PDA

View Full Version : how to secure personal info on your mac in case it gets stolen?



macgig
06-24-2016, 09:29 PM
I have a password protected word file with every username and password I use. including paypal and my bank login info. if my mac gets stolen, someone could just drag the file to textedit to open it, no password required.

their must be a better way to store this personal data so it's safe in case my mac gets stolen? would keychain be a good place or is their something better I should be doing to protect this data?

thanks.

chscag
06-24-2016, 10:41 PM
There are several ways to secure your data in the event your Mac gets stolen:

1. Encryption (use FileVault)

2. A secure password manager (we recommend 1Password)

I'm sure there are other ways, but those come to mind and are the easiest to implement.

Randy B. Singer
06-25-2016, 06:56 AM
I have a password protected word file with every username and password I use. including paypal and my bank login info. if my mac gets stolen, someone could just drag the file to textedit to open it, no password required.

their must be a better way to store this personal data so it's safe in case my mac gets stolen?

OS X includes the ability to encrypt files and folders, for free. It is part of the included Disk Utility Program. Disk Utility allows you to create what are known as "password-protected encrypted disk images." The encryption is so secure, even the U.S. government wouldn't be able to break into your files.

Encrypted disk image files are really easy to create and use.

To make a password-ed ".dmg" file (an encrypted archive file that you can *
open with a simple double-click and entry of the password) from an existing folder full of files that you want to protect, just do this*
(these instructions differ a bit depending on which version of OS X you are using):

Open Disk Utility (it is located in your Utilities folder, which is *
in your Applications folder)
File --> New --> Disk Image from Folder > Image
Select the folder,*
Select Image Format: read/write,
Select encryption (128-bit AES will do)
Choose a unique password

Do NOT click "remember my password in keychain"! (That would allow *
others using your computer to open the archive.)

One very important note:
DO NOT forget your password. *If you do, your data is toast. *There is no way that I know of to recover a forgotten password.

Apple instructions for this:
http://support.apple.com/en-us/HT201599

And that's it! Now you have a whatevernameyouwant.dmg file that can't
be viewed, opened or edited by anyone but those who know the password.

http://www.macissues.com/2014/09/12/how-to-secure-individual-private-files-in-os-x/#more-1964

Adding new documents to the disk image isn't much different than
opening a folder and dropping additional documents into the folder.
Double-click on the disk image, enter your password and click Okay,
and the decrypted disk image appears as a new icon on the desktop.
You use it just like you would an attached flash drive or hard drive.
Click Eject in the disk image's window when you are done and it re-
encrypts and closes.

http://www.macissues.com/2014/04/06/built-in-options-for-encrypting-data-on-your-mac/

If you create a disk image file using the method outlined above, the
resulting disk image will have a limited size (sort of like a small
flash drive), and so you will only be allowed to add a limited amount
of new data to it before it is full. If you would prefer to create a
larger disk image, with as much free space as you would like for
adding more stuff, modify my previous instructions by choosing "Blank
Disk Image" instead of "Disk Image from Folder". You can then specify
the size of the disk image that you want to create. Copy all of your
stuff into it that you like, and then click on Eject in the Disk
Image window in the Finder.

it's all much easier to do than it sounds, and is very quick and
convenient.

Or, if you want to make things easier yet, use this free utility instead of Disk Utility to create encrypted disk images:

DMGConverter (free)
http://sunsky3s.s41.xrea.com/dmgconverter/index.html

Rod Sprague
06-25-2016, 07:23 AM
This is the method I use, you can also make it larger than the preset limits ( mine is 10Gb ). As shown here http://www.macissues.com/2014/04/04/about-disk-image-file-format-options/


Sent from my iPhone using Mac Forums

IWT
06-25-2016, 08:13 AM
Wonderfully clear, Randy. Thanks. Would have given you the thumbs-up, but I have to spread it around first.

Ian

macgig
06-25-2016, 08:41 AM
thanks for the help. Never used FileVault before, I heard in snow leopard there were issues with file vault so I never tried it. Im using El Capitan now so maybe it's better? I like the disk utility idea. I had forgot that disk utility can do that. thanks for your help everyone. :)

macgig
06-25-2016, 09:17 AM
also noticed ive been using stickies to store personal data. probably not a good idea since it can be viewed, if the mac got stolen and someone was able to get the password to log into the user account. maybe I'm being a little too worried about this? I dunno.

yogi
06-27-2016, 08:01 AM
I also quote my own post from while ago on securing device access:




Device Passcodes: I use long, diceware-style device passcodes for my Mac, iPhone, Apple Watch and iPad. This is the first line of defense and in the case of iOS devices, these codes also encrypt the disk. Using Touch ID makes having these long passcodes bearable. On Apple Watch, I have a 7-digit code.
File Vault: On the Mac, I have FileVault enabled, which encrypts my startup disk.
Reduced privileges: I never use my Mac as an Admin. I use it with a newly created, regular non-Admin user, and enter the Admin password when required. This is the second line of (minimal) defence if the attacker were to obtain physical access with the objective of installing malicious software or doing anything malicious with the file system.
Touch ID-enabled apps: I enable Touch ID for almost all apps that contain sensitive data when available. This applies to my banking app, my messaging (more below), cloud storage apps, Day One Journal, 1Password, MyFitnessPal, Stocard, etc.
Disable Lock Screen Access: I've disabled Siri, Notification Center and Control Center from the Lock Screen of my iOS devices. Siri has known to have certain bugs that allow access to the system, and I don't want an attacker to be able to turn off wifi, execute workflows from notification center or even just read my messages.



