We all want Mac laptops that can run for days on a single charge and never need their batteries serviced. Sadly, we’re always going to be disappointed. Battery and power management technologies continually improve, but those improvements are matched by more powerful processors and smaller designs with less room for battery cells. And, because physics is a harsh mistress, current lithium-ion batteries are always going to age chemically, so they hold less of a charge over time.
In the just-released macOS 10.15.5 Catalina, Apple has introduced a new battery health management feature that promises to increase the effective lifespan of the batteries in recent Mac laptops. It does this by monitoring the battery’s temperature and charging patterns and, in all likelihood, reducing the maximum level to which it will charge the battery.
You see the problem. While battery health management can extend your battery’s overall lifespan, it will likely also reduce your everyday runtime before you need to charge. It’s too soon to know the full extent of this tradeoff, and we suspect that it may be impossible to determine, given that everyone uses their Macs differently.
It’s worth noting that this battery health management feature appears only for those running macOS 10.15.5 or later, and only then if the Mac in question is a laptop with Thunderbolt 3 ports. In essence, then, it’s available only on MacBook Pro models introduced in 2016 or later, and MacBook Air models introduced in 2018 and later. (The Thunderbolt 3 port requirement is merely a shorthand way for Apple to indicate “recent Mac laptops.”)
So, if you have a supported laptop and you’re running macOS 10.15.5, what should you do? We see three scenarios:
- Favor lifespan: If you seldom run your laptop’s battery down to the electronic fumes because it’s easy for you to plug in whenever you need to charge, leave battery health management enabled. That will preserve the battery’s overall lifespan to the extent possible.
- Favor runtime: For those who need to eke every last bit of power from their batteries, disable battery health management. You might have to replace the battery sooner, but you’ll get more runtime in everyday usage.
- Switch as needed: Many people need the longest possible runtime only occasionally, such as on long flights with no under-seat power. In such situations, switch battery health management off for the flight and back on when you return to normal usage patterns.
Switching is easy, but Apple buries it deeply enough that it’s clear that the company doesn’t think most users should be disabling it regularly. Open System Preferences > Energy Saver, click the Battery Health button at the bottom, and in the dialog that appears, uncheck Battery Health Management and click OK. You’ll be prompted to make sure you know what you’re doing; click Turn Off to finish the job.
One final note. The reduced maximum capacity with battery health management enabled may have an undesirable side effect—a recommendation from the Battery Status menu’s health indicator that you need to replace your battery. To check your battery’s health, hold the Option key down and click the Battery Status icon on the menu bar. At the top of the menu, next to Condition, you’ll see either Normal or Service Recommended. (In previous versions of macOS, it could have said Replace Soon, Replace Now, or Service Battery.)
Regardless of the term, anything but Normal indicates that your battery is holding less of a charge than when it was new. If you see that message and you aren’t getting enough runtime for your needs, get the battery evaluated at an Apple-authorized service provider or Apple Store.
Social Media: If you have a Mac laptop with Thunderbolt 3 ports, the new battery health management option in macOS 10.15.5 Catalina could extend the lifespan of your battery. However, it comes at the cost of reduced everyday runtime. Learn more here:
It’s taken as gospel that Macs are more expensive than PCs. A quick look at the Dell Web site reveals laptops for as low as $300. Sure, we can say that the configurations aren’t comparable, that macOS is better than Windows, or that Apple’s hardware quality is superior. Still, our friendly local bean counters have trouble getting past those low upfront prices.
However, unless you’re Rancho Gordo, the goal isn’t to count beans, it’s to get work done, and that’s a different scenario. Let’s look at a few ways that Macs are not just worth the money but can also be cheaper than comparable systems. We’ll start with a Forrester Research study commissioned by Apple that compared the total economic impact of Macs and PCs in large companies with employee-choice programs. In such programs, every employee gets to choose between a Mac and a PC, providing a sizable group across which to compare numbers, but the conclusions apply to large and small organizations alike.
Deeper Cost Analysis
Although the Forrester Research study found that the upfront acquisition cost of Macs was indeed $500 higher than comparable PCs, when additional factors were taken into account, Macs ended up costing about $50 less.
That’s in part because Macs have a higher residual value after 3 years, meaning that you can resell a 3-year-old Mac for more than a 3-year-old PC. Pay more up front, but get more back later on.
