Top tips for Mac OS X security - Part 2

Filed Under: Apple, OS X, Privacy

OS X Security TipsIn the first part of this series I covered OS X tips related to physical security, in part two I will focus on the user. I will cover system security in part three.

These simple steps are things every Mac user should do. They provide a large improvement in the security of your computer and data, while imposing an imperceptibly small price.

User security

1. Be smart with your passwords

Your Password is more or less the one thing that keeps your system and your data safe from others. It makes sense to invest in making it as hard to crack as possible.

Apple provides a tool to help select a secure password called Password Assistant. To use the Password Assistant open System Preferences -> System -> Accounts -> Create a user or Change Password -> Click the key icon.

OS X password change dialog

The Password Assistant provides several options to help you generate a password (Memorable, Letters & Numbers, Numbers Only, Random, FIPS-181 compliant), or you can manually enter a password.

Whichever you choose Password Assistant will show you the Quality (or strength) of your password. Watch this video for advice on choosing a complex password you can remember.

2. Securing your Keychain

It is a good idea to make sure that your Keychain has a different password to that of your user account.

The Keychain stores internet passwords, SSL Certificates, notes and more in a nice convenient encrypted store. By default your Keychain has the same password as your user account, which is great as it means your Keychain automatically unlocks and allows any running application to request data from it!

Its like SSO (Single Sign On) gone bad. . . Changing your Keychain password will mean that when an application wants some data you will have to enter your Keychain password.

Change Keychain password menu optionThis is a little inconvenient but means that anyone that cracks your account password doesn't get instant access to everything in your Keychain, and that you will know whenever an application is trying to gain access to your secured data.

To change your Keychain password open up the Keychain Access application in the Utilities directory. Then click on the Edit menu and select Change Password for Keychain "login".

3. Never run as an administrative account

Got root?If you talk to any Linux or Unix user you will quickly find out that they rarely login as a user that has administrative privileges. The reason for this? If your account is compromised, the attacker has only gained access to your data, but hasn't gained access to the entire system.

Running as a normal user on any operating system is a sensible thing, and OS X is no different.

Make your everyday account a Standard user, and then authenticate as an Admin account when the system requests it.


Combined with my physical security tips, securing your user profile is a critical part of having a happy and secure Mac. It goes without saying that you should run anti-virus on your Mac as well.

If you are a home user you can get Sophos Anti-Virus for Mac Home Edition for free! Come back to Naked Security soon for the final part in this series system security.

, , , , , ,

You might like

5 Responses to Top tips for Mac OS X security - Part 2

  1. Dave · 1706 days ago

    Regarding not running as admin. If you are running as a non-admin is there a way to switch to the admin user for just that task (without logging out as one and in as the other).

    It seems that in OSX (when logged in as an admin user) some administrative tasks still require entering the admin password but installing software doesn't WTF?

  2. Steve · 1706 days ago

    Use sudo to perform administrative tasks, for instance: sudo vi /etc/hosts.

  3. Dave · 1705 days ago

    What about tasks that are done via the GUI?

  4. Peter · 1688 days ago

    When you have to perform a task via the GUI needing administrative privileges OSX will pop-up a login screen to type an administrative user name and password. This happens when you install a program, or alter any setting in system preferences.

    There are only a very few programs that have faulty installer that would need you to log off and log in as admin. (I know only one, but since that is written in Java I installed it from command line copying jar files.)

  5. Dana · 1681 days ago

    So, when creating a standard user do NOT check the box "Allow user to administer this computer?" I will be asked to authenticate the user as Admin when the necessity arises??

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Ben Jupp is a Senior Technical Specialist for Sophos based our of their Vancouver offices. He lives and breathes all things Mac, Linux and Unix.