I have a MacBook Pro with full disk encryption. I'd like to secure my information from someone who steals my computer or has physical access to it while it's unattended. Are any of these methods more effective than others?
- Lock Screen with password required
- Sleep
- Log out
- Shut down
I'm interested in attacks that would allow them to unlock and use the computer as well as ones that would allow them to access information stored on the computer without unlocking it.
This question is partly theoretical, so for the current purposes please assume that:
- The attacker can't guess / brute-force the password
- I'm not concerned about hardware attacks like inserting a hidden microphone or physical keylogger
- I'm not interested in options to remotely wipe or lock the computer
- I understand that there's no such thing as perfect security; I'm just interested in differences between the options
Best Answer
Shut Down
Shutting down your computer is better than all the other methods. A shut down computer has less surface area to attack.
Who is the Attacker?
If the attacker is a nation state, well funded, or highly motivated, then the difference between a computer that is asleep, logged out, or locked is likely insignificant. For all these states, the computer is booted with the storage accessible to at least one process.
If the attacker is one of the above, then physical access will be enough to compromise your computer.