macOS privacy and security settings: Medium level

Learn how to change your privacy and security settings on macOS. These steps adjust your computer privacy and security settings to Medium level protection.
Kaspersky Lab
15.10.2021
10 minutes
Change settings
Privacy level
Choose
Platform
Choose
What are we setting up here?
Choose
ApplyCancel

How to protect your Mac

open all


Create a strong Mac password!

What for: So you do not get hacked.

If you use a short or easy-to-guess password, hackers will be able to crack it and gain access to your computer. A long and complex password is more secure. A strong password complies with the following policies:

  • Is at least 8 characters long;
  • Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.);
  • Is not an actual word or easy-to-guess phrase;
  • Is not the same as for any other account, including your Apple ID login credentials;
  • Does not consist of information that strangers could easily find out (your name, date of birth, pet's name, and so forth — or those of your friends or relatives).

To change your current password:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Users & Groups section.
  4. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  5. Press Change Password button;
  6. In the window that opens, enter the current password and then enter the new one. If necessary, create a hint in case you forget the password.
  7. Press Change Password button.

Configure automatic locking

What for: To prevent strangers from gaining access to your Apple device while you are away.

If you are not using the computer for a certain amount of time, macOS can lock it. In this case, the screen will show a login window and you will have to enter your password again to continue working on the computer. The sooner the computer is locked, the less chance that someone else will be able to use it.

To configure the time to wait before locking the computer:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Security & Privacy settings;
  4. Select the General tab;
  5. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  6. Click Advanced... in the lower right corner;
  7. In the window that opens, check the box on the left of Log out after … minutes of inactivity and set the required time interval.
  8. Click OK.

You can also configure Mac to lock when it goes to sleep:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Security & Privacy settings;
  4. Select the General tab;
  5. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  6. Check the box next to Require password … after sleep or screen saver begins and choose the amount of time after the computer goes to sleep when the application should start requiring a password.

If you set an interval that is too large and leave your computer unattended, other people will be able to use it.

Enable protection against modification of your macOS system preferences

What for: So that no one can change important settings on your computer.

If you are sharing your computer with someone else, you can disable other users capability to change macOS configuration and security settings:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Security & Privacy settings;
  4. Select the General tab;
  5. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  6. Click Advanced... in the lower right corner;
  7. In the window that opens, check the box on the left of Require an administrator password to unlock each System Preferences pane;
  8. Click OK.

Turn on the Find My Mac feature

What for: To find your computer or erase its data in case it is lost or stolen.

The Find My Mac service will help you find your computer in case it is lost. You can use it to not only determine the location of your Mac and turn on its alarm, but also to remotely lock it or wipe its local memory. This will protect your data from prying eyes if your MacBook was stolen.

All Apple devices support this feature even without Internet access and if location services are turned off. In this case, MacBook sends a signal over Bluetooth that other nearby Apple devices receive. After receiving this signal, these devices send their location to Apple and the company forwards this data to your account. Using this feature, you will be able to see the approximate location of your computer in the Find My app.

To enable the Find My Mac feature:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Press the Apple ID button in the upper-right corner;
  4. Select the iCloud tab;
  5. Check the box next to Find My Mac;
  6. In the window that opens, click Allow;
  7. Press the Options... button;
  8. Make sure that the Find My Network function is enabled.

If you don't want to rely on unfamiliar Apple gadgets, grant Find My Mac access to your location:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Security & Privacy settings;
  4. Select the Privacy tab;
  5. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  6. Select Location Services;
  7. Check the Enable Location Services box.
  8. Find System Services at the end of the list and click Details...;
  9. In the window that opens, check the box next to Find My Mac;
  10. Click Done.

Then you can find, lock, or wipe a lost or stolen computer by using the built-in Find My app on any other Apple device or at iCloud.com.

Activation Lock is also enabled when the Find My Mac service is turned on. This feature prevents someone from logging in to your computer's macOS with a different Apple ID, turning off the Find My Mac feature, or wiping the memory without Apple ID password confirmation. That means if your computer ends up in someone else's hands, they will not be able to use it or sell it (except maybe for spare parts), as well as to disable search and lock functions.

Please keep in mind that your Apple ID account credentials are also deleted along with the files when Mac drive is formatted, so in this case you will not be able to see the location of your computer. Therefore, use this option in extreme cases only.

However, when the lock is enabled, your Apple ID credentials are saved on Apple servers linked to your computer ID. So, even after you erase all the data you will be able to unlock your lost and found Mac if you enter your Apple ID credentials on it.

Configure App Control

What for: To prevent your computer from being infected by a virus disguised as a normal program.

