encrypted disk image file, with a ridiculously long password. That password is stored in my high-security keychain.

If I don't enter the keychain password, clicking "Cancel" instead, the system says "OK, then, can you give me the password to the disk image?" If I knew it, I could enter it then.

My login password is relatively strong, a compromise between security and convenience. ... My high-security keychain has a much stronger password.

Isn't that scheme fallacious?

Your "ridiculously long" p/w is no stronger than the weaker, albeit "much stronger" one that unlocks your high-security keychain.

My login p/w is ridiculously weak, but there's no risk involved, because my deuced Mac(hina) is a one-person machine.

For peace-of-mind, rather than immediately necessary security, though, I use a much stronger p/w to unlock my keychain and a very significantly stronger one to unlock my sparse image.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#30734 - 08/03/14 02:50 PM Re: Securing a desktop mac [Re: artie505]
ganbustein Offline


Registered: 08/04/09
Originally Posted By: artie505
Isn't that scheme fallacious?

Your "ridiculously long" p/w is no stronger than the weaker, albeit "much stronger" one that unlocks your high-security keychain.

My login p/w is ridiculously weak, but there's no risk involved, because my deuced Mac(hina) is a one-person machine.

For peace-of-mind, rather than immediately necessary security, though, I use a much stronger p/w to unlock my keychain and a very significantly stronger one to unlock my sparse image.

It would be fallacious only if I thought the ridiculously long password was the one protecting the disk image. I know the password of the keychain is the weak link, but I chose it to be strong enough for my needs. When I created the disk image, I let the system auto-generate a password what it believed to be a maximally secure. But such passwords are actually weaker; any password you cannot remember must be written down somewhere, and is only as secure as wherever it's written. The solution to this conundrum is to write it somewhere it's protected by a password you can remember.

This is the way password managers like LastPass or 1Password are usually used. The user lets the system auto-generate unique passwords that the user never intends to ever enter or even remember. It's up to the password manager to remember them, and the strength relies on a single "good enough" password that protects the password manager's data. Using a single password to protect all the "real" passwords makes that password easier to remember, by dint of being entered more often. You get the convenience of only having to remember one password with the security of having separate passwords for separate uses.

I'm too cheap to spring for a commercial password manager. This is how I set up my own system along the same model.

Top
#30738 - 08/03/14 04:30 PM Re: Securing a desktop mac [Re: joemikeb]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
A former lover of one of my girlfriends had her house broken into and her iMac stolen, but the thief didn't take the external backup hard drive.

I keep good backups on more than one external hard drive, one of which is actually in a physically different location and accessible over the Internet. smile
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#30748 - 08/04/14 11:57 AM Re: Securing a desktop mac [Re: deniro]
jchuzi Online


Registered: 08/04/09
Loc: New York State
A lot of this may have already been discussed, but it's still worth reading How to secure and lock down your Mac.
_________________________
Jon

OS 10.14.5, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#30753 - 08/05/14 10:09 PM Re: Securing a desktop mac [Re: ganbustein]
artie505 Online


Registered: 08/04/09
OK, that makes sense. You had me worried for a moment.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#30754 - 08/05/14 10:16 PM Re: Securing a desktop mac [Re: tacit]
artie505 Online


Registered: 08/04/09
Thieves are after readily salable big bucks items, and an HDD doesn't qualify unless the thief has broken in to your home looking for info, in which case you're in more trouble than you think.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#30802 - 08/13/14 03:18 PM Re: Securing a desktop mac [Re: artie505]
slolerner Offline


Registered: 08/25/09
Loc: New York City
My two cents:

My friend works with high security financial information and all of it is stored on the cloud and is accessed via a memory stick key. I don't know how it is done because it is top secret, James Bond kind of stuff.

Second, as with everything else in your home, or apartment, you should have insurance that covers REPLACEMENT value. In addition, you get stuff like liability in case anyone injures themselves on your premises, and you can get a rider for equipment that you take with you, such as a camera.