Macs also don’t need operating system licenses, and the Mac’s better security eliminates the need for additional licenses for security software.
Reduced IT Support Costs
It has long been thought that Macs required less support than PCs, but only in the past few years have there been organizations with enough Macs and PCs to compare. At IBM, one of the largest Apple-using companies with 290,000 Apple devices, a 2016 study found that the company was saving up to $543 per Mac compared to PCs over a 4-year lifespan. Forrester Research came up with an even higher number, showing that Macs cost $628 less over a 3-year lifespan.
What accounts for these reduced support costs? It takes less time to set up a new Mac, Macs are easier to manage, Macs users open fewer service tickets, and many fewer IT staff are needed. All that adds up to paying for fewer support resources. In another 2018 study, IBM found that it needed just 7 support engineers per 200,000 Macs, compared to 20 support engineers per 200,000 Windows machines.
Improved Employee Productivity and Engagement
Beyond reduced support costs, Mac users turn out to be more productive, more engaged, and more likely to stay with the company than PC users. Forrester Research found that over 3 years, Mac-using employees posted 48 hours more productivity (in part due to reduced downtime). That’s likely thousands of dollars more benefit to the company, per employee.
Even still, it can be hard to quantify that benefit, which is why Forrester Research compared users in sales positions. In its study, Forrester found that Mac-using employees showed a 5% increase in sales performance. That’s nothing compared to IBM, which found that its Mac-based salespeople closed deals worth 16% more than their Windows-using counterparts.
Finally, both Forrester Research and IBM discovered that Mac users were less likely to leave the company—20% less likely in Forrester’s study and 17% less likely in IBM’s research. That’s not just an indication of loyalty. There are significant costs to replacing employees who leave, so the higher the retention rate, the better it is for the bottom line.
Improved Overall Security
Few would argue with the belief that Macs are more secure than PCs. In Forrester’s research, the interviewed organizations said that the Mac has a fundamentally more secure architecture than Windows. In today’s world, criminals employ malware to steal information. Data breaches are costly, with a 2019 study by IBM Security and the Ponemon Institute pegging the average cost of a data breach at $3.9 million. The amounts vary by industry and the size of the breach, of course, but the average cost per data record was nearly $150.
Security breaches can have other costs as well. With a compromised account, attackers have often been able to pose as executives and get accounting departments to wire money to offshore accounts. Plus, when news of a data breach hits, it can result in the loss of customers. In the IBM Security study, healthcare companies suffered from a 7% customer turnover after a breach.
So yes, Macs do have higher upfront costs than PCs. But savvy managers know to look past such simplistic comparisons to the bigger picture, where equipping employees with Macs both saves far more than the difference in cost between a Mac and a PC and enables employees to produce more for the organization.
Social Media: Research shows that Macs are cheaper than PCs! Not upfront, but when you look at the Mac’s reduced need for software licenses, higher residual value, lower support costs, and better security, the numbers show the Mac coming out ahead. Details at:
Taking photos is a popular use of the iPhone, and Apple has said that the improved cameras gave this year’s iPhone 11 Pro models their “Pro” designation. But Apple continually works to improve the Photos app as well. Taking great photos is only half the job—you also have to be able to find, edit, and enjoy your photos, and that’s where the company focused its efforts in iOS 13 and iPadOS 13 (which we’ll refer to collectively as iOS 13 from now on). Here’s what’s new.
Years, Months, Days, All Photos
Previously, Photos grouped photos first by years, then by “collections,” and finally by “moments.” To simplify things, Photos now offers four more sensible groups: Years, Months, Days, and All Photos.
Years shows a single image that helps you keep the years apart—previous years’ images come from the same time of year as the current day. Next, tap a year icon or the Months button to see a few tiles representing the events at which you took photos in each month. To zoom in again, tap the Days button or any event to see a curated selection of photos for each day you took photos in that month.
The key word above is “curated”—Photos is using artificial intelligence to show you just the best or most representative images and eliminate similar shots, so some photos won’t appear at all in Days view. When that happens, you’ll see a +# tag on the last image indicating the number of hidden images. To see everything, tap that +# tag or the All Photos button. You may find yourself wanting to use All Photos a lot if Photos is hiding images from you in Days view.
Enhanced Photo and Video Editing
Photos in iOS 13 also gains significantly more editing capabilities, bringing it closer to par with the Mac version. In iOS 12, you could adjust some light, color, and black-and-white options. iOS 13 retains the light and color options and bolsters them with new tools and an improved interface. The black-and-white options disappear, but you can simulate them by applying a monochrome filter like Noir, Silvertone, or Mono, and then using the rest of the editing tools.
When you tap the adjust button while editing an image, Photos displays a horizontally scrolling list of 16 controls, each with a circular button on top and a slider below. Move the slider to adjust that setting with a real-time preview. Also notice how the circle fills in to reflect what you’ve done. All edits are non-destructive, and you can tap the circle to turn its associated edits off, or tap again to turn them back on. This tap-off/tap-on interface works well for comparing before and after versions.
The full list of controls now includes:
- Auto: Tap to apply suggested enhancements—it’s always worth a try!
- Exposure: Simulates changing the amount of light that reaches the camera sensor
- Brilliance: Applies region-specific adjustments to brighten dark areas, pull in highlights, and add contrast to reveal hidden detail
- Highlights: Increases or decreases detail in light portions of the image
- Shadows: Increases or decreases detail in darker portions of the image
- Contrast: Adjusts the contrast of the photo
- Brightness: Adjusts the overall brightness of the image
- Black Point: Sets the point at which the darkest parts of the photo become completely black
- Saturation: Adjusts the overall color intensity of the image
- Vibrance (new): Boost muted colors without affecting skin color or saturated colors
- Warmth (new): Adjusts the amount of yellow or blue in the image to make it feel warmer or cooler
- Tint (new): Adjusts the amount of magenta or green in the image to change the tint
- Sharpness (new): Makes edges of objects crisper and more well-defined
- Definition (new): Adds contour and shape as well as mid-tone definition and local contrast (try it—it’s often helpful)
- Noise Reduction (new): Smooths graininess and eliminates light speckles in dark images
- Vignette (new): Darkens the edges of the image to focus attention on the subject at the center
Previously, Photos allowed you to crop and straighten an image, and iOS 13 also now lets you adjust the vertical and horizontal perspective. You likely won’t change perspectives often, but it’s nice to have the option.
Even more impressive, Photos in iOS 13 lets you apply all these edits—the adjustments and cropping/tilting—to videos as well as still images. Video edits are non-destructive, too, which makes it easy to play with effects. Photos video editing may not compare with the full features of a video editor like iMovie, but it’s a huge step forward.
Apple also tweaked other aspects of Photos.
- Multiple search terms work better now, so it’s easy to search for “cat tree” and find just the pictures of your cat in a tree.
- Live Photos and videos begin playing as you scroll past them, which is pretty neat.
- You can control the intensity of any filter to fine-tune the look of a photo.
- Soundtracks for Memory movies are now based on what you listen to in Apple Music.
- You can now pinch-to-zoom while editing to see the effect of an edit on a portion of the photo.
If you haven’t explored the new features of Photos on your iPhone or iPad after updating to iOS 13 or iPadOS 13, take some time and check them out.
(Featured image by Adam Engst)
Social Media: In iOS 13, Apple overhauled Photos to provide more sensible organization and more powerful editing capabilities. Even better, all of its editing tools now work with videos too! Read on for details.
Spearfishing. It’s no longer just a tropical ocean sport that could provide seafood for dinner. In today’s tech world, spearfishing is when someone targets you specifically, usually with the goal of taking over your online accounts. Once that’s done, the attacker will try to siphon money from your bank account, impersonate you in an attempt to deceive family or colleagues into sending money, or attempt to ruin your reputation.
You’re probably thinking, “No one would ever target me. I’m not interesting enough.” It is true that the people who should worry the most about spearfishing attacks are high profile or have a high net worth, but modern online criminals aren’t that fussy. In particular, they’re more likely to go after older people. Why older people? Older people tend to be relatively well off and less likely to notice the symptoms of a spearfishing attempt. You should also be concerned if you’re a politician or journalist, have ever been involved in an ugly divorce or legal battle, or can easily think of people who have it in for you.
As we’ve said many times, it’s imperative that you use a secure password manager like 1Password or LastPass to create, store, and enter a strong, unique password for each of your online accounts. Plus, we strongly recommend using two-factor authentication—where you have to enter a one-time code in addition to your password—on all accounts that support it, particularly important ones like your email and banking accounts. But even if you do all that, you may be vulnerable to another tactic favored by spearfishers—the cell phone SIM takeover.
