Looking for best practices for home data security for an exclusively Mac household.
We've had questions about security on the Mac before (search
), and for protecting files and folders, a password protected disk image sounds like the way to go (I might also try Knox
, though I'm not sure what it adds--but I use 1Password religiously). I'd be happy to hear any new developments (i.e., have people stopped experiencing FileVault corruption issues?), but that seems straightforward enough.
The slap to the forehead moment, however, was realizing that 1) I don't know what Keychain has in it and who could use it (assuming access to the machine), and 2) I leave gmail logged in, and my wife has Mail.app always running, and if someone had one of the machines, access to the email could give them broad access using "forgot my password" links (D'oh! I realize as I'm writing this that I should have separate emails for those that don't stay logged in!). And those are just the holes that occurred to me at 4:00 in the morning--I'm sure you Mac boffins can think of a million other overlooked holes.
I know TimeMachine is unencrypted, but if I nuke the drive and start backing up once I've set up a encrypted disk image, I'm assuming that I'd be ok (although does the archive allow, e.g., a cookie or open browser session to be backed up? Is that just magical thinking?). I also am wondering about unencrypted iOS backups--would there be a way to extract anything from them? Can you pull anything out of a Spotlight index?
I'll probably add a screen saver / wake from sleep password, but I know that doesn't secure data, just the most casual snoops (target disk mode, password resets, etc.).
TL;DR: assume I'm an average Mac user who's been lazy about security (using Keychain, "keep me logged in" status on Gmail and other web sites), no password to access Mail.app, no encrypted data other than in 1Password). Please tell me anything I need to delete, update, uncheck, install, opt out of, opt into, or buy to make my Macs locked down tight.
I don't mind spending money, I don't mind inconvenience.
If my Macs were lost or stolen, I don't want to give one second's thought to the security of sensitive data or backdoors through email or Keychain or iOS backups or whatever. Thanks!