While iCloud PINs are best used as a temporary means for securing Macs, there are other options in OS X for implementing robust long-term data and system security.
One feature in Apple's iCloud service for OS X is its lock option, which allows you to remotely set a PIN for your Mac through iCloud's Find My iPhone service, and require that it be entered to boot the system.
This lock is similar to a firmware password for securing Mac systems. Not only does it prevent booting to alternative boot modes such as Safe Mode or Single User Mode, but it prevents loading in special hardware modes like Target Disk and Internet Recovery so the hard disk cannot be wiped or otherwise accessed.
Unlike the firmware password, however, the iCloud PIN is required to boot the system. This may sound convenient, but in its current implementation it's not the most secure option to rely on.
The first issue with the iCloud PIN feature is that if it's locked from an iPhone, then the PIN is only four numeric digits, meaning that there are 10,000 possible combinations that can be tried to ultimately uncover it. Apple does attempt to discourage this brute-force approach by implementing a progressive wait time before you can try new PINs, but this can be circumvented by restarting the system (which quickly returns you to the PIN password screen) and continuing to enter new PIN numbers.
With diligence, this approach can get you into the system in a matter of hours. While a new PIN can quickly be set again to overcome the one being discovered, once in the system, someone will have access to your data. You can make the PIN more secure by locking the system from a Mac, in which case it will be a 6-digit code instead of 4-, but it still is not a very robust password option.
In addition to the relative ease of brute-force approaches, some people have simply removed the Mac's hard drive and installed it in another system to locate files on the drive that for some people contain the lock codes. Granted, these methods have not worked for all who have tried them, but some have had success.
The real issue at hand here is that relying on only a hardware-based lock, be it a firmware password or the iCloud PIN, will not secure your data. While these methods may lock your system's hardware and provide a frustrating hurdle for those trying to use it, they will not be a full block to those who try to get access to your data. If you would like to secure your Mac as much as possible, the following three options together should do the trick:
With these three options, both your data and the system will be fairly well locked down and secured not only from thieves and other nefarious activity, but also from user error, defects, and other unforeseen problems you may encounter.
With that said, if you have not yet instated these options in your system and find yourself in a situation where you need to quickly lock your Mac (for instance, if you are on vacation and are worried about someone accessing your system), then you can log into iCloud and set the lock to at least provide some level of protection to your system until you can get back to it and implement more secure options.
Questions? Comments? Have a fix? Post them below or
Be sure to check us out on Twitter and the CNET Mac forums.