by Eric Olson | Twitter.com/thefndtn
Have you ever wandered away from your Mac, only to start worrying about what you left up on the screen? A spreadsheet, a sensitive email, an employee evaluation? Even worse, think about the contents of you entire computer resting unrestricted in the wrong person’s hands – not a pretty picture, but only a lost or stolen computer away from reality. The following is a brief survey of some techniques and products available to keep your private data away from prying eyes.
First, turn off Automatic Logon. If you are not required to enter a password before you see your desktop, nothing will stop even the most casual snoop. Think of it as removing the lock from the front door on your home. Turn off automatic logon in the Accounts preference pane, click the Login Options icon, and change the Automatic Login option to Off (you may have to click the padlock icon and enter your username and password to access this setting.) Setting the “Display login window as:” to “List of users” is fine, but to require entering both username and password, select “Name and Password.”
To address the untended computer situation, think about locking your screen saver. First, in the Desktop & Screen Saver preference pane, set the “Start Screen Saver” setting to a short interval – five minutes or so. Second, in the Security preference pane, check the box for “Require password after sleep or screen saver begins”. After that, your Mac will be password protected while you’re away.
Ok, so we have prevented easy access to your Mac, but anyone can remove your hard disk, or connect your Mac to another and easily view or copy your files. To really protect them, we need to encrypt them. Encryption essentially scrambles the contents of files, and they can only be successfully unscrambled with the correct password. Next, we’ll discuss some effective encryption tools.
Need a safe place to store all of your passwords, codes, credit card and bank account numbers? A Word or Excel document is not the place. Consider getting a password manager that stores your information in an encrypted format. You’ll need a password to access your data, and even the most sophisticated hacker won’t be able to get to them. There are many out there, from free to pricey, but I’ve had good luck with SecretBox and 1Password. SecretBox is a simple password manager with built-in formats for different types of private data. 1Password combines security and convenience by integrating directly into your web browser to make logging into your password protected web sites a one-keystroke one-password affair.
If you need to protect a large chunk of your files – perhaps your financial records, you can encrypt files and folders in an encrypted disk image. If you have ever installed software, you have probably opened a .dmg file which mounts on your desktop like a CD or hard drive. An encrypted disk image is a .dmg, but one that is inaccessible without a password. You can create an encrypted disk image with Apple’s Disk Utility (in the Utilities folder), and then just move files and folders into it. Use the files as you would any file on removable media, then eject the disk image to lock it away safely. Apple provides step-by-step instructions. For an application that makes the creating and using encrypted images super easy, try Knox from the creators of 1Password.
To encrypt your entire Home directory (Documents, desktop, mail, pictures, music) consider the built-in FileVault feature available in the Security preference pane. After you log in, your files will be decrypted and encrypted as you use them. It might be overkill to encrypt your iTunes library, but some people might not want it known that all they listen to is Cheech and Chong.
With any of these encryption solutions, remember that forgetting the master password means losing everything that is encrypted. Not even the techs at The Foundation will be able to recover your data without it. Also, just because your data is secure from prying eyes, does not mean it is secure from hardware failure or loss. Backup remains critical, and some of the methods above will require special consideration for backup. The Foundation techs can help with any of your encryption or backup needs. Just give us a call at (612) 465-0700. More on this in a future article.
