Secure Keyboard Entry Adds More Security to the Terminal in Mac OS X
Command line users who wish to add an additional layer of security to their keyboarding within Terminal app can find a helpful privacy feature built into the Mac client. Whether aiming for generally increasing security, if using a public Mac, or are simply concerned about things like keyloggers or any other potentially unauthorized access to your keystrokes and character entries, you can enable this feature in the Mac OS X Terminal app to secure keyboard entry and any command line input into the terminal.
How well does it work? Well you should certainly do your own testing to confirm the security and not make any assumptions, but it’s worth noting that the description from Apple specifically says the feature “prevents other applications on your computer or the network from detecting and recording what is typed in into Terminal“. This makes Secured Keyboard Entry a potentially worthwhile security measure or additional privacy option to use when such precautions are needed on a Mac OS X machine.
How to Enable Secure Keyboard Entry in Terminal for Mac
Enabling Secured Keyboard Entry at the command line through Terminal app is extremely easy and always readily available, regardless of which version of Mac OS X is being used. Here’s what you’ll want to do to turn the added privacy feature on:
- Launch into the Terminal app if you haven’t done so already
- Pull down the “Terminal” menu and select “Secure Keyboard Entry” so that a checkbox appears next to it, signifying that it has been enabled
For users on their own secure personal Mac , this likely becomes an unnecessary precaution since the risk level is probably very low by default, but it’s a helpful tip if you’re using another untrusted computer, another work machine, a public computer, on a public network, or you’re in any situation where it may be warranted to have concern about another application or process potentially capturing keystrokes.
Be warned that enabling “Secure Keyboard Entry” will interfere with most password managers and anything else that attempts to automatically type and interact with the Terminal for you.
It should probably be obvious but we’ll point it out anyway; if you’re using this particular feature under the guise of adding an additional security layer to your typing within Terminal app and the command line, be sure to perform your own independent analysis and testing to determine if indeed the entry is secured.
Each situation will be unique and while some snooper apps and layers will be blocked by such a feature, it’s entirely possible that more advanced key loggers could still monitor the key presses, depending on the complexity of them.
Basically, if your aim is maximum security, you need to do your own thorough testing before you trust any particular process.
Try out a variety of key loggers installed at various layers of Mac OS X, from the kernel onward like what is offered in logkext, and make the determination on security and privacy yourself. Each situation will be different, and if you are particularly concerned about data security, it’s generally best to air on the side of caution and prudence than to make any particular assumptions about a machines security. This becomes particularly important on public-usage computers and when on a public network, situations that easily lend themselves to potential abuse by nefarious third parties and actors.
Of course, you can also turn the feature off again by going back to the Terminal menu and unselecting “Secure Keyboard Entry”, just be sure the menu option is unchecked to confirm that it is disabled.
The article is a bit misleading as it makes a lot of assumptions, that being said it does make it known they’re just putting this information out there.
Just to clarify, this feature is NOT to prevent against key loggers; instead, it prevents remote hardware from accessing the Terminal. In other words, hackers with remote access will be prevented from running keystroke commands from their device. No security is added locally.
Essentially the “EnableSecureEventInput” command is just being ran.
Hope this helps!
Well that’s useful. Does it encrypt the typing or what? Wish it was better explained by apple on how it works. Cool thoigh. Will use!
Shell history does not store entered passwords. This feature is more aimed at ensuring that passwords are not stored, than blocking access to anything displayed by Terminal. Unless you’re running all apps in sandboxes, apps will still be able to see what is on the Terminal’s screen/logs.
What about the shell history? Does that not save the entered commands as well and therefore completely kills that added security on a public mac for example?
No Comment ? :)