[thsfeeney]

hey, im new to mac, i want to have a more safe mac, so i want more than 1 password screen, so i can have multiple password screens and more protection.
Example: i first type in my 1st password, then go to another screen to type in another, and so on. If any one knows how or can search around for me it would be SO very helpful. Thanks, PS. im new to the site
i am at a business and this holds hundreds of thousands of dollars of material so any help in finding something would be appreciated [ yes i see the 3 OFs ]

[Laminar]

Set a very strong password as your initial password - something with a combination of upper and lowercase letters, numbers, spaces and symbols. Turn on FileVault protection so that all of your data is encrypted. You can keep any especially sensitive data in an encrypted disk image. You can create a new disk image in Disk Utility and set it up with a password. That, and changing your password on a regular basis, should keep you more than safe.

[Chuckit]

How would having multiple passwords be any more secure than having one password made up of all those passwords set end to end? In fact, I'd think it's less secure. Say your passwords are "cabbage" and "rabbit" (obviously you wouldn't want these, but it's just an example). Once somebody brute-forces "cabbage" in your multipassword system, he knows that password is correct and then only has to get "rabbit" — significantly reducing the potential password space they need to search — whereas if it were all one password, brute-forcing "cabbage" won't bring you any closer to "cabbagerabbit."

[Big Mac]

OS X is secure out of the box. Choose a strong password, encrypt sensitive files and maintain physical security of the location. Anyone who gets physical access to your hardware will be able to crack everything other than strong encryption quite easily.

[Andrew Stephens]

Why would anyone use file vault. It uses up space, is slow and has corruption issues with the encyrpted file. Plus if you forget the p/w you're hosed.

file by file/folder by folder encryption is the way to go

edit: I mean if you must.

Other than that get a good strong "proper" password for the user account.

However be aware that if someone has physical access to the Mac they can get round this by inserting an OS install disc and resetting the password.

You can set a firmware/efi password to prevent booting from external media but again there are ways around this too.

Perhaps you should regard your MAc as basically insecure and invest in an external drive with hardware encryption on it (fingerprint access etc) and then keep all you rsecure data on this.

Security is a sliding scale with convenience. If you aren't willing to sacrifice the convenience of having your data all on the Mac for the security of a protected external drive than perhaps your data is not so valuable.

[vmarks]

http://www.gcn.com/newspics/NSA_Hard...ips_MacOSx.pdf

and

http://www.nsa.gov/snac/downloads_ma...ID=scg10.3.1.1

Follow both of those. They're from the US national security administration.

[QSilver]

I agree with the commentary on strong passwords.

It does make me laugh, though, that there are many big websites, including some major U.S. financial instituitions, that do not allow 'special characters' in passwords. Not even the lowly hypen/dash.

QS

[bearcatrp]

I'll second about do not use file vault. Learned the hard way. Get a program that encrypts folders you want secured. As always... Backup your data.

[Big Mac]

Apple should remove FileVault and put per-folder in-line Finder encryption in its place. It's just too dangerous to use OS level encryption for entire Home folders.

[Maflynn]

^ Agreed, one small blip or corruption and the whole disk image is gone/unreadable

[Chuckit]

Since you're likely to store your most important docs in FileVault, doing per-folder encryption isn't that much better, is it?

[Big Mac]

The difference is that I have never even heard of a single adverse incident from people selectively using encryption on a subset of sensitive files, compared to all the reports of data loss as a result of FV.

[turtle777]

Originally Posted by Chuckit 

Say your passwords are "cabbage" and "rabbit" (obviously you wouldn't want these, but it's just an example).

You forgot to close your post:

[/noob__friendly_talk]

-t

[JKT]

Originally Posted by Big Mac 

The difference is that I have never even heard of a single adverse incident from people selectively using encryption on a subset of sensitive files, compared to all the reports of data loss as a result of FV.

The problem with per folder encryption is that any temp files generated by your software and located elsewhere in the system (e.g. in caches) are not encrypted and therefore wide open to data theft. FileVault has its place for people who need to make sure that their data is as secure as it possibly can be, especially anyone using a mobile system (just read about the innumerable incidents involving lost data by companies and government bodies here in the UK over the past year to realise how valuable FV and/or BitLocker would have been in those situations). With respect to file corruption etc. - it emphasises the high importance of having a sound backing up procedure for people who use any form of encrypted image or folder.

However, being able to do per folder encryption in an easy UI-friendly way (i.e. not having to use Disk Utility) would be highly beneficial as well.

[Big Mac]

Good points JKT, but if one is that concerened about unencrypted cache files, there's a good chance he or she would want/need encryption of the whole disk and not just the home folder. Full disk encryption is clearly the way to go in that situation, IMO.

http://discussions.apple.com/thread....5&#7970665

[Hal Itosis]

Originally Posted by Big Mac 

Good points JKT, but if one is that concerened about unencrypted cache files, there's a good chance he or she would want/need encryption of the whole disk and not just the home folder. Full disk encryption is clearly the way to go in that situation, IMO.

That'll keep the black hats at bay... but, then
the white hats will wonder: what up with that.