Top
#30812 - 08/14/14 02:30 PM Re: Securing a desktop mac [Re: slolerner]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: slolerner
….as with everything else in your home, or apartment, you should have insurance...

And you should think about where you hide stuff. A security expert told me that professionals, looking for high-value, easy to carry items, go straight to the main bedroom. They know that's where they'll find all kinds of jewelry, et cetera.

He said the best place to hide those items is in a rusty tin can in the garage.
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX710 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Carbon Copy Clone on 500GB OWC Mercury OTG Pro

Top
#31245 - 09/21/14 07:32 PM Re: Securing a desktop mac [Re: ryck]
deniro Offline


Registered: 09/09/09
Someone mentioned 1Password. Has anyone used it or any other password manager? Any opinions about them, other than the comments in the previous post? I don't like using so many IDs and passwords for web sites.


Edited by deniro (09/22/14 04:59 AM)
_________________________
OS X 10.11.6
iMac 21.5", Mid 2011
2.8 GHz Intel Core i7, 24 GB
AMD Radeon HD 6770M
Using Apple computers since 1980

Top
#31248 - 09/22/14 01:34 AM Re: Securing a desktop mac [Re: deniro]
slolerner Offline


Registered: 08/25/09
Loc: New York City
I keep mine on an excel spreadsheet, but don't leave it on the computer or any backup drive, on a CD and update the file and print it up occasionally, write updates on the printout, and then update the file now and then and make a new CD. Could use a memory stick I guess, but I like having the CD.

Someone I know mentioned creating passwords they can remember by using a number and letter password that is always the same except including the name of the website somewhere in the password, like every other letter, or some other formula. This is probably ok for websites that don't store your credit cards or access your financial information. For those, I use a separate email created for that purpose or sign in name and the passwords relate to that info, easier to remember both.


Edited by slolerner (09/22/14 01:36 AM)
Edit Reason: clarity

Top
#31249 - 09/22/14 03:53 AM Re: Securing a desktop mac [Re: deniro]
MarkG Offline


Registered: 08/06/09
I use eWallet. It got very good reviews on the app store and it syncs with ewallet for the iPad. It was a little tricky the first time syncing to my iPad. I have no idea what eWallet Go does. As far as the technicals of how secure I can't address that as I don't have the expertise to analyze it, but it says it uses strong 256-bit AES encryption. It is easy to use and I like having all my passwords in one place and only having to remember one password. It also syncs with DropBox. Mark
Just to add as joemikeb said if you lose the master password you're in trouble.
I use with my iMac and iPad.


Edited by MarkG (09/22/14 07:27 AM)

Top
#31253 - 09/22/14 06:06 AM Re: Securing a desktop mac [Re: deniro]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: deniro
Someone mentioned 1Password. Has anyone used it or any other password manager? Any opinions about them, other than the comments in the previous post? I don't like using so many IDs and passwords for web sites.

I have tried several password managers and keep coming back to 1Password. It pretty much does everything, has very flexible options for generating passwords, and can synch with my iPhone and iPad via WiFi or iCloud. One warning, if you forget the "master password" the only recovery is starting over from scratch.
_________________________
joemikeb • moderator

Top
#31259 - 09/22/14 08:45 AM Re: Securing a desktop mac [Re: deniro]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: deniro
Someone mentioned 1Password. Has anyone used it or any other password manager?

I've been using Dataviz' Passwords Plus for so long I can't recall when I first started. It's been very good...easy to use, et cetera. The one drawback was that it doesn't sync my desktop iMac with my iPad...unless they've fixed that since I last asked - about 18 months ago. (I haven't checked recently)

Originally Posted By: joemikeb
[quote=deniro]Someone mentioned 1Password. .... One warning, if you forget the "master password" the only recovery is starting over from scratch.

Ditto for Passwords Plus.


Edited by ryck (09/22/14 08:46 AM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX710 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Carbon Copy Clone on 500GB OWC Mercury OTG Pro

Top
Page 1 of 2 1 2 >

Moderator:  alternaut, dianne, MacManiac