When i was growing up my parents

left the front door unlocked.

Crime was low.

We didn’t really have much to steal.

The neighborhood was small

and well patrolled.

Neighborhood watch was everybody

watching out for everybody else.

My father kept the traffic under

control by yelling,“SLOW DOWN!”

at the speeding teenagers.

As time went on i moved to

more densely populated areas.

In the apartments i locked the front door.

The windows and backdoor were locked too.

i have never owned a burglar alarm.

The front door lock has always kept the bad guys out.

Today i live in a vast, densely populated world called The Internet.

My house is my computer.

i lock the front door.

My computer has an administrator’s password

It is also known as an admin or login password.

When i turn on my computer, the login password is required.

Many Mac users teach their computer to login automatically.

This means that when they turn on the computer it unlocks the front door

for them and delivers them directly to their desktop.

Anyone sitting in front of the computer can walk right in.

Automatic login also leads to users not knowing their admin password.

“I don’t have a computer password” is a common claim.

Of course, your computer does have a password.

If it did not, you would not be able to login, change critical settings

or install software.

The very fact that your computer account has a password

protects you from hackers and viruses.

Hackers that gain access to your home network still need your login password

to steal your stuff.

Viruses which try to install themselves onto your computer

need your admin password to do so.

The key to your computer account can be reset.

Anyone sitting in front of the computer can start it up in Recovery mode,

enter resetpassword in the Terminal and change your admin password.

Remember, resetting a password in Recovery mode does not reset

the login keychain password.  If you do not know the original password

of your Keychain, a new keychain will have to be created and all remembered

account passwords will have to be retaught.

If more security is desired in the real world, you can lock the gate

in the fence around your house.  So too with your computer.

Apple provides a very secure fence called FileVault 2.

FileVault is a full disk encryption scheme which locks

your entire startup volume.

It also sets a firmware key which disables

startup keyboard commands such as Recovery mode (command-R).

To turn on the computer, with FileVault enabled a password is required.

The FileVault password cannot be entered automatically.

It has to be entered manually by a user who has an account on the computer.

Whether a user can unlock the disk is further controlled by an administrator.

Anyone hacking into a FileVault protected computer would only see

scrambled code.

If the FileVault password is forgotten there are two ways to reset it:

1. 1.The person who set up FileVault can associate it with 
   

            an Apple ID account.

2. 2.A recovery key can be generated that will reset FileVault
   

            if it’s password is lost.

In the case of FileVault being secured with an Apple ID,

entry of Apple ID email address and password will reset

the FileVault password.  Apple stores a recovery key

in the Apple ID iCloud account of the computer’s administrator. 

There must be an Internet connection for this method to work.

With a recovery key, it is essential that the key be kept in a safe place

outside of this computer.  A good way to keep this key would be

a photo of the key stored in a safe, remote location.

If the FileVault password is lost and the recovery key is lost or inaccessible

all the data on this computer is lost.

No one, not even Apple, can decrypt a FileVault protected volume

without the password or the recovery key.

In other words,

lose the FileVault password and the recovery key

and ALL your data is lost.

We also keep some of our data in Internet storage lockers.

Backup drives contain our data.  Perhaps they should be locked

such as with encrypted Time Machine.

Internet storage such as iCloud, Dropbox and our email accounts

are all locked with passwords.

Don’t lose these keys.

Back door and window locks such as password management programs

and firewalls are a matter of choice.

The lock on the front door in this age of the Internet is required.