Secure my laptop Best Practice idea requests

Question

Level 1

5 points

Secure my laptop Best Practice idea requests

My MacBook was stolen with all my personal information unencrypted last month and I now have a new 13 inch MacBookPro. I would like some Best Practice recommendations for securing the data within my user account. Is there a BIOS level password option on the Apple laptops?

Any thoughts on Identity theft? LoJackforLaptops software tracking? Is Apple's encryption of the home directory stable enough to use routinely and how does it affect back up of data and recovery of data? How about online backup...Mozy vs Carbonite or Others. I had Mozy and it seems that much less data was actually available to recover than I had thought.

Or is this a case of the Cow is out of the barn and why shut the door now?!

Thoughts please!

Thanks

Warren Tripp
Madison,WI

MacBookPro, Mac OS X (10.5.7), 500 gig hard drive with 100 partitioned for XP with Book Camp

Posted on Jul 19, 2009 12:03 PM

Reply

Answer 1

Kappy

Level 10

362,007 points

Jul 19, 2009 2:17 PM in response to Warren Tripp

Yes, there are several solutions for tracking a stolen computer. There are also some built-in safeguards for OS X:

1. Setting up firmware password protection in Mac OS X;

2. Enabling FileVault to encrypt the Home folder.

There is a Security Slot on the computer that can be used to connect a security cable so the computer can be locked down to a desk.

Reply

Answer 2

robertd

Level 1

65 points

Jul 19, 2009 5:26 PM in response to Warren Tripp

The biggest thing I can tell you is make sure that you aren't using auto logon. That firmware password might be the best bet as well for security. Because the truth is that anyone with a little knowhow and Mac OSX install CD can reset the admin password for the OS. So create a good user name, complex as you can remember password, disable auto logon, and use a firmware password. I don't think it is ever too late to secure your laptop. I would change all passwords to all of your web sites however and whatever else you had on the laptop. Hope that helps.
rob

Reply

Answer 3

Kappy

Level 10

362,007 points

Jul 19, 2009 5:54 PM in response to robertd

There are also relatively easy tricks for disabling the Firmware Password. On most computers passwords provide only a layer of security against the casual prying eyes.

Reply

Answer 4

robertd

Level 1

65 points

Jul 19, 2009 6:25 PM in response to Kappy

Well within reason that is all he has. I don't think that he is interested in completely locking down the thing.. sounds like just some basic security....

Reply

Answer 5

Kappy

Level 10

362,007 points

Jul 19, 2009 10:32 PM in response to robertd

Then the best bet is to use good password for the admin account. If needed add the Firmware Password. For greater security use FileVault to encrypt the Home folder.

There are commercial utilities that can enable tracking the computer if stolen as I mentioned earlier.

Reply

Answer 6

Warren Tripp Author

Level 1

5 points

Aug 31, 2009 3:16 PM in response to Kappy

Correct. I am concerned about thieves not the NSA breaking into my firmware (NOW) password enabled MBPro13inch. I have a great strong password as well lowercase uppercase numbers the whole deal.

I am NOT going to use FileVault however. I tried it once and lost data. Everything I read seems to imply it is not worth the trouble.

And...I am not going to leave it in my car visible anymore either in or out of a briefcase..;-)

Thanks to all.

WT

Reply

Answer 7

eww

Level 9

53,052 points

Aug 31, 2009 3:30 PM in response to Warren Tripp

It takes three minutes for a thief who has stolen your computer to bypass ANY firmware password, no matter how strong. Don't expect that to protect your data if your next MacBook is stolen. Encryption is the only protection you can rely on under those circumstances. FileVault is just one encryption alternative, not the only one.

Reply

Answer 8

Sep 1, 2009 5:29 AM in response to Warren Tripp

Warren Tripp wrote:
I am NOT going to use FileVault however. I tried it once and lost data. Everything I read seems to imply it is not worth the trouble.

RE encryption, eww is correct - that's the only way to protect your data. Competent individuals (Kappy, eww, and me, for example), could defeat the firmware password protection and your strong admin password in a matter of minutes. A competent thief +who was interested in your data+ would be able to do so as well (most just want the hardware, of course).

I do agree that FileVault is not the best solution here (I sometimes refer to it as FileFault - there's an inherent risk in having all of your data in a single, huge, encrypted file). I see no need to encrypt iTunes music, my personal photos, etc. Instead, consider creating an encrypted disk image for your sensitive personal data (again with a strong password, and UNcheck the box to store the password in the keychain!).

http://support.apple.com/kb/HT1578

Reply