Granted, these apply to iOS as well, but there are similar concepts on the Mac to protect against (Lock screen notifications, for example).

For storing your critical data, I would strongly recommend 1Password​. It encrypts your logins for many sites, helps create unique long passwords that you don't have to remember and allows you to securely sync all this across iPhones, iPads and Macs. Works great for families sharing passwords, too.

The full post on personal security: http://www.mac-forums.com/security-awareness/333699-lockdown-thermonuclear-security.html

Ember1205
06-27-2016, 01:48 PM
Please understand this about file / folder encryption:

It only works with the machine either OFF or at least you NOT LOGGED IN.

Please understand this about full disk encryption:

It only works with the machine OFF.


Why do I mention this? Because these technologies are intended for what is called Data at Rest. Once you boot the machine and provide the "key" to unlock the disk, it's unlocked. Once you log in with your password, you've provided the "key" to unlock your files/folders. Putting the machine to sleep would require ONLY that someone hack your user-level password to gain access to everything.

The only data storage area that can't be hacked is your brain. Learn to memorize your passwords, and use mnemonics to create passwords.

I recommend breaking down your password into one of three categories, and letting the category drive the strength.

Anything financial gets the highest strength and most often change interval. Complete uniqueness across all sites - no two the same.
Moderate security gets used for anything TIED to a financial account like an email account or similar. Maybe the same PW used across multiple accounts, change with some frequency.
"Everything else". Online forums (like this) can use whatever and even be the same as each other. They don't really allow you to get anything other than an email address by hacking them.

When you create passwords using mnemonics, they become significantly easier to remember. T1TpFmCcA isn't easy to remember. But, This is the password for my credit card account is. Use the first letter of each word, and use numbers in place of letters where appropriate. i=1, e=3, a=@, etc.

Dysfunction
06-28-2016, 05:36 AM
Use the first letter of each word, and use numbers in place of letters where appropriate. i=1, e=3, a=@, etc.

I would never recommend this. Substitution of special characters or numbers for letters is far too easy. Most password cracking tools have these patterns addressed in their algorithms.

Rod Sprague
06-28-2016, 06:55 AM
I prefer the use of sentences myself. A phrase like, "I like two fish too" can have a number of variations such as "ILike2FishToo" it is easy to remember, has 13 characters and is comprised of upper and lower case letters and a number.

Ember1205
06-28-2016, 11:08 AM
I would never recommend this. Substitution of special characters or numbers for letters is far too easy. Most password cracking tools have these patterns addressed in their algorithms.

For words, numeric replacements are accounted for. NOT for mnemonics.

Randy B. Singer
06-28-2016, 09:25 PM
Or, if you want to make things easier yet, use this free utility instead of Disk Utility to create encrypted disk images:

DMGConverter (free)
http://sunsky3s.s41.xrea.com/dmgconverter/index.html

I realize that creating encrypted disk images isn't dead easy. Even if you use DMGConverter it isn't dead easy as there are a number of settings that you have to deal with.

Very recently I found something that makes it dead easy! In fact, the interface for the utility is so simple, it reminds me of software written with the oversight of Steve Jobs. There is one window, you drag files or folders onto it to encrypt them. Or, you drag encrypted files or folders to the window to de-crypt them. Couldn't be easier. You lose some of the features available in Disk Utility or DMGConverter, but most folks probably won't miss them. Here it is:

Crypt3 (free)
https://itunes.apple.com/us/app/crypt3/id413756594?mt=12

IWT
06-29-2016, 08:30 AM
Thanks Randy. Very useful info.

Ian

Cr00zng
07-08-2016, 09:12 AM
I have a password protected word file with every username and password I use. including paypal and my bank login info. if my mac gets stolen, someone could just drag the file to textedit to open it, no password required.

their must be a better way to store this personal data so it's safe in case my mac gets stolen? would keychain be a good place or is their something better I should be doing to protect this data?

thanks.

If you referring to MS Word 2011, or later for the Mac, texedit will show scrambled text. Since 2007, Word utilizes AES 128-bit encryption with SHA-1 hash. Word 2013 utilizes AES 256-bit encryption and SHA-1 hash. At present time there is no software that can break this encryption. Obviously, if someone gets a hold of the word file password, or guesses right, the content of the file will be decrypted.

PS:This posting is just for the record... Others suggested a number of good solutions for protecting confidential data...

ManoaHi
07-08-2016, 03:05 PM
I would also recommend password protecting your firmware, so no one can boot via other means (Optical media, USB, network, etc.), without the password:
https://support.apple.com/en-us/HT204455 - For Intel Macs
https://support.apple.com/en-us/HT1352 - For Power PC Macs

Cr00zng
07-08-2016, 07:34 PM
Just curious...

