Security is more important now than ever before, but it must be done in layers. Making sure you have the latest patches from Apple and other vendors, having a good password, and encrypting your hard drive. But what happens if someone steals your laptop? With a little know how a thief can boot your laptop into Recovery Mode, wipe it clean, and reuse and resell it. Apple has done a number of things to prevent this, especially if you’re using a recent version of Mac OS and are signed into your Apple ID on that machine. But you can go a step further by using a firmware password. Doing this will prevent anyone from booting into Recovery Mode or an external boot source, such as a flash drive, without typing in a password. If you want to enable this, watch the video above or keep reading this article.

IMPORTANT: If you are using a M1 Mac or any other Mac using Apple Silicon, you won’t be able to do this, as Apple is using newer tools that already encrypt the firmware. This will only work on Intel-based Macs.

Enabling the Firmware Password

1: Shut down your Mac.

2: Once the Mac has completely shut down, hold down the “Command” and “R” keys. While holding them, turn on your Mac and keep holding them until you see the Apple logo and the loading bar.

NOTE that the loading bar and boot time might be a bit longer than you’re used to. This is normal.

3: The Mac will now be in Recovery Mode. It’ll be a window with options for “Restore Time Machine”, “Reinstall Mac OS”, “Safari”, and “Disk Utility”. Instead, go up to the Menubar and hit the section that says “Utilities”

4: In the “Utilities” dropdown menu, it will look a little different depending on what version of Mac OS you’re running.

• If you’re using Mac OS 11 “Big Sur” or newer, you’ll click on “Startup Security Utility”
• If you’re using Mac OS 10.15 “Catalina” or older, you’ll click on “Firmware Password”

5: A box will appear that says “Firmware password protection is off”. Hit the button in the bottom right that says “Turn on Firmware Password”.

6: When you hit the button, a new smaller window will appear over the previous one with 2 password boxes. The first is the password you want to set, the 2nd box is to verify you’ve typed in the correct password. Type in the password you want, then hit “Set Password”. MAKE SURE YOU RECORD THE PASSWORD IN A SECURE WAY. IF YOU LOSE THIS PASSWORD, YOU MAY NOT BE ABLE TO BOOT INTO RECOVERY MODE OR AN EXTERNAL DRIVE WITHOUT MESSING WITH THE LOGIC BOARD.

7: Assuming you typed in the same password in both boxes, they will disappear, and the previous box will be left, but now the button will read “Quit Startup Security Utility” or “Quit Firmware Password”. Hit the button then reboot the Mac from the Apple logo in the top left hand corner.

8: Your firmware password is now set. To verify this, reboot your Mac and hold Command-R during reboot. Instead of the Apple logo, you’ll see a lock icon and a password box. This is the firmware password box. To get past it, you’ll have to enter the firmware password in the box and hit Enter or the arrow logo at the right of the box. Otherwise to boot into regular Mac OS, you’ll need to just reboot the machine.

Change or Disable the Firmware Password

In order to disable the firmware password, you will need to know the password. There are some ways you can reset it via the motherboard, such as removing the CMOS battery, but we’re not going to cover them here as that is very dependent on the model of Mac you have, but also could damage your Mac if you’re not careful. That said, let’s walk through the official way to disable the Firmware Password.

1: Shut down your Mac.

2: Once the Mac has completely shut down, hold down the “Command” and “R” keys. While holding them, turn on your Mac and keep holding them until you see the Apple logo and the loading bar.

3: The Mac will now be in Recovery Mode. It’ll be a window with options for “Restore Time Machine”, “Reinstall Mac OS”, “Safari”, and “Disk Utility”. Instead, go up to the Menubar and hit the section that says “Utilities”

4: In the “Utilities” dropdown menu, it will look a little different depending on what version of Mac OS you’re running.

• If you’re using Mac OS 11 “Big Sur” or newer, you’ll click on “Startup Security Utility”
• If you’re using Mac OS 10.15 “Catalina” or older, you’ll click on “Firmware Password”

5: A box will appear that says “Firmware password protection is on”. This time you’ll have 2 buttons, on which says “Change Firmware Password” and the other that says “Turn off Firmware Password”.

6: If you want to change the password hit the button labeled “Change Firmware Password”. A box will appear asking you for the current password, and then 2 boxes to type in your new password. The first box is the password, and the second box to verify you typed it correctly. Then hit “Change Password”.

7: If you want to turn off Firmware passwords completely, then hit “Turn off Firmware Password” A box will appear, and then you’ll type in your current firmware password, and hit “Turn off Firmware Password”. You’ll then be prompted to quit Startup Security/Firmware Password Utility.

8: Either way, reboot your Mac and your password changes will be set.