Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How to keep the information on your Macbook safe
8 points by tschoffelen on Sept 19, 2017 | hide | past | favorite | 10 comments
Last year, my backpack with my Macbook was stolen in some pub. Yep, my fault for bringing it there. I got good travel insurance, so I had a new one the day after.

I'm good with backups, so no stuff was lost, but the person that stole my Macbook did of course have access to the source code of dozens of projects I was working on at that moment. What kind of precautions do you take to keep the data on your laptop safe?




If you store source code on your personal laptop[1] you have to enable encryption. That should be like 'security 101'. Especially if you go to tech conferences where people who might steal your laptop actually know what the "~/.aws/config" is and what "~/Work/<company-source>" might worth. I would be very skeptical of ppl running around with laptops containing proprietary source code without encryption on.

If you own a mac:

  * Enable FileVault
  * Enable 'require password immediately'
  * Choose a password with 8 or more chars
  * Never leave the keyboard unattended
You can lock your mac with: "open -a ScreenSaverEngine" or even better:

echo 'alias klock="open -a ScreenSaverEngine"' >> ~/.profile'

[1] If this is a work laptop then the company should have some kind of security policy and encrypting everything is where everyone would/should begin.


Easier way to lock your mac: ctrl-shift-power button


Or close it?


Easier way to lock/sleep your mac is CMD+Option+Eject for older macs


Another way to sleep your Mac: set a hot spot (System Preferences > Mission Control > Hot Spots, at least in 10.10), and just move your mouse to that corner.


1) Make sure your harddrive is encrypted using Filevault (It's actually firevault 2). Make sure that you require a password to login and that if you're away from your computer for 5 minutes that you need to login with a password. I believe that Mac's have a find your laptop/remote wipe your laptop.

If you're working for a company suggest setting up a MDM management system like Jamf or Fleetsmith (GSuite may also support macs, but I'm not sure). These will allow you to automate setups including the forcing of encryption. Jamf at least has the remote wipe ability built in.


#1 Always ensure you have a password set on your computer. Whether first booting up or coming back from sleep, it should ask for a password. If they are going to steal your laptop, at least make them have to do some work of having to wipe your data.

#2 Glue all electronics to your hip. I don't care where you are or what you have to do. Get a backpack for all of your electronics and never let it out of your sight.

#3 I believe Apple was the first to do it with iPhone, might be available for Macbook, but if password is wrong 10 times, all data is wiped from phone, though I believe password is left intact.


In addition to these 3, make sure you enable FileVault. This will encrypt all of your data at rest


Also make sure that any media you use for backing up your MacBook is also secure. And use encrypted backups of course.


Would not have helped in your situation, but at home I have a locking file cabinet, and I put everything in there and lock them up when I leave the house.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: