Computers, Laptops & Tablets Apple Using the Mac Security Preference Pane Lock down all of the accounts on your Mac Share Pin Email Print firewall / Getty Images Apple Macs iPad By Tom Nelson Writer Tom Nelson is an engineer, programmer, network manager, and computer network and systems designer who has written for Other World Computing,and others. our editorial process Facebook Twitter Tom Nelson Updated February 23, 2020 The Security preference pane allows you to control the security level of the user accounts on your Mac. In addition, the Security preference pane is where you configure your Mac's firewall as well as turn data encryption on or off for your user account. Here's how to use the Security & Privacy pane to keep your computer safe. Instructions in this article apply to Mac OS X Mountain Lion (10.8) and later. Some options will differ depending on the model of Mac you're using. How to Change Security Preferences on a Mac The Security & Privacy panel has four areas, each of which controls a different aspect of Mac security. Follow these steps to access and modify each of them. Open System Preferences by selecting it from the Apple menu or clicking its icon in the Dock. Click Security & Privacy. Select the General tab to get started with configuring your Mac's security settings. Click the lock icon in the bottom left-hand corner of the Security preference pane. Enter your administrator password when the prompt appears. The Require password option requires you (or anyone who attempts to use your Mac)to provide the password for the current account to exit sleep or an active screen saver. Click the box to turn the option on. The drop-down menu on this line lets you select a time interval before the Mac requires the password. The most secure option is immediately, but you can set an interval of up to eight hours. The following items may or may not appear on your Mac: Disable automatic login: This option requires users to authenticate their identity with their password anytime they log on.Require a password to unlock each System Preferences pane: With this option selected, users must provide their account ID and password anytime they attempt to make a change to any secure system preference. Normally, the first authentication unlocks all secure system preferences. You may also have the option to show a message when the screen is locked by clicking the box next to that option. Click the Set Lock Message button to create a message. Macs made in mid-2013 and later running at least macOS Sierra (10.12) also have an option to skip the password entirely when you wake up your computer. You can use an Apple Watch, provided it's on your wrist and unlocked. Click the box next to Use your Apple Watch to unlock apps and your Mac to turn this feature on. This feature is compatible with Apple Watch Series 1 and 2 for Macs running Sierra, and Series 3 and up for High Sierra (10.13) and later. The final two options on the main screen of the General tab have to do with which apps you can download. The two options are App Store and App Store and identified developers. The first choice is more secure, as it only lets you install apps that Apple has certified to be compatible. Click the Advanced button to access more options. The settings under the Advanced button are the same in every tab of the Security & Privacy preferences. The first setting in the next window is Log out after xx minutes of inactivity. This option lets you select a set amount of idle time after which the currently logged-in account will automatically log out. You can also put a check in the box next to Require an administrator password to access system-wide preferences to do just that. This setting is similar to the one that asks for credentials to access preference panes. How to Use FileVault Settings The next tab controls FileVault. This feature uses a 128-bit (AES-128) encryption scheme to protect your user data from prying eyes. Encrypting your home folder makes it nearly impossible for anyone to access any user data on your Mac without your account name and password. FileVault can be very handy for those with portable Macs who are concerned about loss or theft. When FileVault is enabled, your home folder becomes an encrypted disk image that only mounts for access after you log in. When you log off, shut down, or sleep, the home folder image is no longer available. FireVault may be on by default. If it isn't, click Turn on FileVault to start the encryption process. A window will appear that lets you customize how you access your hard drive. The two choices are: Allow my iCloud account to unlock my disk: This option lets you use your Apple ID and password.Create a recovery key and do not use my iCloud account: Choose this setting for more security. Your data will be behind an independent, unique key that isn't related to your Apple ID. It's a better option if you're worried about the security of your iCloud credentials. Make your selection and click Continue. FileVault will begin encrypting your disk. If you chose to create a recovery key, it will appear in a window. Make a note of it, and then click Continue. Keep your recovery key someplace secure. FileVault will finish encrypting your disk. Depending on your computer model and the version of macOS you're using, FileVault may log you out during this process. You may see the following additional options on the FileVault tab: Set Master Password: The master password is a fail-safe. It allows you to reset your user password in the event you forget your login information. However, if you forget both your user account password and the master password, you will not be able to access your user data.Use secure erase: This option overwrites the data when you empty the trash. This ensures that the trashed data is not easily recoverable.Use secure virtual memory: Selecting this option will force any RAM data written to your hard drive to be first encrypted. How to Configure Your Mac's Firewall Your Mac includes a personal firewall you can use to prevent network or Internet connections. It's based on a standard UNIX setup called ipfw. This is a good, though basic, packet-filtering firewall. To this basic firewall, Apple adds a socket-filtering system, also known as an application firewall. Instead of needing to know which ports and protocols are necessary, you can just specify which applications have the right to make incoming or outgoing connections. Click the Firewall tab in the preference pane. If your firewall is off, click Turn on Firewall to activate it. In older versions of macOS and OS X, this option is called Start. Click Firewall Options to access more settings. In earlier versions, this button is called Advanced. It's only available if the firewall is on. Click the box next to Block all incoming connections to prevent any incoming connections to non-essential services. Essential services as defined by Apple are: Configd: Allows DHCP and other network configuration services to occur.mDNSResponder: Allows the Bonjour protocol to function.raccoon: Allows IPSec (Internet Protocol Security) to function. If you choose to block all incoming connections, then most file, screen, and print sharing services will no longer function. Check Automatically allow built-in software to receive incoming connections tells the firewall to accept requests from stock apps like Mail and Messages. The Automatically allow signed software to receive incoming connections option automatically adds securely signed software applications to the list of applications that are allowed to accept connections from an external network, including the internet. You can manually add applications to the firewall's application filter list using the plus (+) button. Likewise, you can remove applications from the list using the minus (-) button. Enable stealth mode prevents your Mac from responding to traffic queries from the network. This option makes your Mac appear to be non-existent. How to Adjust Privacy Settings You may have a fourth tab: Privacy. This section lets you decide which apps can collect and read information from different areas of your Mac. Here's how it works. Click the Privacy tab. Generally, the left column contains a list of a type of data that an app might want to access. Some examples are your location, contacts, calendars, camera, and microphone. Select one to open its options. In the right pane, you'll see apps that have requested that information. Put a check in the box next to its name to grant permission; remove it to revoke. When you've made all the changes in this preference pane that you want to make, click the lock to stop additional ones to occur without authorization.