Here’s how it works. Every cell phone, including every iPhone, has inside it a SIM card that gives it a phone number. Swap that SIM into a different phone and it will adopt the SIM card’s number. The problem is that support reps at cellular carriers like AT&T, Sprint, T-Mobile, and Verizon can also move your phone number from one SIM card to another. That makes it possible for you to lose your iPhone, buy a new one, and have your phone number associated with the new one. It also lets you port the phone number to a different carrier, if you wish to switch.
All an attacker has to do is call your cellular provider, pretend to be you, say that they’ve lost their iPhone, and ask to have the number ported to a new device (one they control). It’s likely that the support person will ask a few simple questions to verify your identity, but a clever attacker will likely know your address and be able to learn details like your mother’s maiden name, first-grade teacher’s name, and favorite color, all thanks to Facebook. Criminals can acquire even information like your Social Security number through other data breaches.
Once the attacker controls your cell phone number, they can try to reset the password on various accounts, receiving any verification codes that would normally have been texted to your phone. They’ll probably focus on your email account first because, with control over it, they can reset passwords elsewhere even more easily. And once the attacker has access to your accounts, it’s game over, and you’ll be faced with the difficult and complex task of retaking control and mitigating damage.
How can you protect yourself from such an attack? Whenever possible, it’s better to generate authentication codes with an app such as 1Password, Authy, or LastPass. That removes some of your exposure, but for better or worse, your cell phone number is still the most basic form of identity for many things.
The most important thing to do, then, is to set up an additional PIN or passcode that the carrier will ask for before making any changes to your account. You’ll also have to provide it when logging in to your cellular account online. Such a PIN or passcode is different from a two-factor authentication code that changes continuously—you set your PIN or passcode just like you do for your iPhone or ATM card. And, of course, make sure to store that PIN or passcode in your password manager alongside your other credentials so you don’t forget it.
Learn more about how each of the major carriers supports PINs and passcodes at the links below, and if your carrier isn’t listed, call the company’s support line:
Don’t put this off—if you don’t already have a PIN or passcode on your cellular account, set it up right away.
Social Media: It’s shockingly easy for someone to take over your cell phone number. Once they’ve done that, they can reset passwords on many of your online accounts. Read on to learn how to protect your cell number with a PIN or passcode.
Email has been around for decades, but there are no hard-and-fast rules for how you should close a message with either the signoff or the signature block. If you’ve always wondered about the best ways to finish off a message or are uncomfortable with what you’ve been doing, here’s our advice.
Use the form of your name that you want the recipient to use. If your given name is Mohammed, but everyone calls you Mo, use that for signing most of your messages. Otherwise, they’ll have no idea you prefer the shorter version. (The reverse is true too; if you’re not sure how to address someone, look at their signoff for a hint.)
However, for formal correspondence with people or organizations who would usually refer to you as Ms. So-and-so, stick with Elizabeth instead of Betty.
Match the formality of your closing to that of your recipient. When writing business email to someone you don’t know, it’s best to stay formal at first with closings like “Sincerely” or “Yours truly.” Once you know the person a little better, you could move on to “Kind regards” or “Best wishes.”
With friends, family, and people you know well, try “Cheers,” “Talk soon” (if you mean it), or even a quick “Later.” Finally, it’s never inappropriate to use “Thanks!” if you truly are thanking them for something.
Create context-specific signature blocks. We all wear many different hats in today’s world. Your email signature should match the role you’re in for the particular email message. For instance:
- Work email should probably include at least your title, department, and formal organization name. If you work for a large organization, you may have been provided with a template for your signature. If much of your communication takes place outside of email, include your phone number and postal address.
- If you serve on a nonprofit board or have a side gig—like as an author or musician—messages you send in those contexts need their own focused signatures with appropriate links.
- For email to friends and family, there’s no need for a signature at all.
Avoid clever sayings and inspirational quotes. Although it’s tempting to instill some personality into your signature with a quote, don’t do it. The quote might be entertaining the first time someone sees it, but after that, it’s just one more thing to ignore. Part of combatting email overload is to keep messages short and to the point, so you want your signature to have less text than the message itself.
