Mac: What protects the firmware password and how do I turn it on?

Set the EFI password on the Mac

After I recently made a contribution to the topic "FileVault"And had the related pros and cons of hard disk encryption on the blog, I thought the firmware password topic would be a good addition. The firmware password is also a step to consider when looking at your data and want to better protect your Mac.

With the EFI password, booting the Mac from CDs, DVDs, USB sticks and other volumes is only possible if you know the password.

With the EFI password, booting the Mac from CDs, DVDs, USB sticks and other volumes is only possible if you know the password.

What is the firmware or EFI password useful for?

Many Mac users are probably familiar with the "trick" of booting their Mac from an external hard drive or USB stick in an emergency. To do this, hold down the ALT key when restarting and go to the startup manager, which allows you to select the startup volume.

The Boot from the recovery partition Using the command CMD + R is also conceivable in order not to boot the Mac from the set startup volume. Both ways can be used to view, copy or change data on the system hard drive via detours.

Of course, the attacker would have to have access to the Mac for this, but if you lost your MacBook, this would be a very conceivable option so that the thieves can access the internal hard drive or SSD - provided it is not encrypted via FileVault.

However, if the firmware password is activated, a lock symbol and a password field appear when you try to use the startup manager or recovery mode. You can only continue with the boot process if you enter the correct password here. In this way, the above-mentioned attacks can be prevented.

Why do some speak of an EFI password?

The firmware and EFI are basically the same things. The abbreviation EFI stands for "Extensible Firmware Interface". PC users are probably familiar with the term "Bios" - this corresponds to the EFI on the Mac. The EFI is loaded first when the Mac starts before the boot process continues from the startup disk.

The firmware password can be activated via the security utility on the Mac in safe mode.

The firmware password can be activated via the security utility on the Mac in safe mode.

How to use the firmware password on the Mac

If you now want to secure the Mac with the firmware password, proceed as follows:

  1. Restart Mac and hold down the key combination CMD + R (Recovery mode)
  2. In the "Recovery" window select the item "Start security utility" in the menu at the top
  3. in the following window select "Activate firmware password"
  4. the Mac now asks you to enter the password twice
  5. Restart your Mac
This is what it looks like when the Mac boots into recovery mode (Photos: Sir Apfelot).

This is what it looks like when the Mac boots into recovery mode (Photos: Sir Apfelot).

Important: make a note of your password

The EFI password is not requested every time the Mac is restarted, but only whenever you want to switch to recovery mode or the startup manager. For this reason, most users may not be as familiar with the password as the user password, which you definitely have to enter more often.

I would therefore recommend writing down the firmware password somewhere. If you forget it, you have to take the Mac to an authorized Apple provider or to an Apple store so that they can help back up the data.

The firmware password protection is switched off for me because I often have to boot my Mac for test purposes with the boot manager or in safe mode (photos: Sir Apfelot).

The firmware password protection is switched off for me because I often have to boot my Mac for test purposes with the boot manager or in safe mode (photos: Sir Apfelot).

Have I personally activated the EFI password?

No. This protection is not active for me. I only use my Mac in a very predictable environment. I rarely travel, I don't take my MacBook Pro to Starbucks, and I don't have an open-plan office. For this reason, I'm not really worried that a stranger might get hold of my Mac.

For people who travel a lot and for whom there is a real risk that the Mac is lost or that third parties can work unattended on the computer in the office, for example, activating the firmware password in addition to FileVault is a sensible thing to do.

-
Do you like my blog? Then I would be happy to receive a short review on Google. Easy leave something here for a moment - that would be great, thank you!

 

Effectively for free: iPhone 13 Mini and iPhone 13 deals with top conditions at Otelo - Advertisement

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * .