how to secure personal info on your mac in case it gets stolen?

[macgig]

I have a password protected word file with every username and password I use. including paypal and my bank login info. if my mac gets stolen, someone could just drag the file to textedit to open it, no password required.

their must be a better way to store this personal data so it's safe in case my mac gets stolen? would keychain be a good place or is their something better I should be doing to protect this data?

thanks.

 

[chscag]

There are several ways to secure your data in the event your Mac gets stolen:

1. Encryption (use FileVault)

2. A secure password manager (we recommend 1Password)

I'm sure there are other ways, but those come to mind and are the easiest to implement.

 

[Randy B. Singer]

I have a password protected word file with every username and password I use. including paypal and my bank login info. if my mac gets stolen, someone could just drag the file to textedit to open it, no password required.

their must be a better way to store this personal data so it's safe in case my mac gets stolen?

OS X includes the ability to encrypt files and folders, for free. It is part of the included Disk Utility Program. Disk Utility allows you to create what are known as "password-protected encrypted disk images." The encryption is so secure, even the U.S. government wouldn't be able to break into your files.

Encrypted disk image files are really easy to create and use.

To make a password-ed ".dmg" file (an encrypted archive file that you can *
open with a simple double-click and entry of the password) from an existing folder full of files that you want to protect, just do this*
(these instructions differ a bit depending on which version of OS X you are using):

• Open Disk Utility (it is located in your Utilities folder, which is *
in your Applications folder)
• File --> New --> Disk Image from Folder —> Image
• Select the folder,*
• Select Image Format: read/write,
• Select encryption (128-bit AES will do)
• Choose a unique password

Do NOT click "remember my password in keychain"! (That would allow *
others using your computer to open the archive.)

One very important note:
DO NOT forget your password. *If you do, your data is toast. *There is no way that I know of to recover a forgotten password.

Apple instructions for this:
http://support.apple.com/en-us/HT201599

And that's it! Now you have a whatevernameyouwant.dmg file that can't
be viewed, opened or edited by anyone but those who know the password.

http://www.macissues.com/2014/09/12/how-to-secure-individual-private-files-in-os-x/#more-1964

Adding new documents to the disk image isn't much different than
opening a folder and dropping additional documents into the folder.
Double-click on the disk image, enter your password and click Okay,
and the decrypted disk image appears as a new icon on the desktop.
You use it just like you would an attached flash drive or hard drive.
Click Eject in the disk image's window when you are done and it re-
encrypts and closes.

http://www.macissues.com/2014/04/06/built-in-options-for-encrypting-data-on-your-mac/

If you create a disk image file using the method outlined above, the
resulting disk image will have a limited size (sort of like a small
flash drive), and so you will only be allowed to add a limited amount
of new data to it before it is full. If you would prefer to create a
larger disk image, with as much free space as you would like for
adding more stuff, modify my previous instructions by choosing "Blank
Disk Image" instead of "Disk Image from Folder". You can then specify
the size of the disk image that you want to create. Copy all of your
stuff into it that you like, and then click on Eject in the Disk
Image window in the Finder.

it's all much easier to do than it sounds, and is very quick and
convenient.

Or, if you want to make things easier yet, use this free utility instead of Disk Utility to create encrypted disk images:

DMGConverter (free)
http://sunsky3s.s41.xrea.com/dmgconverter/index.html

 

[Rod]

This is the method I use, you can also make it larger than the preset limits ( mine is 10Gb ). As shown here http://www.macissues.com/2014/04/04/about-disk-image-file-format-options/


Sent from my iPhone using Mac Forums

 

[IWT]

Wonderfully clear, Randy. Thanks. Would have given you the thumbs-up, but I have to spread it around first.

Ian

 

[macgig]

thanks for the help. Never used FileVault before, I heard in snow leopard there were issues with file vault so I never tried it. Im using El Capitan now so maybe it's better? I like the disk utility idea. I had forgot that disk utility can do that. thanks for your help everyone.

 

[macgig]

also noticed ive been using stickies to store personal data. probably not a good idea since it can be viewed, if the mac got stolen and someone was able to get the password to log into the user account. maybe I'm being a little too worried about this? I dunno.

 

[yogi]

I also quote my own post from while ago on securing device access:

• Device Passcodes: I use long, diceware-style device passcodes for my Mac, iPhone, Apple Watch and iPad. This is the first line of defense and in the case of iOS devices, these codes also encrypt the disk. Using Touch ID makes having these long passcodes bearable. On Apple Watch, I have a 7-digit code.
• File Vault: On the Mac, I have FileVault enabled, which encrypts my startup disk.
• Reduced privileges: I never use my Mac as an Admin. I use it with a newly created, regular non-Admin user, and enter the Admin password when required. This is the second line of (minimal) defence if the attacker were to obtain physical access with the objective of installing malicious software or doing anything malicious with the file system.
• Touch ID-enabled apps: I enable Touch ID for almost all apps that contain sensitive data when available. This applies to my banking app, my messaging (more below), cloud storage apps, Day One Journal, 1Password, MyFitnessPal, Stocard, etc.
• Disable Lock Screen Access: I've disabled Siri, Notification Center and Control Center from the Lock Screen of my iOS devices. Siri has known to have certain bugs that allow access to the system, and I don't want an attacker to be able to turn off wifi, execute workflows from notification center or even just read my messages.

Granted, these apply to iOS as well, but there are similar concepts on the Mac to protect against (Lock screen notifications, for example).

For storing your critical data, I would strongly recommend 1Password​. It encrypts your logins for many sites, helps create unique long passwords that you don't have to remember and allows you to securely sync all this across iPhones, iPads and Macs. Works great for families sharing passwords, too.

The full post on personal security: http://www.mac-forums.com/security-awareness/333699-lockdown-thermonuclear-security.html

 

[Ember1205]

Please understand this about file / folder encryption:

It only works with the machine either OFF or at least you NOT LOGGED IN.

Please understand this about full disk encryption:

It only works with the machine OFF.


Why do I mention this? Because these technologies are intended for what is called Data at Rest. Once you boot the machine and provide the "key" to unlock the disk, it's unlocked. Once you log in with your password, you've provided the "key" to unlock your files/folders. Putting the machine to sleep would require ONLY that someone hack your user-level password to gain access to everything.

The only data storage area that can't be hacked is your brain. Learn to memorize your passwords, and use mnemonics to create passwords.

I recommend breaking down your password into one of three categories, and letting the category drive the strength.

Anything financial gets the highest strength and most often change interval. Complete uniqueness across all sites - no two the same.
Moderate security gets used for anything TIED to a financial account like an email account or similar. Maybe the same PW used across multiple accounts, change with some frequency.
"Everything else". Online forums (like this) can use whatever and even be the same as each other. They don't really allow you to get anything other than an email address by hacking them.

When you create passwords using mnemonics, they become significantly easier to remember. T1TpFmCcA isn't easy to remember. But, This is the password for my credit card account is. Use the first letter of each word, and use numbers in place of letters where appropriate. i=1, e=3, a=@, etc.

 

[Dysfunction]

Use the first letter of each word, and use numbers in place of letters where appropriate. i=1, e=3, a=@, etc.

I would never recommend this. Substitution of special characters or numbers for letters is far too easy. Most password cracking tools have these patterns addressed in their algorithms.

 

[Rod]

I prefer the use of sentences myself. A phrase like, "I like two fish too" can have a number of variations such as "ILike2FishToo" it is easy to remember, has 13 characters and is comprised of upper and lower case letters and a number.

 

[Ember1205]

I would never recommend this. Substitution of special characters or numbers for letters is far too easy. Most password cracking tools have these patterns addressed in their algorithms.

For words, numeric replacements are accounted for. NOT for mnemonics.

