2026 macOS Security Guide
At the end of every year, I do something that most people find unnecessary, slightly obsessive, or both: I completely reset my Macs and start from scratch.
This isn’t about chasing performance gains or fixing things that are broken. It’s a ritual. A clean slate. A way to enter the new year knowing exactly what’s on the machines I rely on every day—and just as importantly, what isn’t.
I thought this would be a good opportunity to share how I secure my macOS devices and inspire others to harden theirs in 2026.
Defining My 2026 macOS Threat Model
Before touching settings, I should define what I’m defending against.
For my daily Macs in 2026, the model is:
Commodity malware and phishing
Malicious or compromised developer tooling
Opportunistic attackers abusing misconfigurations
I am not optimizing for:
Nation-state adversaries
Highly targeted implant scenarios
Environments where usability is irrelevant
This matters. Hardening without a threat model leads to security theater. My goal is practical resistance without destroying productivity.
✅ The Basics:
Enable Automatic Software Updates
Why it matters:
Most macOS compromises exploit vulnerabilities that already have patches.
How to do it:
Open System Settings
Go to General → Software Update
Enable:
Download new updates when available
Install macOS updates
Install system data files and security updates
Open the App Store → Settings
Enable Automatic Updates
Keep third-party applications up-to-date.
I recommend MacUpdater to track third-party application patching.
Enable FileVault
Why it matters:
Protects all data at rest if your device is lost or stolen.
How to do it:
Open System Settings
Go to Privacy & Security → FileVault
Click Turn On FileVault
Choose:
iCloud recovery or
A local recovery key
Store this in your password manager, NOT IN PLAINTEXT!
Set A Strong Password
Why it matters:
Local access often equals total compromise.
How to do it:
Open System Settings → Users & Groups
Select your user → Change Password
Use a long passphrase (16+ characters) or passkey
Use A Password Manager
Why it matters:
To prevent the reuse of passwords on various sites and services.
How to do it:
Enable Screen Lock Settings
Why it matters:
To prevent unauthorized access to your device if it is left unattended.
How to do it:
Open System Settings → Lock Screen
Enable Require password after screen saver begins or display is turned off
Set this value to five seconds maximum
Disable Guest Access
Why it matters:
To prevent unauthorized access to your device.
How to do it:
Open System Settings → Users & Groups
Select Guest User
Disable Allow guests to log in to this computer
Disable Automatic Login
Why it matters:
To prevent unauthorized access to your device.
How to do it:
Open System Settings → Users & Groups → Login Options
Set Automatic login to Off
Enable The Firewall
Why it matters:
Limits network-based discovery and attacks.
How to do it:
Open System Settings → Network → Firewall
Turn Firewall On
Click Options
Enable:
Block all incoming connections (if appropriate)
Enable Stealth Mode
Remove unnecessary app exceptions
Disable Sharing Services
Why it matters:
Limits network-based discovery and attacks.
How to do it:
Open System Settings → General → Sharing
Turn off all settings
Consider turning off AirDrop or setting it to Contacts Only
Audit Privacy & Permissions
Why it matters:
To limit the overall impact of malicious software.
How to do it:
Navigate to System Settings → Privacy & Security and audit application permissions
Pay close attention to:
Location Services
Full Disk Access
Accessibility
Screen Recording
Input Monitoring
Wi-Fi & Bluetooth Security
Why it matters:
To reduce the impact of wireless-based attacks.
How to do it:
Wi-Fi
Navigate to System Settings → Network → Wi-Fi
Set Ask to join networks to Off
Set Ask to join hotspots to Never
Remove old or unused networks
Bluetooth
Navigate to System Settings → Bluetooth
Turn off Bluetooth when not in use
Remove old or unused devices
Monitor For Malicious Browser Extensions
Why it matters:
Browsers are the number one attack vector. It’s important to monitor and only install necessary browser extensions.
How to do it:
Navigate through your browser’s extensions and review their permissions and risks associated with having them installed.
Disable Safari From Opening Downloads Automatically
Why it matters:
To verify the software you’re downloading is legitimate.
How to do it:
Navigate to Safari → Settings → General
Deselect the option Open “safe” files after downloading
🎓 Next Level:
Depending on your threat model, consider enabling these additional settings to further protect your macOS device.
Change Default DNS Server
Why it matters:
Consider changing your default ISP DNS server to something faster and more secure. (Quad9, OpenDNS, Cloudflare)
How to do it:
Open System Settings → Network → Wi-Fi
Select Details → DNS
Add the IP Addresses of the DNS server you wish to use
Use A VPN
Why it matters:
Consider using a VPN on untrusted networks to encrypt your web traffic.
How to do it:
Download a reputable VPN service and ensure you’re connected on untrusted networks.
Run An Outbound Firewall
Why it matters:
The macOS firewall only protects against inbound connections. You need a firewall like LuLu to monitor and block outgoing connections.
How to do it:
Download LuLu and follow the setup instructions.
Monitor For Persistence
Why it matters:
One of the main indicators of compromise (IOCs) on macOS are malicious persistence files. These files are necessary for malware to run even after a computer is rebooted. Therefore, you need to monitor these files and locations for any strange activity.
How to do it:
Download KnockKnock and BlockBlock to monitor for persistence files. KnockKnock will scan and detect known malicious persistence, whereas BlockBlock will stop all new persistence files until the user explicitly reviews them.
Verify Software Signatures
Why it matters:
macOS has built-in security software designed to prevent malicious software from executing. This isn’t a foolproof approach; however, you should always verify file signatures before installing new software to ensure it’s legitimate.
How to do it:
Download What’s Your Sign? to verify cryptographic signing information before installing any new application.
Show All Filename Extensions
Why it matters:
To verify that the applications you’re running are legitimate.
How to do it:
Navigate to Finder → Settings → Advanced
Select Show all filename extensions
Require Secure Keyboard Entry
Why it matters:
By enabling Secure Entry, you can prevent other apps on your computer or the network from detecting and recording what you type in Terminal.
How to do it:
Open Terminal and enable Secure Keyboard Entry
Change Login Window Format
Why it matters:
Requiring an attacker to guess both the username and password reduces the chance of unauthorized access.
How to do it:
Open System Settings → Lock Screen
Next to Login window shows select Name and password
🥼 Expert Level:
If you’re a high-profile target or enterprise security engineer, review these guides to advance your macOS security:
You could also consider enabling Lockdown Mode for extreme cases.
Am I Secure Now?
“I followed all the steps in this guide. Is my device totally secure now?”
Short answer = No.
Security is a constant challenge. New vulnerabilities emerge daily, so you must learn how to protect yourself from these risks.
Good macOS Security Resources
TLDR
Keep your software up-to-date. (including third party software)
Choose your software wisely. (always verify it’s coming from a reputable source)
Reduce your digital footprint. (the less attackers know about you the better)
Don’t reuse passwords. (use a password manager to store and generate them for you)
Enable two-factor authentication on all your accounts. (specifically WebAuthn if supported)
Back up your data regularly.
Stay cautious. Most attacks today target users through social engineering.