Full guide: Security in macOS
Next: 2. Protect macOS local disk
Before implementing additional layers of security, we should provide a backup for secured data. We can use for this the following equipment:
- Different PC or laptop
- External drive
- Phone
When we encrypt data on macOS we should have a backup copy of our data. For this we can use a separate device which is stored in a safe place. For example, we can use a laptop or phone with VeraCrypt encrypted volume.
Pros:
- VeraCrypt is an Open Source projects which was audited
- VeraCrypt volumes can be decrypted on Windows, Linux, Unix, macOS, Android and iOS.
Plan
- Create and store backup password safely
- Create an encrypted volume
- Place critical data to the encrypted volume
- Store volume in a safe location
Create and store backup password safely
It is preferably to use strong password and in your brain.
You can find some usable ideas how to create a strong and memorable password here:
- How to create a strong password
- 9 Strong Password Ideas For Greater Protection
- 5 Strong Password Ideas to Boost Your Security
- 14 Great Password Ideas
- DuckDuckGo…
Create an encrypted volume
> Note: All mentioned steps are performed on macOS.
- Download and install VeraCrypt on macOS
- Run VeraCrypt and create a volume
- Create Volume → Create an encrypted file container → Standard VeraCrypt volume → ~\Desktop\backup-disk
Encryption Algorithm: AES(Twofish)
Hash Algorithm: SHA-512
Volume Size: 1GiB
Volume Password: <Very strong password>
Filesystem type: exFAT
I will mount the volume on other platforms
Move mouse around the Desktop for randomness collection until line will be filled
→ Format
Place critical data to the encrypted volume
Now, we can place our critical data to the encrypted volume. The data can be the following:
- Password manager database
- GPG keys
- SSH Keys
- Other important and not so big files
Store volume in a safe location
We should store our encrypted volume at least in 2 copies and safe locations.
It is preferably, to store data offline on USB drives, SD cards and other media.