July 8, 2012 at 6:10 p.m. PST
Many Mac users mistakenly assume that their computer is secure. Indeed, Macs are more secure than Windows PCs. This is not due to their lack of popularity. Believe me, hackers have actually heard of Apple. Mac OS X is based on Darwin, which is an open source UNIX operating system. UNIX has been around since 1980 or so, and is very mature, stable, and secure. Mac OS X benefits from decades of refinement. Your Mac is more secure than most computers, but can still have vulnerabilities. One of the most obvious is people in your environment, be it work or home. If you don’t want to lock down your entire machine, it is a good idea to store sensitive information in a secure disk image.
Like most people, I have gone with the default for security, which is to not authenticate access when the machine is booted or unlocked. It is less of a hassle. This simplicity comes at a cost. While you need to authenticate to make systemic modifications, your sensitive files can be unprotected. In this how-to post, I will show you how to create a password protected and encrypted partition, where you can store sensitive information. This is a great place to store tax and financial information. I also trust this with most of my passwords, more than I trust the key ring or password storage features in browsers. I probably wouldn’t recommend putting the password to your bank account here, but if you want to store it electronically, this is the best way. Here’s how to do it:
1. Open the disk utility (applications -> utilities -> disk utility)
2. Click the new image button
3. Fill in “Save As:” with the name of your secure storage image. I recommend something that will not pique interest.
4. Choose a location for this disk image. Desktop probably isn’t the best place, if security is a concern.
5. Change the size selection to what you feel is appropriate. The default of 100MB is fine if you will be storing some text files or image scans of sensitive documents.
6. Select the level of encryption. I typically go with 128-bit, as it is good enough. If you are willing to sacrifice speed at the expense of higher security, go for 256-bit.
7. All of the other settings can be left at their default values.
8. Click create.
9. A dialog box will pop up asking you to enter a password. Enter a strong password, but I would recommend not storing this in your key ring, so uncheck that option.
10. The new secure image will be created in your location of choice. You can now open it with your password and copy files to it. Remember to eject the disk image (right-click on it, or do a two finger click if you have a trackpad) when you are done. By ejecting, you close the partition and will need to re-authenticate in order to open it. If you don’t eject the disk image, anyone can access it.
That’s it. Now you can leave your Mac open for friends and family to use, without compromising your sensitive data. Keep in mind, by default, a Mac is very secure. The steps outlined in this how-to post will prevent people who have both physical and remote access to your Mac from accessing your files. If you have your Mac setup to authenticate at boot-up or when unlocked, you may still want to do this. With the default security on a Mac, as well as practically every wi-fi router, it is very difficult for hackers to access your system. Nonetheless, if they do, they will have a very difficult time breaking into your secure disk image.
It is also important to note that Spotlight will not find anything in a secure disk image. This is what you want. I tested it, because you never know…