Securing your Mac with EFI Firmware Passwords

Most of us recognize the risks associated with clicking suspicious links or responding to emails from purported princes from afar who are in a pinch and promise to shower us with luxuries if only we will assist them in getting out of their temporary bind. So, naturally, we ignore these requests in order to protect our computers and the information we have stored on them. We are so heavily warned in regards to the digital security of our devices that this is obvious to us, but we often forget about the potential for our machines to be physically accessed by an unauthorized party. Many believe their information is safe because they have set unique account passwords to protect any attempts at a breach. This is, after all, the purpose of having passwords in the first place. Unfortunately, the information stored on your machine is still susceptible to hijacking if critical security measures are overlooked.

We all want to protect the data on our computers. We can use our account passwords to prevent people from logging into our user accounts and we can encrypt the contents of our startup disks using FileVault but, for someone with physical access to a machine, entry is only a startup key combination away.

Perhaps the simplest way to prevent anyone from easily accessing your machine is by setting your firmware password. Built into each recent version of Mac OS X is the ability to access an interface prior to logging into a machine to complete handy tasks, such as resetting the sole admin’s forgotten account password to ensure they do not lose the precious cargo residing within. If your firmware password is set, you will be prompted for it prior to making such a change. If it is not, however, anyone can boot up your computer into recovery mode, access terminal, and reset the password to any account on your machine using a simple command. This is just one of several scenarios in which your information could be compromised in the wrong hands if you fail to set a firmware password.


Steps to Enable EFI Firmware on your Mac – Option 1

Simply power down your Mac, and power it back up while holding Command + R to access recovery mode (you can let go of the keys once you see the Apple logo). Once in recovery mode, click ‘Utilities’ from the menu bar at the top of your screen, select ‘Firmware Password Utility,’ and follow the prompts to activate and set your password. It is critical that you DO NOT LOSE your firmware password, as doing so will prevent even you from accessing your machine. If you must write it down then do so, but remember to store it in a safe and secure place because your digital security measures are significantly diminished if you do not physically protect access to your assets.

Steps to Enable EFI Firmware on your Mac – Option 2

If you are already logged into your Mac, there is no need to reboot your machine. Simply launch Terminal.app which is located in the /Applications/Utilities folder, and issue the command
sudo firmwarepasswd -setpasswd

In addition to setting your firmware password you can also use the following commands:
sudo firmwarepasswd -check Checks to see if password is enabled
sudo firmwarepasswd -verify Confirm the password is what you think it is
sudo firmwarepasswd -delete Delete the current EFI Password


Are there ways around the EFI Password?

We get this question a lot, and while we would like to tell you the answer is no, the reality is there are ways to get around it. If you have set an EFI password on your machine and have forgotten the password, you may stop into our offices or mail your unit to us to have the EFI password cleared from the machine. Please be aware we will require that you prove that you are in fact the owner of the machine prior to it being unlocked. For those who live near an Apple Retail Store you can also have your password cleared at the Genius Bar. For Apple Retail Store locations click here.

Write a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.