Top tips for Mac OS X security – Part 2

OS X Security TipsIn the first part of this series I covered OS X tips related to physical security, in part two I will focus on the user. I will cover system security in part three.

These simple steps are things every Mac user should do. They provide a large improvement in the security of your computer and data, while imposing an imperceptibly small price.

User security

1. Be smart with your passwords

Your Password is more or less the one thing that keeps your system and your data safe from others. It makes sense to invest in making it as hard to crack as possible.

Apple provides a tool to help select a secure password called Password Assistant. To use the Password Assistant open System Preferences -> System -> Accounts -> Create a user or Change Password -> Click the key icon.

OS X password change dialog

The Password Assistant provides several options to help you generate a password (Memorable, Letters & Numbers, Numbers Only, Random, FIPS-181 compliant), or you can manually enter a password.

Whichever you choose Password Assistant will show you the Quality (or strength) of your password. Watch this video for advice on choosing a complex password you can remember.

2. Securing your Keychain

It is a good idea to make sure that your Keychain has a different password to that of your user account.

The Keychain stores internet passwords, SSL Certificates, notes and more in a nice convenient encrypted store. By default your Keychain has the same password as your user account, which is great as it means your Keychain automatically unlocks and allows any running application to request data from it!

Its like SSO (Single Sign On) gone bad. . . Changing your Keychain password will mean that when an application wants some data you will have to enter your Keychain password.

Change Keychain password menu optionThis is a little inconvenient but means that anyone that cracks your account password doesn’t get instant access to everything in your Keychain, and that you will know whenever an application is trying to gain access to your secured data.

To change your Keychain password open up the Keychain Access application in the Utilities directory. Then click on the Edit menu and select Change Password for Keychain “login”.

3. Never run as an administrative account

Got root?If you talk to any Linux or Unix user you will quickly find out that they rarely login as a user that has administrative privileges. The reason for this? If your account is compromised, the attacker has only gained access to your data, but hasn’t gained access to the entire system.

Running as a normal user on any operating system is a sensible thing, and OS X is no different.

Make your everyday account a Standard user, and then authenticate as an Admin account when the system requests it.


Combined with my physical security tips, securing your user profile is a critical part of having a happy and secure Mac. It goes without saying that you should run anti-virus on your Mac as well.

If you are a home user you can get Sophos Anti-Virus for Mac Home Edition for free! Come back to Naked Security soon for the final part in this series system security.