In the next few months, many of us will replace our Macs, and pass on our old ones to relatives, purchasers, or for recycling. This article explains how best to prepare your Mac so that you don’t unintentionally give away anything sensitive to its next owner, or lose anything in the process.

Back up and sign out

Your first steps should ensure that your Mac doesn’t take with it anything that you might miss. That means making at least one full backup, and ensuring you have stored additional copies of important documents in archives.

One store you might forget are its keychains, that could contain old passwords that you might need to recover in the future. While you’re most likely keeping current passwords in the keychain shared in iCloud, older ones might remain, particularly in your old Mac’s login keychain. That should be in its backup, but keeping another copy is wise, and will include any security certificates you might not have used recently.

Next come third-party apps and subscriptions that need to be signed out or transferred. Check carefully through the Applications folder to ensure that you haven’t forgotten any that are still valid. Among those is the need to deauthorise your old Mac for Apple media, something you should do using one of its media apps such as Music or TV, or iTunes if it’s running an older version of macOS.

If it’s an Intel Mac and its firmware password has been enabled, start it up in Recovery and disable that before going any further.

T2 and Apple silicon

If it’s an Intel Mac with a T2 chip, or an Apple silicon Mac, your task is almost complete, as all that’s required now is to Erase All Content and Settings (EACAS).

There is one important exception to this, if you added any more containers or volumes to its internal storage. They aren’t protected by FileVault and the Secure Enclave, so need to be erased separately before using EACAS. This is most secure if those extra volumes or containers were also encrypted, but as you’re about to use EACAS, that should make it well nigh impossible for anyone to piece together the remains of your extra volumes on its SSD.

Start EACAS from System Settings > General > Transfer or Reset > Erase All Content and Settings…. In older versions of macOS that still use System Preferences, open them and it’s offered as a command in the app menu there. Once that’s done, all that remains is to remove that Mac from your account in the Apple Account pane on another Mac or device.

EACAS handles all the signing out that’s required, and disables Find My Mac and Activation Lock for you. But most importantly it ensures that no one can access the contents of its Data volume, by destroying the encryption keys used to encrypt that volume. Without those keys, it’s practically impossible for anyone to break that encryption and recover any of the protected data.

If your old Mac is going for recycling, you might like to open it up and physically destroy its internal storage, just to be safe.

Intel Macs without T2

EACAS is only available in Macs with T2 or Apple silicon chips. If your Mac doesn’t have either of those you’ll need to perform each step manually, going through

1. disable Find My Mac and Activation Lock
2. sign out of iCloud
3. sign out of iMessage
4. reset NVRAM
5. unpair all Bluetooth devices
6. erase the Mac and, if you’re passing it on to someone else, install macOS
7. remove that Mac from your account in Apple ID settings.

The biggest challenge is how to erase its storage securely. If it’s going for recycling, you can open it up and physically disrupt its storage, but when you’re passing that Mac on you obviously can’t do that.

If its internal storage is a hard disk, or Fusion Drive, the traditional solution is to perform a Secure Erase using Disk Utility. However, Apple has removed that from Sequoia, so you’ll need to create an external bootable disk with Sonoma or earlier to enable you to do that.

Secure Erase neither works nor is it wise when trying to clean an internal SSD, though. The most practical solution is to turn FileVault on, leave the Mac to complete encrypting the whole of its Data volume, then start it up from an external bootable disk and erase the internal SSD from there.

.AppleSetupDone

In the past, some have recommended deleting the .AppleSetupDone file in /var/db/, which then caused the Setup Assistant to launch when that Mac was next started up, to create a new local user. For a Mac that’s going to be used by someone else, this has never been a wise move, and Apple has stopped that from working in macOS Sonoma 14.0 and later. It’s far better to use EACAS to reset that Mac, then Setup Assistant will run when it next starts up.