Hackers frequently embed malicious code into well-known applications and distribute them disguised as safe software. To protect users from this type of attack, only apps from the Mac App Store or from trusted developers can be installed on Mac computers. If you attempt to start an unverified application, macOS will warn you about the risk. You can choose which software sources should be considered safe:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Security & Privacy settings;
  4. Select the General tab;
  5. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  6. Choose the sources from which you allow software to be installed:
  7. App Store is the most strict setting. In this case, you can install applications only from Mac App Store.
  8. App Store and identified developers is default and a less strict setting. It lets you install applications from Mac App Store and applications from developers that have been verified by Apple.

Controlling the sources of apps is an important part of security, but you can add an application to the exclusions list if you are absolutely sure the app is safe:

  1. Start the application that you want to add to exclusions list;
  2. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  3. In the drop-down list, choose System Preferences;
  4. Go to the Security & Privacy settings;
  5. Select the General tab;
  6. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  7. On the General pane, press the Open Anyway button. This button is available only for an hour after you attempt to start an application.

In addition to programs, other files such as archives, office documents, and media files may also contain malicious objects.


How to protect your Apple ID

open all


Create a strong password

What for: To prevent your data and Apple devices from being hacked.

An Apple ID account lets you synchronize music, photos, contacts, browser history, and other data on different devices. If your account is hacked, criminals will gain access to all of that data. Once they have access to your Apple ID, they can also remotely lock your Mac or format your hard drive.

Make sure that your account is protected by a strong password that complies with the following policies:

  • Is at least 8 characters long;
  • Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.);
  • Is not an actual word or easy-to-guess phrase;
  • Is not the same as your passwords for any other accounts;
  • Does not consist of information that strangers could easily find out (your name, date of birth, pet's name, and so forth — or those of your friends or relatives).

To change your Apple ID password on a Mac computer:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Press the Apple ID button in the upper-right corner;
  4. Select the Password & Security tab;
  5. Press Change password... button
  6. Enter the current password of your Apple ID account;
  7. Create a new password and confirm it;
  8. Click Change.

You can also change or reset your Apple ID password on the Apple website.

Enable two-factor authentication

What for: So you definitely don't get hacked.

macOS devices support two-factor authentication. It helps provide additional security for your Apple ID. If you enable it, the system will prompt you for a one-time code each time you attempt to sign in from a new Apple device. It will also show a notification on all gadgets on which you are authorized.

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Press the Apple ID button in the upper-right corner;
  4. Select the Password & Security tab;
  5. Turn on Two-Factor Authentication;
  6. In the window that opens, click Continue;
  7. Enter your phone number and choose how you want to receive the code: Text message or Phone call;
  8. Click Continue;
  9. In the window that opens, enter the verification code that you received on your phone, and click Continue;
  10. Click Done.

Your digital life mattersProtect it with the new Kaspersky

How to protect your data

open all


Turn on FileVault

What for: To keep your data private.

There is a built-in file encryption program in macOS called FileVault. If you turn it on, access to your data cannot be obtained without your password, even if someone manages to put your hard drive into another computer. To turn on FileVault:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Security & Privacy settings;
  4. Select the FileVault tab;
  5. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  6. Press Turn on FileVault button;
  7. Choose how you would like to reset the password in case you forget it:
  8. Allow my iCloud account to unlock my disk;
  9. Click Continue.
  10. Create a recovery key and do not use my iCloud account;
  11. Copy or write down the recovery key and store it in a secure location.
  12. Click Continue.
  13. In the window that opens, click Restart.

If you want to use iCloud to restore access, ensure that your Apple ID is secured. If your account is hacked, a criminal will be able to reset your FileVault password and sign in to the system. If you are using a recovery key, write it down and store it in a safe place. Without the key, it will be impossible to restore access to your files.

Encryption of the boot drive will begin the first time the computer is started after FileVault is turned on. It will start automatically in the background when your Mac is connected to the web.

Downside: After turning on FileVault, your computer may run slower, you will not be able to automatically log in to the computer`s macOS, and you will have to enter the password each time the computer is started.

Create a backup copy of your files

What for: To not lose your data.

Your Mac can automatically copy all important information to iCloud servers. A backup copy will help restore your data if your computer is lost or broken. These backup copies will also save your credentials, preferences, documents, and photos.

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Press the Apple ID button in the upper-right corner;
  4. Select the iCloud tab;
  5. Select iCloud Drive;
  6. Press the Options... button and check the boxes next to the data that you want to save in iCloud.
  7. Click Done.

Please keep in mind that information is copied only when the computer is connected to the Internet. In addition, you cannot save more than 5GB of data in iCloud with a free account.

Downside: Saving data in the cloud increases the risk of data leaks.

You can create a backup copy on a physical drive, such as an external hard drive or on another Mac (for iOS devices only and for macOS 10.15 or higher). To do so, use the built-in automatic backup tool called Time Machine. In this case, your data is not transmitted over the network, and the size and number of copies is limited only by the capacity of the drive.

