Why Macs are Lost Prone (and how to keep it safe)

You’ve got a new portable Macintosh computer — congratulations! Hopefully you don’t lose it, since MacBooks are known to be lost prone 😅

Why? Due to its ubiquity and few variations between models, it’s very easy to pickup “the wrong MacBook” in a pile of other MacBooks. Furthermore, Apple laptops tend to have high resale values — I’ve managed to sold my refurbished MacBook Pro vintage 2013 for about 50% of what I originally paid for it, despite four years of intensive use. This re-sale potential makes MacBooks a prime target of theft.

Suppose that you’re confident that people around you are good natured and won’t steal laptops. Should you mis-placed yours, how do these good people know how to return it to you?

What about kaypoh roommates? Anne Weying, the lady lawyer character in the Venom (2018) movie lost her job because her then-boyfriend poked around in her MacBook and couldn’t keep a secret of what he found there. You wouldn’t want to be a real-life version of her, would you?

Would you like to keep your laptop safe and secure? Both physically safe and keeping your data from prying eyes?

If an honest person found your misplaced laptop, you want to make it easy for him to return it to you, wouldn’t you?

If a thief stole your laptop, don’t you want to be able to pursue him along with the police? At the very least, teach him a lesson for stealing?

Read on and learn how.

Hardening A MacBook

When you get a new MacBook, make sure that you’ve gone through these items:

  • Have a personal login.
  • Enable “Find my Mac”.
  • Configure the lock message.
  • Setup the firmware password.

Setting Up a Login

A login, also known as user is an account that the operating system uses to identify yourself to the computer. You probably have one already setup when the first time you turn on your Mac and went through its on-boarding process.

However if you share your MacBook, do not share your logins with anyone else. Always create individual logins for each person. Remember how Anne Weying lost her job because she shared her login? Don’t be the real-life version of her.

Here is how you create new user accounts on a mac.

  1. Open System Preferences.
  2. Select Users & Groups.
  3. If the padlock icon on the lower-left corner is shown as locked, click it, then enter the computer’s administrator password.
  4. Enter the new account’s details.

When creating additional users, the account type would most likely be Standard, unless you need the new account to be able to create new users. Be prudent when giving other people Administrator access, since this account type would be able to override file permissions and read/write other account’s files on the computer.

Each user account would have their own “space” on the computer, including but not limited to:

  • The set of e-mail accounts in Mail app.
  • Calendar, Contacts, Reminders, and Notes.
  • Safari browsing history.
  • Photos library.
  • Documents folder

As of macOS 10.15 “Catalina”, the operating system isolate between users of the same machine through file permissions. This ensures that standard users can’t access others’ files unless given permission. However administrators can override these file permissions and read/write other users’ files.

If you have sensitive files in a shared Mac and you are not the administrator of the machine, you could place those files in an encrypted disk image for extra security. Administrators can see the disk image (know that it’s “there” and how big is it) but can not access what’s inside without its password.

For more information on creating and configuring logins, read through Set up users, guests, and groups on Mac.

Configuring “Find my Mac”

This feature allows you to locate your mac – even when it is not connected to the Internet (the offline portion is a new feature in macOS 10.15 “Catalina”). When you have this feature enabled, you can use just about any web browser to locate your devices.

Follow these steps to enable Find my Mac on macOS Catalina.

  1. Open System Preferences.
  2. Select Apple ID.
  3. Choose iCloud at the left hand side.
  4. In the Find my Mac row, click on Options.
  5. Enable both Find My Mac and Offline Finding.

Find My Mac and Offline Finding

If you have more than one login in the mac, only one can activate Find My Mac on it. Therefore it would be a good idea to enable this on the primary administrator’s login.

Offline finding relies on Bluetooth, specifically the mesh network made out of all Apple users world-wide. Devices running iOS 13, iPadOS 13.1, and macOS 10.15 or later would form peer-to-peer networks to help locate missing devices. Thus please enable Bluetooth on all of your Apple devices. You won’t improve your uptime on battery by disabling Bluetooth any longer since the improvements introduced in Bluetooth 4.0. Enabling Bluetooth would also help other Apple users finding their devices – together we are strong!

Read Wired’s story on offline finding to get a sense how it works.

Configuring the Lock Message

A lock message is short text shown when your mac is screen-locked or in a logged-out state (such as when it was just powered up). The message is displayed at the bottom margin of the login or screensaver unlock screens. This is a great space to show contact information or any reward/bounty that you want to entice honest samaritans to return your mac.

macOS lock message

Here is how you can configure the lock message for a Mac:

  1. Open System Preferences.
  2. Select Security & Privacy.
  3. If the padlock button on the lower-left side of the window is shown as locked, click it then enter your Mac’s administrator password.
  4. Select the General tab.
  5. Tick the Show a message when the screen is locked checkbox.
  6. Click the Set lock message button.
  7. Enter your lock message.

In the lock message, you could say something like:

When found, please contact johnny.appleseed@example.com (e-mail, iMessage, FaceTime Audio) – reward $100 when returned in good condition.

Refer to How to set a lock message on the login window of your Mac for more details.

Configuring the Firmware Password

Even when you have full disk encryption enabled, thieves won’t need your password to erase the whole drive and reinstall the operating system. You password just safeguards the contents of the MacBook – but does nothing to prevent erasing it. For that you would need to enable the firmware password in the machine.

When configured, the mac would disallow re-installation of the operating system or booting to an external drive without the firmware password. Similarly booting into recovery mode would requires the firmware password as well. This effectively renders the system useless to thieves.

Here is how you setup configure the firmware password.

  1. Decide your password and write it down on paper. Remember, firmware passwords are case sensitive.
  2. Shut down you Mac.
  3. Place your hand on the command and R buttons on the keyboard – but don’t press them.
  4. Press the power button and afterwards quickly hold the command () and R before the Apple logo shows up.
  5. The system boots up into recovery mode and you should see a screen like the following. If you don’t see this screen, re-try from Step 2.
    macOS Utilities
  6. In the menu bar, open Utilities then select the Startup Security menu item.
  7. Verify that the Startup Security app is now active.
  8. Click Turn On Firmware Password.
  9. Slowly enter your firmware password, copying it from your sheet of paper.
  10. Take a walk for a minute or two
  11. Come back, and then very slowly re-enter your firmware password on the second box. Be sure to copy exactly from your sheet of paper and do not use copy-paste.
  12. Confirm the firmware password you’ve just enterd.
  13. From the Apple menu (), choose Restart.

Now the next time you try to enter recovery mode or to boot from an external drive, your mac would ask for its firmware password.

Be really careful with your firmware password. If you lose it, you won’t be able to re-set it, you can’t boot from an external drive, nor you can’t access the recovery ppartition.

For more information on firmware passwords, read HT204455 on Apple’s website.

Next Steps

Have you setup all of the above security measures on your mac? If you haven’t done so, do it as soon as you can. Before you lose it – either negligence or just because your laptop is too attractive for thieves.

Tags: , , , ,

%d bloggers like this: