I use a Mac as my daily driver. I'm a Mac guy and I've been one since all the way back when it was a white box sitting on my desk.While the Mac is generally better at protecting you from viruses malware and hackers. You can help make it more secure by hardening your Mac. This is a list that I've been keeping over the years I'm not sure where I got it or how it started but I figured I'd share it. I am by no means a security expert and I'm sure there's plenty of room for debate here. When deciding how far to secure your machine you should take a minute and assess your threat model? Are you going to DEFCON or Starbucks? Plan accordingly.
Disable Auto-Join Wi-Fi
Path: System Settings → Wi-Fi - Click Details next to your network - Toggle OFF Auto-Join
Disable AirDrop, Bluetooth, and Handoff (trust me on this this is a biggie)
AirDrop
Path: Finder → AirDrop - Set Allow me to be discovered by: No One
Bluetooth
Path: System Settings → Bluetooth - Toggle OFF
Handoff
Path: System Settings → General → AirDrop & Handoff - Toggle OFF Allow Handoff between this Mac and your iCloud devices
Disable Sharing Services
Path: System Settings → General → Sharing - Turn OFF all services (Screen Sharing, File Sharing, AirDrop Receiving, etc.)
Disable Automatic Login
Path: System Settings → Users & Groups - Click Login Options - Set Automatic login → Off
Disable Location Services
Path: System Settings → Privacy & Security → Location Services - Toggle OFF Location Services
Set Short Screen Lock Timer
Path: System Settings → Lock Screen - Set Turn display off on battery when inactive → (e.g., 2–5 minutes) - Set Turn display off on power adapter when inactive → (e.g., 5–10 minutes)
Require Password on Wake
Path: System Settings → Lock Screen - Set “Require password after screen saver begins or display is turned off” to Immediately
It might not be a bad idea to take a look at the following applications
BlockBlock – Alerts you when new persistent software tries to install on your Mac.
ReiKey – Detects keylogger activity by monitoring keyboard event taps.
OverSight – Notifies you when your Mac’s microphone or webcam is activated.
KnockKnock – Lists all software that automatically starts at boot for inspection.
Do Not Disturb – Alerts you to unauthorized physical access to your Mac.
KextViewr – Shows all currently loaded kernel extensions on your Mac.
NextDNS – Encrypts DNS queries and blocks trackers, ads, and malicious domains.
Tinfoil hat section. Do these things if you're really worried or paranoid
Prune Login Items
Path: System Settings → General → Login Items - Review Open at Login list - Remove anything unnecessary using the – (minus) button
Enable FileVault
Path: System Settings → Privacy & Security → FileVault - Click Turn On FileVault - Follow prompts to set recovery method
Disable iCloud Syncing (Temporarily)
Path: System Settings → [Your Name] → iCloud - Toggle OFF apps you don’t want syncing - Optionally sign out entirely (scroll down → Sign Out)
Disable Guest User
Path: System Settings → Users & Groups - Click Guest User - Toggle OFF Allow guests to log in
Disable Boot from External Media
Path: Recovery Mode Required
1. Restart Mac and hold Power button (Apple Silicon) or Command + R (Intel) 2. Open Startup Security Utility 3. Set External Boot → Disallow
(Remember to re-enable if needed later)
Disable Automatic Time Machine Backups
Path: System Settings → General → Time Machine - Toggle OFF Back Up Automatically
Limit Spotlight Results
Path: System Settings → Siri & Spotlight - Under Search Results, uncheck everything except Applications
Again, your mileage may vary.