To turn on Time Machine:

  1. Connect the backup drive to your Mac. For a list of devices that are compatible with Time Machine, visit https://support.apple.com/en-us/HT202784;
  2. The system will prompt you to use this drive to store backup copies;
  3. In the window that opens, check the Encrypt backups box;
  4. Click Use Disk.

If you don't see a window prompting you to use a drive to create copies after you connect the drive:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Press the Time Machine icon;
  4. Press the Select Disk button;
  5. In the window that opens, click the drive name;
  6. Check the Encrypt backups box;
  7. Press the Use Disk button.

Time Machine will create a copy of data and update it every hour. It will also separately store daily copies for the past month and weekly copies for the entire previous operating period. When the drive runs out of free space, Time Machine will start replacing the oldest entries with the newest ones.

Downside: You have to connect an external drive to the computer. The first data backup may take a long time.


How to protect yourself from snooping

open all


Block applications from accessing the microphone and camera

What for: To prevent applications from spying on you.

The system and certain applications can obtain access to your computer's camera and microphone, for example during a video call. Malicious applications may also try to exploit this access to spy on you. Check the list of applications that have access to the microphone and camera, and revoke that access from applications that you don't use:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Security & Privacy settings;
  4. Select the Privacy tab;
  5. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  6. Choose Microphone or Camera;
  7. Uncheck the box next to the application whose access you want to block.

You can restore access in the same menu.

Downside: Applications that you block from using the camera and microphone will not be able to take photos, record videos, or execute voice commands.

Revoke universal access permissions from applications

What for: To prevent hackers from taking control of your computer.

Universal access allows applications to directly interact with the interface and the computer`s mac OS. For example, if you want to use a voice assistant or a screen reader app, they must have the ability to see the contents of windows and to press buttons. However, malicious applications may also try to obtain universal access. For example, they may try to follow ad links or phishing links on your behalf.

Check which services have this access, and close it for suspicious applications:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Security & Privacy settings;
  4. Select the Privacy tab;
  5. Select Accessibility in the menu on the left;
  6. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  7. In the list on the right, uncheck the boxes next to the names of applications that you want to prevent from having universal access.

Restrict access to contacts, calendars, and reminders

What for: To prevent Apple and app developers from knowing more about you than necessary.

Applications and websites may have access to your contacts list, calendars, and reminders in iCloud. For example, if you allow a messenger to view your address book, you will be able to find acquaintances who also use the app. However, some applications may abuse their access and collect and sell databases of contacts, for example. You can check which services have access to your data and revoke it if necessary:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Security & Privacy settings;
  4. Select the Privacy tab;
  5. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  6. One-by-one, select Contacts, Calendars and Reminders;
  7. In the list on the right, uncheck the boxes next to the applications whose access you want to block.

Downside: Some application functions will become unavailable, such as event scheduling and sending messages to your contact list.

Turn off location services

What for: So macOS and apps do not know where you go.

Apple devices continually gather information about your location. Among other purposes, this information is used to choose contextual ads and for searches on your Mac. Because the data is stored on Apple servers and may be transmitted to third parties, there is a risk of data leaks. You can disable access to location for all services and apps, and enable it for individual applications when necessary.

To check which applications and services have access to your location, and to revoke unnecessary permissions:

  1. Open the Apple menu by clicking the Apple emblem in the upper-left corner;
  2. In the drop-down list, choose System Preferences;
  3. Go to the Security & Privacy settings;
  4. Select the Privacy tab;
  5. If you enabled protection, press the padlock icon in the lower left corner, enter the administrator password, and click Unlock;
  6. Click Location Services to view a list of applications that have access to computer location data;
  7. Uncheck the boxes next to the applications that you want to prevent from having access to location data;
  8. Find System Services at the end of the list and click Details...;
  9. In the window that opens, uncheck the boxes next to all unnecessary items. It is advisable to retain computer location access for at least the Find My Mac feature because it will increase your chances of finding your device in case it is lost or stolen;
  10. Click Done.

Downside: You will not be able to use location services, such as for nearby searches.


What would have happened if you had chosen another privacy level?


Also recommended

Main / macOS privacy and security settings: Medium level
Privacy level
?

Relaxed

Basic privacy settings, maximum convenience.


Medium

A golden mean respecting privacy matters but preserving convenience.


Tight

A choice of security over convenience; instructions contain a lot of details.

Relaxed
Medium
Tight
Platform
Windows
Mac
iPhone
Android
What are we setting up here?
Instagram
Facebook
WhatsApp
TikTok
X(Twitter)
Youtube
Telegram
Google
Skype
LinkedIn
VK
Mac OS
Chrome
Safari
Firefox
Edge
Apply