Setting a strong password for your user account and enabling FileVault encryption of your Home folder are powerful security measures that every user is prompted to do when setting up a new Mac. However, even with these in place, the Mac can be booted from an external drive or in Restore mode, giving a savvy intruder some limited access to the system. There is a simple way to eliminate this, though, and that is setting a firmware password.
A firmware password stops anyone from booting from any external source without a password. The firmware password is stored on the motherboard, and so cannot be reset or deleted without having the password. A quick warning before doing this: If you forget the firmware password, the Mac will need to be taken to an Apple Store or Authorized Service Provider to have them reset it.
Because of that, if you don’t have data on your computer that you feel requires this level of caution, you may want to just skip this. If, however, you feel that you would benefit from this extra layer of security, here is how you set a Firmware Password:
- Shut down the Mac, then hold ⌘-R while turning it back on. Continue to hold these keys until you see the Apple Symbol with a status bar loading below it. This boots the Mac into Recovery Mode.
- If prompted to choose a language, choose one, then press Return.
- In the menubar, choose UTILITIES, FIRMWARE PASSWORD UTILITY.
- Click TURN ON FIRMWARE PASSWORD.
- Type the password you would like to set, verify it, then click SET PASSWORD.
- Click QUIT FIRMWARE UTILITY, then restart the Mac normally.
To change or turn off the Firmware Password, follow steps 1-3 above (you will be prompted to enter your Firmware Password when booting into Recovery Mode this time), then click CHANGE PASSWORD or TURN OFF FIRMWARE PASSWORD.
Jason Merrill, Mac & iOS Consultant