No fancy formatting or pictures. Along the same lines of avoiding quotes, keep your signature simple. Stick to plain text and links, and don’t insert your company’s logo or a picture of your pony just because you can. Just imagine how awkward it would be if someone were to look at a long email thread and see your signature repeated ad infinitum, taking up more space than your actual messages.
Don’t assume anyone will read your signature. Keep in mind that some email apps automatically hide signatures so your recipients may not see it at all. There’s usually a way to view a hidden signature, but never assume that everyone will see it.
Consider automation tools for inserting signoffs and signatures. Many email programs, including Mail on the Mac, let you create multiple signatures and attach them to messages you send from specific email addresses. For even more flexibility, think about using a macro utility like Keyboard Maestro or a text expansion tool like TextExpander to insert custom signoff and signature combinations. Such options are commonplace on the Mac but much less so in iOS or iPadOS.
Social Media: Ever wondered about the best way to close an email message or what’s appropriate to put in an email signature? Here’s our advice:
Does it seem like that red badge on the Settings app indicating that there’s a new iOS 13 or iPadOS 13 update pops up at least once per week? You’re not imagining things—Apple has been frantically squashing bugs in its mobile operating systems since their release in mid-September.
If you haven’t yet upgraded from iOS 12, there’s no harm in waiting until the new year to see if things have settled down. (Well, no harm as long as you don’t receive a pair of Apple’s snazzy new AirPods Pro as a holiday gift, since they work only with devices running at least iOS 13.2, iPadOS 13.2, watchOS 6.1, tvOS 13.2, and macOS Catalina 10.15.1.)
That said, given Apple’s generally reliable record with major iOS updates, many people have upgraded to iOS 13. You shouldn’t feel bad if you have done so, either. Despite Apple’s flurry of bug fix updates, the overall user experience with iOS 13 has been generally acceptable.
Even if you haven’t noticed problems with iOS 13, it is important that you keep installing all these smaller updates, because they fix problems that could be serious. More important yet, if you do have trouble with your iPhone or iPad, and you’re not running the latest version of iOS or iPadOS, updating is the first fix to try.
To hammer home why you should stay up-to-date with iOS releases, here’s a brief timeline of Apple’s fixes so far:
- iOS 13.0 (September 19): This was the initial release of iOS 13 for the iPhone, with oodles of new features… and lots of bugs. Apple promised iOS 13.1 and the first release of iPadOS 13.1 for September 29th, with additional features and bug fixes.
- iOS 13.1 (September 24): After iOS 13.0 received scathing reviews in early iPhone 11 reviews, Apple moved the release date of iOS 13.1 up by five days. It added more features and addressed numerous bugs with Mail, Messages, Reminders, Notes, Apple ID sign-in, the Lock screen, and more.
- iOS 13.1.1 (September 27): This quick Friday release the same week as iOS 13.1 fixed bugs that could prevent an iPhone from restoring from backup, cause batteries to drain too quickly, reduce Siri recognition accuracy, bog down Reminders syncing, and allow third-party keyboard apps to access the Internet without your permission.
- iOS 13.1.2 (September 30): The next Monday brought iOS 13.1.2, which ensured that the progress bar for iCloud backups would disappear after a successful backup, addressed bugs that caused the Camera app and flashlight to fail, and improved the reliability of Bluetooth connections in some vehicles.
- iOS 13.1.3 (October 15): After a two-week breather, this update addressed bugs that could prevent incoming calls from ringing, block meeting invites from opening in Mail, cause incorrect data in Health after daylight saving time changes, prevent apps and voice memos recordings from downloading after restoring from iCloud Backup, stop an Apple Watch from pairing successfully, and cause Bluetooth connection problems with vehicles (again) and hearing aids.
- iOS 13.2 (October 28): With this update, Apple delivered additional promised features, including support for the HomePod, Siri privacy options, HomeKit Secure Video, new emoji, Deep Fusion in the iPhone 11 Camera app, and AirPods Pro support. It also fixed a bug with password autofill in third-party apps, resolved an issue that prevented swipe to go home from working on the iPhone X and later, eliminated a problem that caused saved notes to disappear temporarily, and ensured that manual iCloud backups completed successfully.
- iOS 13.2.1 (October 30): As it turned out, iOS 13.2 could brick HomePods during installation or after a reset. This HomePod-exclusive update fixed that bug.
