Securing Your Mac: Setting up a Firmware Password

The video version of this article!

Security is more important now than ever before, but it must be done in layers. Making sure you have the latest patches from Apple and other vendors, having a good password, and encrypting your hard drive. But what happens if someone steals your laptop? With a little know how a thief can boot your laptop into Recovery Mode, wipe it clean, and reuse and resell it. Apple has done a number of things to prevent this, especially if you’re using a recent version of Mac OS and are signed into your Apple ID on that machine. But you can go a step further by using a firmware password. Doing this will prevent anyone from booting into Recovery Mode or an external boot source, such as a flash drive, without typing in a password. If you want to enable this, watch the video above or keep reading this article.

IMPORTANT: If you are using a M1 Mac or any other Mac using Apple Silicon, you won’t be able to do this, as Apple is using newer tools that already encrypt the firmware. This will only work on Intel-based Macs.

Enabling the Firmware Password

1: Shut down your Mac.

2: Once the Mac has completely shut down, hold down the “Command” and “R” keys. While holding them, turn on your Mac and keep holding them until you see the Apple logo and the loading bar.

A picture of a MacBook Pro keyboard with 2 arrows pointing to the R key and the Command keys to the left of the space bar.

NOTE that the loading bar and boot time might be a bit longer than you’re used to. This is normal.

3: The Mac will now be in Recovery Mode. It’ll be a window with options for “Restore Time Machine”, “Reinstall Mac OS”, “Safari”, and “Disk Utility”. Instead, go up to the Menubar and hit the section that says “Utilities”

4: In the “Utilities” dropdown menu, it will look a little different depending on what version of Mac OS you’re running.

  • If you’re using Mac OS 11 “Big Sur” or newer, you’ll click on “Startup Security Utility”
  • If you’re using Mac OS 10.15 “Catalina” or older, you’ll click on “Firmware Password”
A picture of Recovery Mode with the 4 core items in the bottom right, and the MenuBar in the top left corner with the "Startup Security Utility" highlighted under the Utilities MenuBar item.

5: A box will appear that says “Firmware password protection is off”. Hit the button in the bottom right that says “Turn on Firmware Password”.

The Startup Security Utility Firmware Password box

6: When you hit the button, a new smaller window will appear over the previous one with 2 password boxes. The first is the password you want to set, the 2nd box is to verify you’ve typed in the correct password. Type in the password you want, then hit “Set Password”. MAKE SURE YOU RECORD THE PASSWORD IN A SECURE WAY. IF YOU LOSE THIS PASSWORD, YOU MAY NOT BE ABLE TO BOOT INTO RECOVERY MODE OR AN EXTERNAL DRIVE WITHOUT MESSING WITH THE LOGIC BOARD.

The new password and Verify password box.

7: Assuming you typed in the same password in both boxes, they will disappear, and the previous box will be left, but now the button will read “Quit Startup Security Utility” or “Quit Firmware Password”. Hit the button then reboot the Mac from the Apple logo in the top left hand corner.

8: Your firmware password is now set. To verify this, reboot your Mac and hold Command-R during reboot. Instead of the Apple logo, you’ll see a lock icon and a password box. This is the firmware password box. To get past it, you’ll have to enter the firmware password in the box and hit Enter or the arrow logo at the right of the box. Otherwise to boot into regular Mac OS, you’ll need to just reboot the machine.

Change or Disable the Firmware Password

In order to disable the firmware password, you will need to know the password. There are some ways you can reset it via the motherboard, such as removing the CMOS battery, but we’re not going to cover them here as that is very dependent on the model of Mac you have, but also could damage your Mac if you’re not careful. That said, let’s walk through the official way to disable the Firmware Password.

1: Shut down your Mac.

2: Once the Mac has completely shut down, hold down the “Command” and “R” keys. While holding them, turn on your Mac and keep holding them until you see the Apple logo and the loading bar.

3: The Mac will now be in Recovery Mode. It’ll be a window with options for “Restore Time Machine”, “Reinstall Mac OS”, “Safari”, and “Disk Utility”. Instead, go up to the Menubar and hit the section that says “Utilities”

4: In the “Utilities” dropdown menu, it will look a little different depending on what version of Mac OS you’re running.

  • If you’re using Mac OS 11 “Big Sur” or newer, you’ll click on “Startup Security Utility”
  • If you’re using Mac OS 10.15 “Catalina” or older, you’ll click on “Firmware Password”

5: A box will appear that says “Firmware password protection is on”. This time you’ll have 2 buttons, on which says “Change Firmware Password” and the other that says “Turn off Firmware Password”.

The Startup Security Utility box, but now with the Firmware Password Protection is on, with the options to "Change Password" and "Turn Off Firmware Password".

6: If you want to change the password hit the button labeled “Change Firmware Password”. A box will appear asking you for the current password, and then 2 boxes to type in your new password. The first box is the password, and the second box to verify you typed it correctly. Then hit “Change Password”.

The change password dialog box with "Old Password", "New Password", and "Verify" password boxes.

7: If you want to turn off Firmware passwords completely, then hit “Turn off Firmware Password” A box will appear, and then you’ll type in your current firmware password, and hit “Turn off Firmware Password”. You’ll then be prompted to quit Startup Security/Firmware Password Utility.

The turn off firmware password box, with the prompt to type in your old password.

8: Either way, reboot your Mac and your password changes will be set.

Feel free to comment.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.