The firmware (EFI) password is pretty much equivalent to EUFI on the PC side, except that it is easier to reset on the PC side. Correct?

If it is, the drive should be encrypted or alternatively just folders and/or files. Otherwise, the drive could be mounted in an other system and the data accessed.

More curiosity...

If you mount a OSX drive from one Mac to another, possibly different Apple hardware, will OSX boot up in the new Mac?

pm-r
07-08-2016, 08:36 PM
If you referring to MS Word 2011, or later for the Mac, texedit will show scrambled text. Since 2007, Word utilizes AES 128-bit encryption with SHA-1 hash. Word 2013 utilizes AES 256-bit encryption and SHA-1 hash. At present time there is no software that can break this encryption. Obviously, if someone gets a hold of the word file password, or guesses right, the content of the file will be decrypted.

PS:This posting is just for the record... Others suggested a number of good solutions for protecting confidential data...


I was about to add a similar comment, that no text editor is going to be able to show the readable contents of such a file, google it if you like:
https://www.google.com/search?client=safari&rls=en&q=what+can+open+a+password+protected+word+file&ie=UTF-8&oe=UTF-8

Slydude
07-08-2016, 09:36 PM
Just curious...

If you mount a OSX drive from one Mac to another, possibly different Apple hardware, will OSX boot up in the new Mac?
Maybe / Maybe not it depends upon how much hardware difference there is between the two Macs and to some extent the software involved. The El Capitan installation in my MacBook Pro will probably boot the iMac I cannot take my Yosemite backup and boot that same iMac because Yosemite pre-dates that iMac.

SmartMule
07-08-2016, 10:41 PM
I was working and running an eCommerce business at home and had TONS of passwords. It was driving me crazy. I finally started using LastPass -- the paid version was only about $13.00 a year and only needed if you wanted to run it on your iPhone. You can set it up so that, on a "safe" computer you can leave it set to log in to sites you use all of the time and leave it running. If you quit the program, you will need the master password to open it again -- that is the biggie -- don't EVER forget your master password. I like LastPass because I can log into it from anywhere -- i.e. if I need passwords at a remote site, I can log in via browser. I can also load the app into Firefox, Chrome, etc. I have found it to be quite helpful. I am sure there are many that are just as good but this is what I started using and... I like it!!

pm-r
07-08-2016, 11:15 PM
I was working and running an eCommerce business at home and had TONS of passwords. It was driving me crazy. I finally started using LastPass

Hmmm…??? Other comments differ I'd suggest…
At least this wasn't SPAM considering it was for a freebie… ;)
https://www.macupdate.com/app/mac/34151/lastpass

Cr00zng
07-09-2016, 10:32 AM
Maybe / Maybe not it depends upon how much hardware difference there is between the two Macs and to some extent the software involved. The El Capitan installation in my MacBook Pro will probably boot the iMac I cannot take my Yosemite backup and boot that same iMac because Yosemite pre-dates that iMac.
Thanks Sly...

Slydude
07-09-2016, 12:42 PM
You're welcome HTH.

Alwyn
07-11-2016, 01:45 PM
I am puzzled by the initial query. Personally, I use more secure passwords for banking etc whereas for this forum a simple one. When asked if I want to I save user name and password the first time I access a secure site. I also have a password to open my iMac. The only way somebody would be able to access the saved user names or passwords would be if they knew that 'master password' or the 4 figure password to open my iOS devices. In case you don't already know where to find these saved user names and passwords in OSX they can be found in Preferences in Safari and can be revealed by entering your 'master password' again or in iOS in Safari in Settings.

It may be that others think that this is not very secure. I do also have an Open Office Writer file with hints in it.

Rod Sprague
07-30-2016, 12:23 AM
Randy I just created a password protected .dmg folder using the new version of Disk Utility on El Capitan and I timed myself. It took 38 sec. And that included loading a file into it, closing it, ejecting it and reopening with password.

Randy B. Singer
07-30-2016, 05:13 AM
Randy I just created a password protected .dmg folder using the new version of Disk Utility on El Capitan and I timed myself. It took 38 sec. And that included loading a file into it, closing it, ejecting it and reopening with password.

Okay, good!

Are you trying to say that doing the job in Disk Utility is so quick and easy that a third party utility isn't even required? If you are, I can't argue with that. You should use the method that you are most comfortable with.

Rod Sprague
07-30-2016, 06:36 AM
Well, I haven't had to create one since Mavericks so I thought there may be something more difficult about it with the current version of Disk Utility but if anything it's faster, so I suppose that is what I'm saying, unless a third party app offers additional features or options.

Randy B. Singer
07-30-2016, 07:08 AM
Well, I haven't had to create one since Mavericks so I thought there may be something more difficult about it with the current version of Disk Utility but if anything it's faster, so I suppose that is what I'm saying, unless a third party app offers additional features or options.

I think that most folks will find Crypt 3:

https://itunes.apple.com/us/app/crypt3/id413756594?mt=12

to be faster and easier to use, and less intimidating (i.e. there are fewer steps that require some thought). And since Crypt 3 is free, I recommend that folks give it a try.