 

[Randy B. Singer]

Or, if you want to make things easier yet, use this free utility instead of Disk Utility to create encrypted disk images:

DMGConverter (free)
http://sunsky3s.s41.xrea.com/dmgconverter/index.html

I realize that creating encrypted disk images isn't dead easy. Even if you use DMGConverter it isn't dead easy as there are a number of settings that you have to deal with.

Very recently I found something that makes it dead easy! In fact, the interface for the utility is so simple, it reminds me of software written with the oversight of Steve Jobs. There is one window, you drag files or folders onto it to encrypt them. Or, you drag encrypted files or folders to the window to de-crypt them. Couldn't be easier. You lose some of the features available in Disk Utility or DMGConverter, but most folks probably won't miss them. Here it is:

Crypt3 (free)
https://itunes.apple.com/us/app/crypt3/id413756594?mt=12

 

[IWT]

Thanks Randy. Very useful info.

Ian

 

[Cr00zng]

I have a password protected word file with every username and password I use. including paypal and my bank login info. if my mac gets stolen, someone could just drag the file to textedit to open it, no password required.

their must be a better way to store this personal data so it's safe in case my mac gets stolen? would keychain be a good place or is their something better I should be doing to protect this data?

thanks.

If you referring to MS Word 2011, or later for the Mac, texedit will show scrambled text. Since 2007, Word utilizes AES 128-bit encryption with SHA-1 hash. Word 2013 utilizes AES 256-bit encryption and SHA-1 hash. At present time there is no software that can break this encryption. Obviously, if someone gets a hold of the word file password, or guesses right, the content of the file will be decrypted.

PS:This posting is just for the record... Others suggested a number of good solutions for protecting confidential data...

 

[ManoaHi]

I would also recommend password protecting your firmware, so no one can boot via other means (Optical media, USB, network, etc.), without the password:
https://support.apple.com/en-us/HT204455 - For Intel Macs
https://support.apple.com/en-us/HT1352 - For Power PC Macs

 

[Cr00zng]

Just curious...

The firmware (EFI) password is pretty much equivalent to EUFI on the PC side, except that it is easier to reset on the PC side. Correct?

If it is, the drive should be encrypted or alternatively just folders and/or files. Otherwise, the drive could be mounted in an other system and the data accessed.

More curiosity...

If you mount a OSX drive from one Mac to another, possibly different Apple hardware, will OSX boot up in the new Mac?

 

[pm-r]

If you referring to MS Word 2011, or later for the Mac, texedit will show scrambled text. Since 2007, Word utilizes AES 128-bit encryption with SHA-1 hash. Word 2013 utilizes AES 256-bit encryption and SHA-1 hash. At present time there is no software that can break this encryption. Obviously, if someone gets a hold of the word file password, or guesses right, the content of the file will be decrypted.

PS:This posting is just for the record... Others suggested a number of good solutions for protecting confidential data...

I was about to add a similar comment, that no text editor is going to be able to show the readable contents of such a file, google it if you like:
https://www.google.com/search?clien...assword+protected+word+file&ie=UTF-8&oe=UTF-8

 

[Slydude]

Just curious...

If you mount a OSX drive from one Mac to another, possibly different Apple hardware, will OSX boot up in the new Mac?

Maybe / Maybe not it depends upon how much hardware difference there is between the two Macs and to some extent the software involved. The El Capitan installation in my MacBook Pro will probably boot the iMac I cannot take my Yosemite backup and boot that same iMac because Yosemite pre-dates that iMac.

 

[SmartMule]

I was working and running an eCommerce business at home and had TONS of passwords. It was driving me crazy. I finally started using LastPass -- the paid version was only about $13.00 a year and only needed if you wanted to run it on your iPhone. You can set it up so that, on a "safe" computer you can leave it set to log in to sites you use all of the time and leave it running. If you quit the program, you will need the master password to open it again -- that is the biggie -- don't EVER forget your master password. I like LastPass because I can log into it from anywhere -- i.e. if I need passwords at a remote site, I can log in via browser. I can also load the app into Firefox, Chrome, etc. I have found it to be quite helpful. I am sure there are many that are just as good but this is what I started using and... I like it!!