Secure your Apple macOS device

To prevent unwanted access to your device, it is important to secure your user account. A user account is what you use to log in to access your device. Make sure to create separate user accounts for each person in your household. Find out how to secure your user account.

To log in securely to your device, consider using the following login methods.

Biometrics

This identifies someone by physical characteristics, such as their fingerprint.

With Touch ID, you are able to set up your fingerprint to log in to your device. Biometrics are unique to you and can be difficult to copy. Combine this with a strong password.

A strong password

Use a strong and unique password, such as a passphrase.

A passphrase has 4 or more random words like ‘crystal onion clay pretzel’. They are easy for you to remember but hard for someone to guess. The longer, more random and unique the passphrase is, the more secure. Learn more about passphrases. Also, visit Apple’s website for more information on Touch ID and password settings on Mac.

You can use a reputable password manager to help you create and store your passphrases. This acts as a virtual safe for all your account login details. Learn more about password managers.

To help make sure no one can access your user account on your device, keep automatic log in set to off. Each time your device powers on, a user will have to sign in for access. Find this in Users & Groups in your system settings.

A standard user account only has partial control of a computer. An administrator (admin) account has more control. Cybercriminals can do a lot more damage if they get access to your admin account.

Set up a standard user account for everyday tasks such as web browsing, emailing or online shopping. Only use an admin account to perform admin tasks such as installing software.

Find out how to secure your user account. Visit Apple’s website for help on how to add a user or group on Mac.

You need an Apple Account to access services offered by Apple. This could include iMessage, FaceTime, iCloud, Apple Music and the App Store. Your Apple Account is separate from the user account you use to log in to your device. Visit Apple’s guide on security and your Apple Account.

Don’t share your account with others. You can use Family Sharing on your device to create accounts for up to 5 other family members. You can also set parental controls and share Apple services and purchases. Visit Apple’s website to learn more about Family Sharing.

For secure sign-in options for your Apple Account, we recommend using the following:

Two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to your accounts. It means you need 2 steps to verify your identity before you can log in. 2FA is a common form of multi-factor authentication (MFA).

You can verify your sign in using a code from a trusted Apple device like your phone. Visit Apple’s website for advice on two-factor authentication for Apple Account.

Using a security key is an optional security measure. This uses a small hardware device along with your password to log in. By using a physical security key, it provides stronger protection from targeted attacks. Visit Apple’s website to learn more about security keys for Apple Account.

A strong password

Use a different password than the one for your user account. Follow our advice about strong passwords under Secure your user account.

Note: if you use a passphrase, you need to include at least one upper case letter and number.

Make sure to keep your device up to date. Software updates give your device the most recent security features. Delaying an update could leave your device at risk.

Check that automatic updates are on for your device. In Software Update settings, you can set your device to automatically download and install updates. Some devices must be connected to power to download updates automatically. Visit Apple’s guide to keeping your Mac up to date.

Also, keep your installed apps and programs up to date. The easiest way is to turn on automatic updates. Visit Apple’s guide for using the App Store to update apps on Mac.

If your version of macOS has reached end of support, you will not get regular updates for your device. In this case, upgrade to a newer product. Also, review your installed apps and remove them if they are no longer supported. Check Apple’s list of which macOS versions are the latest.

Find out how to update your device and software.

Apple macOS includes built-in features that automatically provide protection from malware. These features work together to block malicious apps or software from running. Visit Apple’s website to learn more about protecting against malware in macOS.

You can also download third-party antivirus software to your device. It may offer better features than your built-in antivirus software. Make sure to research available products and choose a reputable provider. Learn more about antivirus software.

Make sure to download trusted software only. Follow our advice under Download apps from legitimate sources.

With regular backups, you will always have access to a recent version of your files. Decide what data is important to you and include it in your backups, such as photos, email and documents.

You can back up your device with Time Machine. Using an external storage device, it will make a separate copy of your files. Visit Apple’s website for how to back up your Mac with Time Machine.

You can also back up your data to iCloud or to a third-party cloud storage service. Not all cloud backup services work the same. Choose one that can restore deleted or older versions of files. This will help you recover your data after a cyber attack such as ransomware.

Find out how to back up your files and devices.

Lock your device whenever you leave it unattended, even if it is only for a short period. To lock your screen, press the lock button or Touch ID button on your keyboard. You can also set up hot corners. This locks your device when you move the pointer to a corner of the screen.

Make sure your devices are set to automatically lock after a short time (less than 5 minutes). Visit Apple’s website to learn how to change lock screen settings on Mac. You should also be careful of who has access to your device.

To help mitigate the risk of malware, download software only from trusted sources. Use the App Store for a large range of apps that Apple reviews and verifies as safe.

By default, your device will only allow trusted software from the internet. An admin account can bypass this restriction, but it isn’t recommended. To help stay secure, use a standard user account instead of an admin account – Don’t use an admin account for everyday use.

Visit Apple’s website for advice to safely open apps on your Mac.

Use Apple’s FileVault feature to encrypt data on your device. This security feature protects the data stored on your hard drive. It means if your device is lost or stolen, only authorised users can access your data.

Visit Apple’s website for how to protect data on your Mac with FileVault.

By default, your device will limit access to files and folders on your device. This helps to mitigate the effects of ransomware.

When an app or website wants access to your data, you can choose to allow or deny it. You can manage which apps and websites can access your important data at any time.

Visit Apple’s guide for how to control access to files and folders on Mac.

Secure Boot is a security feature for macOS that prevents malware from loading when your device powers on. Otherwise, malware could stay hidden on your device.

Check Secure Boot is enabled to allow only trusted software to run when you start up your device. This is on by default for newer macOS models with an M1 or M2 chip, or a T2 security chip.

You can find this in the Startup Security Utility settings. Visit Apple’s website for more details on Startup Security Utility on macOS.

Make sure your firewall is on. This setting can protect your device from unwanted connections over the internet. You can also manually set which apps have access through the firewall.

Doing this will also give you the ability to turn on ’stealth mode’. This makes it more difficult for hackers and malware to find your device over the internet.

Visit Apple’s website to find out how to block connections to your Mac with a firewall and use stealth mode to keep your Mac more secure.

Consider using privacy protections to help hide your activity and data from others. Especially apps you often use like your web browser or email.

Businesses often track your online activity using cookies, tracking pixels and social media icons. This includes how you interact with a website or email. Some apps may also collect details about your device and location. They often use this data to target you with ads or sell it to a third party.

Review your app’s Privacy Settings for ways to help minimise tracking of your data. Visit Apple’s website for how to guard your privacy on Mac.