Checklist

• Back up
• Make additional copies of important documents, keychain(s)
• Sign out from or transfer third-party apps
• Deauthorise for Apple media
• Disable firmware password (Intel)
• Delete any extra containers or volumes if they’ve been created on internal storage.
• Erase All Content and Settings (T2, Apple silicon), or manual list above
• Remove from Apple Account
• Physically destroy internal storage (if recycling).

A basic Mac system consists of the Mac itself and external storage for its backups, and is by far the most popular configuration. For many folk backing up the whole of its Data volume is wise, but that isn’t always the most economical. If the Data volume contains large items that don’t need to be backed up as often as its working folders, that can waste space. This article shows how you can make it more efficient without additional cost or hardware.

Backups and local snapshots

Most good backup utilities including Time Machine also make local snapshots of the volumes they back up. Let’s say your Data volume contains 100 GB of files that either change little or don’t need to be backed up as frequently as the rest. One proven strategy for minimising the time and storage required for backups is to add those to the exclusion list, and back them up separately, maybe only once a week. You can do that to another volume on external storage, provided you ensure there’s sufficient space for both that and your normal automatic backups.

What that doesn’t do is keep those 100 GB out of the frequent snapshots made of the Data volume. While you can exclude files and folders from backups, snapshots always include everything in that volume, without exclusions. The only way to save the space they add to snapshot size is to move them to another volume that doesn’t get snapshots made of it. But your Mac’s standard disk layout doesn’t provide any spare volume for that.

This could apply to all sorts of relatively static data that doesn’t need Time Machine’s automatic hourly backups, including Virtual Machines and some large media libraries, although you won’t then be able to share these in iCloud Drive, which would require them to be in your Data volume.

Boot disk layout

Standard layout of the internal SSD of an Apple silicon Mac running Sequoia or earlier is shown below.

Intel Macs have the same Apple APFS container with the Boot Volume Group in it, but the other two containers are replaced by a single small EFI partition.

Adding another partition or container is possible, but not recommended as it has a fixed size, and lacks the flexibility of a volume. It also risks disturbing the three existing partitions/containers. As they’re essential for the Mac to start up successfully, you don’t want to meddle with them.

In practice, the best place to add a new volume is inside the third container, the one already holding the System and Data volumes. Add that in Disk Utility once you’ve decided the next two steps.

Limit volume size

Your new volume is going to share space in its container with all the existing volumes, including both System and Data. It’s usually wise to impose a maximum limit on the size it can grow to, to avoid compromising any of those. When you add the new volume, put a sensible limit on its Quota Size.

Encryption

Although Apple’s documentation isn’t explicit, volumes added to the boot container aren’t protected by FileVault, unlike the Data volume. If you want your extra volume to be encrypted, you’ll have to format it in APFS (Encrypted). Whether that’s accelerated by the hardware in the Secure Enclave isn’t clear, and on Apple silicon Macs it’s hard to tell the difference, as you should get similar full speed performance from your extra volume to that of the Data volume.

Setting it up

Open Disk Utility, ensure its View options are set to Show All Devices, then select the Container holding the boot volumes. Click the + tool to add the new volume.

Give the volume a name, then click on the Size Options… button.

Enter your chosen Quota Size, as the maximum you want to allow the extra volume to use on the boot SSD, and click OK.

Then select whether you want it formatted in plain APFS, or encrypted, and click the Add button.

If you’ve opted for APFS (Encrypted) you’ll then be prompted to enter the encryption password. Unlike FileVault, there’s no option for a Recovery Key, or for iCloud Recovery.

When you first unlock the extra volume, you’ll be given the option to save its password to your keychain. That confirms this isn’t being performed by FileVault, as that protects its encryption keys in the Secure Enclave.

There are a couple of quirks:

• If you try unmounting the extra volume using the Finder’s contextual menu, macOS might try to unmount all volumes on the boot disk, and warn you that it can’t. Simply cancel those warnings, and the extra volume should unmount fine. If you’re worried by this, unmount the volume in Disk Utility, which isn’t as silly.
• You can use the Finder contextual menu to encrypt or decrypt the volume if you change your mind.

