OS X: About Back to My Mac security with iCloud
Back to My Mac is an iCloud feature that makes it easy to automatically and securely connect to other computers over the Internet. For more information about iCloud security, see this article.
To ensure network connections between your computers are secure over the Internet, Back to My Mac uses IPSec and SSL to encrypt and secure communication between your Macs and the Back to My Mac servers.
To provide secure and trusted authentication, Back to My Mac uses Kerberos with Digital Certificates. Kerberos provides an additional convenience; it eliminates the need for you to enter your username and password each time you wish to reach another computer in your Back to My Mac network.
Security tips for using Back to My Mac
Since computers in a Back to My Mac network can automatically discover and authenticate to configured sharing services, it's important to consider the security of each computer that joins your Back to My Mac network.
- Choose a strong password for your iCloud account. Anyone who knows your iCloud password could access all the computers in your Back to My Mac network. Therefore, it is very important to choose a strong password and keep it safe.
- Consider who has physical access to each of your computers. Anyone who knows the login name and password of your computer could potentially access shared services on all of the others. Therefore, just as with your iCloud password, you should set a strong password for your Mac OS X user account in System Preferences.
- Before you disconnect from sharing a screen with a remote computer, you should lock the screen on that remote computer (see "1. Enable the Require password immediately after sleep or screen saver begins option" below).
- You should follow these recommendations for all computers in your Back to My Mac network:
- Enable the "Require password immediately after sleep or screen saver begins" option in the Security & Privacy pane of System Preferences. Choose a start time (using the default "immediately" start time is recommended).
- Enable the Lock Screen option.
- In your Applications > Utilities folder, click the Keychain Access icon.
- From the Keychain Access menu, choose Preferences.
- In the Preferences window, click the General tab.
- Click "Show keychain status in menu bar." A padlock icon appears in the menu bar at the top of your desktop.
- Click the padlock icon and choose Lock Screen to lock the screen when you're away from the computer.
- Disable automatic login for user accounts with an iCloud account that's signed-in.
- From the Apple () menu, choose System Preferences.
- Click "Users & Groups."
- Click the lock icon at the bottom of the window.
- Enter your administrator name and password, and click Unlock.
- Select Login Options, and from "Automatic login," select Off.
- Click the lock icon to prevent further changes and close the window.
Removing a computer from Back to My Mac
To prevent a computer from being part of your Back to My Mac network at any time, open iCloud preferences in System Preferences. Then, disable Back to My Mac by selecting the "Back to My Mac" checkbox. You can also click Sign Out in iCloud preferences to log out of the iCloud service completely on that computer.
About routers and firewalls
Your network setup may involve routers, firewalls, or a combination of both.
- Your Mac may connect to the Internet through a router or wireless base station. Back to My Mac works best when that router or base station supports either NAT-PMP or UPnP, which may not be enabled by default. To learn more, click here.
- For best compatibility with router devices, OS X Lion v10.7.3 or later is recommended.
- By default, the appropriate ports for Back to My Mac are already enabled in OS X Lion v10.7.3 or later.