PDA

View Full Version : How to best secure laptop data in case it's stolen?




RickR
Jun 3, 2007, 11:07 PM
I have a MacBook Pro and I'm wondering what I can do to secure the data the best I can in case it's stolen. When I had a Windows Laptop I had a password to log on. I know someone could still get into it without too much trouble with a reinstall of Windows, going through DOS, etc.
My question, what is the best way to do this on a Mac? I set up a logon password so when my screen saver comes up in a minute of no use it requires a password to get back in. Yet all someone has to do is a restart and for some reason it goes straight into OS X without asking for a password. Is there a way to change this?
Is it possible for me to somehow encrypt my data to somehow further protect it? Of course I don't want to do anything that will slow my system down.



SC68Cal
Jun 3, 2007, 11:27 PM
Filevault and a strong login password

yeti5d
Jun 4, 2007, 12:29 AM
Yet all someone has to do is a restart and for some reason it goes straight into OS X without asking for a password. Is there a way to change this?

System Preferences -> Accounts -> press the the "lock" icon, type your password and the "Login Options", which is directly under all your accounts, should be available. There you can remove the "Automatically log in as:".

iToaster
Jun 4, 2007, 01:07 AM
Oh, filevault is your best bet... "... takes a supercomputer 3 trillion years to crack the encription..." if I remember that video correctly. Filevault is annoying because of its habit of asking you to regain lost disk space every time you shut down. And if you try to unencript, it goes crazy... my MB said I needed 4 TB of disk space, so I backed up my movies, erased them from the HD and it did it just fine. But set all the password things and filevault if you absolutely feel the need.

zephead
Jun 4, 2007, 01:31 AM
I've heard some pretty iffy things about FileVault, so I'm not sure I'd go that route. Just get out your OS X install discs and make an Open Firmware password. That way, if your Mac gets stolen, the thief can't reformat your disk unless he knows the password and he can't do any of the "hold this (these) key(s) while starting up" key combos.

Another thing that's really good, and that I've bought myself, is Undercover (http://www.orbicule.com/undercover). So if your Mac ever does get stolen, then they can get it back for you. :)

SC68Cal
Jun 4, 2007, 10:41 AM
Undercover is a joke. Seriously. Know why?

A) Laptops that get stolen, usually are sold quickly to get cash out of it

OR

B) If the thief is a hacker, he'll image the laptop to a external HD, nuke it and install a fresh OS that he'll have root access on, so that he can go back through your files at his own leisure.

andiwm2003
Jun 4, 2007, 11:58 AM
..................................... Just get out your OS X install discs and make an Open Firmware password. That way, if your Mac gets stolen, the thief can't reformat your disk unless he knows the password and he can't do any of the "hold this (these) key(s) while starting up" key combos.
....................................................

wow, never heard of that. how exactly does it work and what are the risks?

elppa
Jun 4, 2007, 12:34 PM
wow, never heard of that. how exactly does it work and what are the risks?

Absolutely no risks.

It just pops up a dialog to type in your firmware password whenever you hold down the option key (to pick a disk) or the c key (to startup from CD/DVD). All very elegant and simple like you'd expect.

Use the open firmware password utility in the applications folder on the Mac OS X installation disc that came with your Mac.

It's very important I feel, due to another little app that comes on the same disc, the reset password utility, which doesn't require any knowledge of the previous password.

Cue mad scrambling to lock brothers/sisters/parents/flatmates out of their own computer...

SC68Cal
Jun 4, 2007, 01:19 PM
Cue mad scrambling to lock brothers/sisters/parents/flatmates out of their own computer...

:chuckles:

Cue mad scrambling to lock users out of their loaner laptops

panoz7
Jun 4, 2007, 01:43 PM
Unfortunately it's not too hard to reset an open firmware password manually. It's a good security measure but not the end-all solution to security.

