Prevent your Mac password from being bypassed

These two security utilities prevent thieves from being able to reset your password to gain access to the contents of your Mac.

Matt Elliott Senior Editor
Matt Elliott is a senior editor at CNET with a focus on laptops and streaming services. Matt has more than 20 years of experience testing and reviewing laptops. He has worked for CNET in New York and San Francisco and now lives in New Hampshire. When he's not writing about laptops, Matt likes to play and watch sports. He loves to play tennis and hates the number of streaming services he has to subscribe to in order to watch the various sports he wants to watch.
Expertise Laptops, desktops, all-in-one PCs, streaming devices, streaming platforms
Matt Elliott
2 min read

Watch this: Prevent your Mac password from being bypassed

A nefarious individual could purloin your Mac and bypass your user account password in order to access your data or wipe your system clean and begin using it as their own. It's possible to reset a password by booting into Recovery Mode or from an external drive.

Thankfully, there two precautions you can take to protect yourself and your Mac from intruders. One is a software-based encryption tool, and the other is a hardware-based encryption tool, both of which are built-in utilities of OS X. The software tool is a utility called FileVault, which you may already be using. The hardware tool is a firmware password you can set in Recovery Mode.

FileVault Disk Encryption

FileVault encrypts the data on your Mac so unauthorized users can't access your files. If you are using OS X Yosemite, then you are likely already using FileVault. When you installed Yosemite, one of the setup screens asked if you wanted to enable this utility.

To check to see if you are using FileVault, open System Preferences, click Security & Privacy, and then click the FileVault tab. To enable FileVault, click the lock in the lower-left corner to unlock it and enter your admin name and password. Next, click the Turn On FileVault button.

Screenshot by Matt Elliott/CNET

You'll get a recovery key, which you'll need if you want to reset your password. Be sure to keep this recovery key in a safe spot. Alternatively, you can store it with Apple. If you choose the latter, you will be asked to create three security Q&As -- three hoops to jump through should you need to ask Apple for your recovery key in the future.

After a restart, FileVault will begin to encrypt the files on your drive. You can still use your Mac while FileVault works in the background, though its performance may be a bit sluggish.

Firmware Password

Even with your files encrypted with FileVault, someone could grab your laptop, enter Recovery Mode and wipe your hard drive clean and start fresh. While this keeps your files from prying eyes, it certainly doesn't prevent a thief from happily using your Mac after a fresh install of OS X. A firmware password is a hardware-based encryption tool that requires a password when booting to Recovery Mode or from an external drive.

Matt Elliott/CNET

To create a firmware password, you will need to reboot your Mac and enter Recovery Mode by holding down Command-R when it begins to boot up. When the OS X Utilities screen appears, click on the Utilities menu in the menu bar and select Firmware Password Utility. Next, click Turn On Firmware Password, enter a password, and click the Set Password button. Finally, click Quit Firmware Password Utility, and choose Restart from the Apple menu in the upper-left corner.

One word of caution: make sure you don't lose track of your firmware password. If you forget it, you will need to take a trip to your nearest Apple Store to reset it.

(Via How-To Geek)