Master basic macOS security
The first steps that will safeguard your Mac and your data for online activity
1 Lock your Mac
Many security features are irrelevant once someone has physical access to your Mac, including a thief. Keep them out. In Apple > System Prefs > Security & Privacy > General, you should have a login password set up for your user account, and ensure “Require password” is checked and set to Immediately.
2 Heed the Gatekeeper
In the same place, no matter what is selected for “Allow apps downloaded from”, you can still open apps from unidentified developers: Ctrl– click one in Finder and pick Open, then click Open on the warning dialog. But think twice, and never enter your admin username and password if you’re unsure.
3 Look for the lock
Many web addresses start with “https://” rather than “http://”, meaning they use SSL to encrypt data exchanged with them. A padlock in Safari’s search bar confirms it. Don’t enter sensitive data if this is missing. If it’s there, it just means the connection is secure, not that the site owner is legit.
4 Cancel Java
A few apps still require Java — which is different from JavaScript, commonly used online — on your Mac, but it’s a bit of a security nightmare. You can install it from java.com, manage it in System Prefs > Java, and turn it on in Safari > Prefs > Websites if you really need to — but if you don’t, well… don’t.
5 Secure online accounts
iCloud and many third–party online services now offer 2FA (two–factor authentication), requiring “something you know” (login details) and “something you have” (typically your iPhone, or a small device that generates a key code). Enable it unless you have a good reason not to; it makes your accounts harder to hack.
6 Always update
Most new security threats are patched very quickly by Apple and other vendors. But this will only keep you safe if you install updates promptly. Unlike on iOS, you can usually roll back automatic updates if they cause issues. If you prefer to keep automatic updates off, don’t keep ignoring or snoozing alerts indefinitely.