I wouldn't use filevault in most cases. I've heard of a few cases where the encryption gets corrupted and the data becomes irretrievable. At least if this happens your data isn't compromised. As long as you do constant backups this shouldn't be an issue... if not, it's probably a little too risky.

I would suggest using encrypted disk images. This offers most of the advantages and convenience of file vault without nearly as much risk. If you create a sparse disk image it won't take up any more space then the files it contains. I have a few of these that contain data I wouldn't want recovered if I lost my laptop.

A Pittarelli
Jun 4, 2007, 01:44 PM
use the apple data encyption thing and make sure you have a password for everything

SC68Cal
Jun 4, 2007, 01:57 PM
Unfortunately it's not too hard to reset an open firmware password manually. It's a good security measure but not the end-all solution to security.

Security doesn't have an end-all solution. Security is built upon layers.

I wouldn't use filevault in most cases. I've heard of a few cases where the encryption gets corrupted and the data becomes irretrievable. At least if this happens your data isn't compromised. As long as you do constant backups this shouldn't be an issue... if not, it's probably a little too risky.


I've never had that happen to my FileVault. The one thing I will comment on is that I had a strange few times where my iTunes library database ate itself. Though, I was using a very, very, very, on-the-last-leg Mac that did like to crash because of hardware failure, which might have been the issue.

As long as your computer logs you out gracefully and shuts down gracefully you're okay.

g3ski
Jun 4, 2007, 02:19 PM
I've heard some pretty iffy things about FileVault, so I'm not sure I'd go that route. Just get out your OS X install discs and make an Open Firmware password. That way, if your Mac gets stolen, the thief can't reformat your disk unless he knows the password and he can't do any of the "hold this (these) key(s) while starting up" key combos.

open firmware password can be defeated by removing a ram chip and rebooting.... but it is one more hurdle for the thief. Not all thieves know these tricks - it's like the "club" on a steering wheel - some thieves can get through them in 60 seconds, but most others will move on to another car.

zephead
Jun 4, 2007, 06:20 PM
Undercover is a joke. Seriously. Know why?

A) Laptops that get stolen, usually are sold quickly to get cash out of it

OR

B) If the thief is a hacker, he'll image the laptop to a external HD, nuke it and install a fresh OS that he'll have root access on, so that he can go back through your files at his own leisure.

A) If the Mac has any kind of internet connection, it's gonna phone home to Undercover with network info, screenshots, and pics of the person using it via the iSight. It doesn't matter who has it.

B) That's why I backup all my files regularly. I don't really have anything on here that would merit being a catastrophe if a complete stranger were to access them. As for someone who does have files like that, well, you got me there. :o

Can a disk be cloned even if it's password protected?

heehee
Jun 4, 2007, 07:37 PM
A) If the Mac has any kind of internet connection, it's gonna phone home to Undercover with network info, screenshots, and pics of the person using it via the iSight. It doesn't matter who has it.


Sigh, if you can make a website, you can sell anything. :(

"Undercover" might be a real company and their software works, but you don't even know if you are being scammed until you get your laptop stolen. Just because "they" say their software works, doesn't mean it does.

zephead
Jun 5, 2007, 12:14 AM
Just because "they" say their software works, doesn't mean it does.

You're saying it like it only pertains to them. It's really the same with any company. People need to try it for themselves to see if it's any good. If it's bad, some blogger would shout it across the internet so other people don't buy it.

sushi
Jun 5, 2007, 12:24 AM
I have a MacBook Pro and I'm wondering what I can do to secure the data the best I can in case it's stolen.
I use Disk Utility and create secure images. In my case, I selected images the size of DVDs for backup purposes.

Works well. When you go to mount an image, it asks for your password. Once mounted they work like a regular HD.

Be sure to uncheck the remember password box.

As soon as an image in unmounted, you must enter a password to remount it. Un-mounting an image occurs automatically when you restart or shut down your computer, but also when you unmount the HD image.

I've been using them for years and secure images work well.