- iOS 13.2.2 (November 7): This update stomped a big bug that could cause apps to quit unexpectedly in the background, potentially causing data loss and draining the battery more quickly. It also addressed two bugs that could cause an iPhone to lose cellular service.
- iOS 13.2.3 (November 18): This release resolved one bug that could cause searches in Mail, Files, and Notes to fail and another that prevented photos, links, and other attachments from displaying in the Messages detail view. It also addressed problems that could prevent apps from downloading content in the background and prevent Mail from fetching new messages and including and quoting original content when replying.
With luck, you never ran into any of these bugs—they weren’t universal. But the problems were real, and they inconvenienced plenty of people. Just like with vaccinations, staying current with your iOS updates is the best way to keep the bugs at bay.
Social Media: Apple has been squashing bugs in iOS 13 and iPadOS 13 left and right, with numerous updates since their September release. If you’ve upgraded already, we recommend that you keep installing maintenance fixes as they come out.
If you run a company, you know how much work onboarding a new employee can be. Beyond teaching them the ropes of your business, they’ll need a Mac and potentially an iPhone or iPad as well. Setting those devices up with all the right apps, settings, and logins can take days or even weeks. And that’s just for one person—imagine if you need to lather, rinse, and repeat for dozens or even hundreds of new employees?
The solution is Apple Business Manager, which ensures that every Apple device you purchase is associated with your corporate account—and in some cases, with a particular user—before it’s shipped to you. That enables zero-touch configuration and makes manual setup a thing of the past. Here’s how we make this happen.
We’ll work with someone at your company—your Business Contact—to set you up with two Apple programs: Apple Custom Store and Apple Business Manager. Your Business Contact will merely need to respond to some email messages from Apple and have a call with Apple to verify that they can agree to Apple’s Terms & Conditions on behalf of your company.
Apple Custom Store
The first program, Apple Custom Store, provides a customized corporate store for purchasing Apple devices. That’s important because all devices purchased through your Apple Custom Store are automatically tied to your company. In fact, they’re connected to your company until you intentionally release them while decommissioning, which can help protect against theft or employees keeping devices they shouldn’t.
Even more important, all new Mac purchases must go through the Apple Custom Store because there’s no easy way to add Macs purchased in any other way to Apple Business Manager.
Once you’re set up with an Apple Custom Store, we can suggest custom device configurations tailored to your company’s needs and even create templates for systems customized for different job roles. As a bonus, you’ll receive special “loyalty pricing” based on your annual purchase volume.
Apple Business Manager
The second program, Apple Business Manager, is what enables you to enroll and manage devices purchased through your Apple Custom Store. When we say “manage” we’re talking about mobile device management, or MDM. In essence, MDM systems allow IT administrators to define “profiles” that specify your company’s settings and policies. Those might be particular to a user, such as configuring email login credentials, or they might be general to everyone, such as security policies that require all iOS devices to use a six-digit passcode and Macs to turn on their screensavers after 2 minutes and require a password to unlock. And, of course, an MDM system lets your company control when to install operating system updates, ensuring that nothing happens before you’re ready.
You use Apple Business Manager to associate a new device purchased from your Apple Custom Store with the employee who will be receiving it. When the device arrives, the employee unboxes it and turns it on, and your MDM system goes to work downloading apps and configuring settings. Once the employee signs in with their credentials, the MDM system continues to configure the device for that person. No one from IT even has to touch it—hence “zero-touch” configuration.
Enrolling your devices in your MDM system via Apple Business Manager doesn’t just help with initial deployment. Employee turnover is a fact of life, and with a device in Apple Business Manager, you can use your MDM system to redeploy a device quickly by wiping it and re-enrolling it for the new employee.
We recommend that all Apple-using businesses purchase through an Apple Custom Store and use Apple Business Manager to tie those devices to the company’s MDM system. Contact us for more information about what’s involved, and for our MDM recommendations.
If you own an iMac Pro, or a Mac mini, MacBook Air, or MacBook Pro model introduced in 2018 or later, your Mac has one of Apple’s T2 security chips inside. On the whole, having a T2 chip in your Mac is a good thing, thanks to significantly increased security and other benefits, but there are some ramifications that you may not realize.
What Is a T2 Chip?
