Firmware Password

A security feature that requires a password to start up from alternative startup disks, boot into Recovery Mode, or access startup options.

What to Know

Firmware Password prevents unauthorized users from bypassing macOS security by booting from external drives, accessing Recovery Mode, or entering Single User Mode. Without this protection, anyone with physical access to a Mac can bypass FileVault, reset user passwords, or extract data from the drive. For organizations with compliance requirements or high-security environments, Firmware Password is essential to ensure device-level security isn’t defeated by simple boot-time workarounds.

Common Scenarios

Enterprise IT: Corporate IT enables Firmware Password on all company Macs to prevent unauthorized access if devices are lost or stolen. This ensures that even if FileVault is bypassed or the drive is removed, corporate data remains protected and the device can’t be repurposed without IT authorization.

MSP: MSPs enable Firmware Password on client executive laptops and devices that frequently travel or contain sensitive client data. This adds a critical layer of physical security that prevents unauthorized access even if the device is lost during travel.

Education: Schools enable Firmware Password on faculty laptops and administrative Macs containing student records to comply with data protection regulations like FERPA. This prevents unauthorized students or visitors from accessing protected information by simply booting from a USB drive.

In Addigy

Addigy can deploy Firmware Password to managed Macs via MDM, allowing centralized enforcement without requiring manual configuration on each device. However, Addigy cannot remotely remove Firmware Passwords set outside of MDM, so organizations should document and escrow passwords to avoid device lockouts during service or decommissioning.