Summary

• To save space in local snapshots made for backups of your Data volume, move bulky items that you back up separately to an extra volume alongside the Data volume.
• Set a Quota Size on the extra volume to limit the maximum space it can take.
• Use plain APFS or APFS (Encrypted) as the extra volume can’t be protected by FileVault.
• If you encrypt the volume, safeguard its password as there’s no recovery option if you lose it.
• The extra volume performs as well as any other volume on the internal SSD, and is far faster than using external storage.

In the last couple of weeks I’ve been asked to help recover data lost when files have been accidentally deleted, and an internal SSD has been wiped remotely using Find My Mac. What we perhaps haven’t fully appreciated is how improved security protection in our Macs has made it far harder, if not impossible, to recover such lost data. Allow me to explain in three scenarios.

Lost files on a hard disk

When files are deleted from a hard disk, the file system marks them as no longer being in use, and they’re left in place on the hard disk until they need to be overwritten with fresh data. If the hard disk has ample free space, that could occur days, weeks or even months later. Data recovery software and services can be used to scan each storage block and try to reconstruct the original files. If the file system and its data are encrypted, the encryption key is required to enable the contents to be decrypted.

There’s extensive experience in such data recovery, and provided the disk isn’t physically damaged or malfunctioning, results can be surprisingly good. As services charge according to the amount of data they recover, there are also strong incentives.

This works both ways, of course, in that someone who gets access to that hard disk could also recover files from it if they’re unencrypted. For this reason, when you’re passing on or disposing of a hard disk, you should perform a secure erase to overwrite its entire contents. If it’s going for recycling, once that has been done, you should also render the disk unusable by physically damaging its platters.

Deleted files on an SSD

What happens on an SSD depends on whether there’s already a snapshot of that volume. If there is, and that snapshot includes the deleted files, the file system metadata for them is retained in that snapshot, and the storage containing their data is also retained. The files can then be recovered by mounting that snapshot and either reverting the whole volume to that earlier state, or copying those files to a different volume.

If there’s no prior snapshot containing the files, the file system marks their extents as being free for reuse. At some time after their deletion, that information is sent to the SSD in a Trim command. When the SSD next has a moment to perform its routine housekeeping, the physical storage used will then be erased ready to be written to again.

Although there’s some uncertainty as to when that Trim command will be sent to the SSD, one time that we know that supported SSDs are Trimmed is during mounting, in the case of an internal SSD when that Mac starts up. So if your Mac has started up since the files were deleted, those files are most likely to have been completely erased from its internal SSD. With their erasure, chances of ever recovering those files have gone.

Wiped Data volume

Macs with T2 or Apple silicon chips have an ingenious method of ‘wiping’ the entire contents of the Data volume when it’s encrypted on the internal SSD. This can be triggered using the Erase All Content and Settings (EACAS) feature in the Transfer or Reset item in General settings, or remotely via Find My Mac. Either way, this destroys the ‘effaceable key’ and the ability to decrypt the contents of the Data volume, even if it’s not additionally protected by FileVault. As Apple states: “Erasing the key in this manner renders all files cryptographically inaccessible.”

This is to ensure that if your Mac is stolen, no one can recover the contents of its internal SSD once it has been wiped in this way. Nearly a year ago there were claims that old data could re-appear afterwards, but those turned out to be false.

I’m afraid that the only way to recover the data from a volume wiped using EACAS or Find My Mac is to restore it from a backup.

Backups are more important

For Intel Macs with T2 chips, and Apple silicon Macs, the chances of being able to recover files from their internal SSDs have become diminishingly small. This makes it all the more important that you make and keep good and comprehensive backups of everything in your Mac’s Data volume.

I’m always sad to hear of those who have suffered data loss, and shocked to learn of how many still don’t keep backups.