Hardware

Handy screen locking tips for Mac

Mac does not enable screen-locking that requires an unlocking password by default, but you can enable this capability. Vincent Danen offers a few easy methods to set up screen-locking for better security.

With Fedora, and most other Linux distributions, hitting CTRL-ALT-L by default will engage the screensaver and lock the screen. With Windows, hitting CTRL-ALT-DEL engages the screensaver and locks the screen. On the Mac, however, there is a rather strange keyboard combination that will blank the screen (CTRL-SHIFT-EJECT), but by default does not lock the screen. For a Mac to be considered as secure as Linux or Windows in the work place (or by anyone that values their privacy), making it so that a quick keyboard combination locks the screen is an absolute must.

Unfortunately, while OS X has this capability, it is not enabled by default. To enable requiring a password when the system has started the screensaver, start System Preferences and go to the Security section. Under General, enable the Require Password After Sleep Or Screen Saver Begins. You can specify a timeout as well, so that OS X will only require a password after the screensaver has been active for a minute, or five minutes. This would largely depend on your needs and whether or not you have a short idle timeout (which is defined in the Energy Saver section of System Preferences).

Once this preference is enabled, you can use the CTRL-SHIFT-EJECT shortcut to start the screensaver. If you use Windows or Linux, this shortcut is extremely different and possibly difficult to remember if you are not used to it, but luckily OS X makes it easy enough to make it something more memorable.

If you're a heavy mouser, then enabling one of the screen corners to be a "hot corner" to enable the screensaver might work best. To do this, in System Preferences, go into Desktop & Screen Saver and select the Screen Saver tab. At the bottom of the pane there is a Hot Corners... button that, when clicked, allows you to define which corner of the screen you can mouse to in order to engage the screensaver. There are a few options: enable screensaver, disable screensaver, and put display to sleep (amongst others). To use the mouse to quickly lock the screen, choose Start Screen Saver and select which corner you want to use; I'd suggest either the bottom left or right corners to avoid accidentally triggering it when using the menubar.

If mousing to part of the screen isn't your thing, you can use the keyboard to lock the screen, but it takes Automator (or a third-party application, but Automator is the better bet if you're using OS X 10.6). Launch Automator and create a new service.

Tell the new service that it receives "no input" (rather than the default of "text"). The default is also for "any application", make sure to keep this set. Next, drag the Start Screen Saver action from the Utilities action group to the workflow. Finally, save the service and give it a name, such as Start Screensaver. Go back to Keyboard Shortcuts in the Keyboard section of System Preferences and look in the Services group. Scroll down to the General section and you will see the newly created Start Screensaver service is enabled. Click in the whitespace to the far right of this entry and a new entry box will appear. Type the keyboard shortcut, such as CTRL-OPT-L.

Exit System Preferences.

You will now be able to hit CTRL-OPT-L and activate the screen saver in order to lock the screen. If you wish to return to the login window instead (you are still logged in, but the computer is locked) rather than activate the screensaver, change the Automator service to Run Shell Script instead of Start Screen Saver and have it run the following command:

/System/Library/CoreServices/Menu\ Extras/user.menu/Contents/Resources/CGSession -suspend

Depending on your needs, you may prefer hot corners, or you may prefer keyboard shortcuts. For myself, hot corners always seem to get triggered by accident, so a keyboard shortcut is ideal.

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks