Configure Firmware Password to better protect Mac

The Firmware password for a Mac is primarily used to protect a Mac from being booted into recovery mode or from external boot media should the Mac fall into the wrong hands.

Think of it like a PC BIOS password that prevents anyone from accessing the BIOS settings or boot menu.

Typically, short of flashing the firmware using a hardware firmware flash tool, it provides excellent protection for portables against theft & resale should they be stolen.

Prerequisites:

If the Mac already has a firmware password enabled, and you need to remove or change it, you will need to know the current firmware password.

Forgotten firmware passwords require a support ticket with Apple along with proof of purchase.

Steps:

Shutdown the Mac

Power on the Mac – holding down the left Alt/Option key until the boot menu is displayed

Image result for apple boot menu

Once here, hold down the Command key and press R

The Mac will now boot into recovery mode

Once booted into recovery mode, select the language and you will then be at the recovery mode home screen

Image result for apple booting recovery mode

In the Utilities menu at the top, select Startup Security (for T2-enable Macs) or Firmware Password Utility (for older Macs)

If no password is currently set, you should have the option to Set Firmware Password…

Startup Security Utility on Mac with Apple T2 Security Chip

Once you have set the password, use Command+Q to exit back to the recovery mode home screen, use Command+Q to quit – selecting Reboot or Restart Mac.

Now whenever you boot the Mac holding down the Alt/Option key or any other startup interactive modes, you will be prompted for the firmware password you have set.

To remove the password, you will need to boot back into recovery mode and turn off the firmware password.

Notes:

As previously stated, it is highly recommended this is configured for all portable Macs where possible. Ideally, the client / user should know & document their firmware password – along with being it documented in both the Autotask configuration item and the ticket as an internal note.

Ticket should have “Firmware Password” in the description area or title for ease of search if its not being done in the initial setup ticket.

Failure to document & recall the password when required will require a password removal via Apple support, which will require the Mac, proof of purchase and the Mac will be out for service for a period of time while Apple technicians re-flash the firmware.

Leave a Reply