MacBook – How to make MacBook require password after closing lid but NOT after sleep/screensaver

lidmacbook propasswordsleep-wake

For both battery-life and environmental reasons, I prefer my MacBook (Sierra) to enter sleep mode fairly quickly if I'm not using it. For security reasons, I would like for it always to require a password when it's opened. But it seems like the only way to make it lock when closed is to make require a password every time it goes into sleep mode.

Meanwhile (also for security purposes), I have a pretty long/random password — one I don't want to have to enter every time I leave my computer for five minutes. Surely I don't have to choose between security and battery life?

It seems like both would be pretty standard concerns for Mac users. All I want is for my machine not to require a password when it wakes up, and to require one whenever it's reopened.

Is there a way to achieve what I want?

Best Answer

You'll need to run a command that locks the Mac when the lid is closed that means when Mac goes to sleep, the command that needs to execute every time the Mac goes to sleep is: 

/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend

To run a command when the Mac goes to sleep you can use Sleepwatcher you have at least two options to install it:

  1. Downloading the files from the URL above and follow the instructions on ReadMe.rtf
  2. Installing a package manager like brew and after install it running brew install sleepwatcher, if you are familiar with some linux flavor then this is like the package manager apt-get for Ubuntu or dnf for Fedora and so on.

After installing sleepwatcheryou'll need to decide if you want to run it like a daemon or by command line:

  1. Running by command line:

    /usr/local/opt/sleepwatcher/sbin/sleepwatcher -s "/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend" &

    Maybe you'll need to change the path to sleepwatcher

    Parameter -s, taken from man page:

    Execute sleepcommand when the Mac is put to sleep mode. sleepcommand must not take longer than 15 seconds because after this timeout the sleep mode is forced by the system.

    The command needs to be between quotation marks

    With this option you'll need to run sleepwatcher manually on every logoff, restart or shutdown.

  2. If you decide to run sleepwatcher as a daemon, then you'll need to create or modify (in case you download the program from the web) a plist file that works as a configuration file to start a daemon, the plist file that I modify looks like:

    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>de.bernhard-baehr.sleepwatcher</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/opt/sleepwatcher/sbin/sleepwatcher</string>
        <string>-V</string>
        <string>-s /System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>KeepAlive</key>
    <true/>
</dict>
</plist>

    To start the sleepwatcher as a daemon you'll need to run the following command:

    launchctl load ~/Library/LaunchAgents/de.bernhard-baehr.sleepwatcher-ybr-localuser.plist

    You'll need to change the path to the plist file, the location of this file should be at:

    /Library/LaunchDaemons

    or

    ~/Library/LaunchAgents

    The first path is to run sleepwatcher for all users, the second path is to run per user.

    With this option sleepwatcher starts and stops automatically on every logoff, restart or shutdown.

Related Question