1. Strong login password (not just convenience)
System Settings → Touch ID & Password. Change to 12+ character password with mixed case + numbers + symbols.
Pakistani context: ATMs are PIN-only but Macs deserve more. A weak password = anyone with physical Mac access (cleaner, theft) gets your data.
Auto-lock: 15 minutes max idle time. Public/cafe use: 1–2 minutes.
2. Apple ID + two-factor authentication
Apple ID → enable Two-Factor Authentication (mandatory in 2026 for most uses).
Add multiple trusted phone numbers (yours + spouse/parent).
Recovery contact: set a trusted person who can help if you're locked out.
Recovery key: generate + store securely (separate from Mac).
3. FileVault — full-disk encryption
System Settings → Privacy & Security → FileVault → Turn On.
Default ON for Apple Silicon. Verify enabled on Intel Macs.
What this protects: if Mac is stolen, attacker can't extract files without your password. Without FileVault, Apple ID lock is theatre.
Recovery key: write down + store in physical safe. Without recovery key + without password = permanent data loss.
4. Firewall + stealth mode
System Settings → Network → Firewall → Turn On.
Options: enable 'Block all incoming connections' for public WiFi safety. Enable 'Stealth mode.'
Pakistani context: PTCL/Nayatel home networks generally safe. Cafe/hotel WiFi: firewall absolutely necessary.
5. Privacy permissions audit
System Settings → Privacy & Security. Review each category: Location, Camera, Microphone, Screen Recording, Full Disk Access.
Revoke permissions from apps you no longer use. Trust requirements drift over time.
Most concerning: Screen Recording (apps can capture your screen continuously), Full Disk Access (apps can read all your files).
6. Find My Mac — theft recovery
System Settings → Apple ID → iCloud → Find My Mac → On.
Includes 'Find My network' which uses other Apple devices to locate even if offline.
If stolen: icloud.com/find → Mark as Lost → display message + lock device. Police report: include Find My location data.
Pakistan recovery rate: low but possible. Some Lahore + Karachi police now accept iCloud-tracked phones/Macs as evidence.
7. Software updates set to automatic
System Settings → General → Software Update → Automatic Updates → enable all.
Security patches are 80% of macOS updates. Not updating = vulnerable to known exploits.
Schedule: critical security patches install automatically. Major upgrades (macOS version) ask before installing.
8. Backup encryption
Time Machine: enable 'Encrypt backups' when adding backup drive. Without it, an attacker with your external drive sees everything.
iCloud: encrypted by default. Enable Advanced Data Protection for end-to-end encryption (System Settings → Apple ID → iCloud → Advanced Data Protection).
9. Password manager + unique passwords
Use 1Password, Bitwarden, or Apple Passwords. Never reuse passwords across sites.
Pakistani banking sites especially: unique password + 2FA via SMS or app.
Enable autofill — it removes the temptation to use weak passwords.
10. Lock screen settings + activity safe
Hot corners: bottom-right or top-right corner → put display to sleep (instant lock).
System Settings → Lock Screen → Require password immediately after sleep.
Public-place habit: Control+Cmd+Q to instantly lock screen when stepping away.