Let’s step back briefly. In late 2016, Apple introduced the T2’s predecessor, the T1, in the first Touch Bar–equipped MacBook Pros. The T1 offered three primary capabilities:
- Management of the Touch Bar’s Touch ID fingerprint sensor and storage of sensitive biometric information
- Integration of the System Management Controller, which is responsible for heat and power management, battery charging, and sleeping and waking the Mac
- Detection of non-Apple hardware
The T2 builds on the T1’s foundation, adding four more important capabilities:
- Real-time encryption and decryption of data on built-in SSDs
- Support for invoking Siri with “Hey Siri”
- Image enhancement for built-in FaceTime HD cameras
- Optional protection of the Mac’s boot process to prevent it from starting up with an external drive
All these functions become possible because the T1 and T2 are essentially separate computers inside your Mac, much like the A-series chips that power iOS devices. They have their own memory and storage, and run an operating system called bridgeOS that’s based on watchOS.
Some of these features enhance performance by offloading processing (like enhancing FaceTime HD and listening for Siri) to a separate chip. Others increase security by ensuring that they can’t be compromised by an attack, even if macOS itself has been infiltrated.
How Does a T2 Chip Increase Your Security?
There are four basic ways that the T2 chip increases security, two of which apply only to the MacBook Air and MacBook Pro models.
The T2 chip ensures that all the components involved in the Mac’s boot process, including things like firmware, the macOS kernel, and kernel extensions—can be cryptographically verified by Apple as trusted. That prevents an attacker from somehow inserting malicious code at boot and taking over the Mac.
There are two gotchas, however. First, Secure Boot trusts only code that’s signed by Apple, with one exception: a specific bootloader signed by Microsoft to enable Windows 10 to work with Apple’s Boot Camp technology for running Windows on a Mac. That means you can’t boot from Linux in Boot Camp, for instance.
Second, with Secure Boot in its default settings, you can’t boot from an external drive at all. That’s great for security but can make troubleshooting internal drive problems tricky. To control these settings, Macs with T2 chips have a Startup Security Utility available in macOS Recovery (boot while holding down Command-R). You can use it to allow booting from an external drive for troubleshooting reasons and to turn down security if you need to install an older version of macOS or install macOS without an Internet connection available.
Because the T2 contains both a crypto engine and the SSD controller, it enables on-the-fly encryption and decryption of all data stored on the internal SSD. It uses the same technology as FileVault and requires a password at startup. Macs with internal hard drives and external hard drives don’t receive the T2’s protection but can still be encrypted via FileVault.
The big win from the T2 encrypting all stored data is that there’s no way to decrypt the data without the password—as long as your password can’t be guessed, there’s no reason to worry about your data if your MacBook Pro disappears. The potential downside here is that it’s impossible to recover data from a damaged Mac without the password.
The T2 chip also controls what happens with failed password attempts. Fourteen tries are allowed without delays, and then tries 15 through 30 are permitted with increasingly long delays (1 hour between tries for the last three). After that, more attempts are possible, but after 220 total attempts through various approaches, the T2 chip will refuse to process any requests to decrypt data, rendering it unrecoverable. In short, back up your data!
The T2 chip manages the Touch Bar’s Touch ID fingerprint sensor that lets you log in to your MacBook Air or MacBook Pro without entering your password. Even so, the password is required after turning the Mac on or restarting, and the Mac also requires the password if you haven’t unlocked it in 48 hours, if you haven’t provided the password in the last 156 hours and used your fingerprint over the previous 4 hours, or if the fingerprint read fails five times.
This isn’t exactly related to the T2 chip, but all T2-equipped MacBook Air and MacBook Pro models feature a hardware disconnect that disables the microphone whenever the lid is closed. That prevents any software from turning on the mic and eavesdropping on you. No disconnect is necessary for the FaceTime HD camera when the lid is closed because its field of view is completely obstructed in that position.
So there you have it. The T2 chip significantly increases the security of your Mac, but it comes with tradeoffs that make it harder to boot from external drives or run other operating systems.
Social Media: If you have an iMac Pro, or a Mac mini, MacBook Air, or MacBook Pro introduced in 2018 or later, your Mac has an Apple T2 security chip. Read on to learn about what the T2 does for you and the tradeoffs it requires.
Do not upgrade to Catalina MacOS 10.15 until we give you the go-ahead. (.2 or .3 ask after Thanksgiving)
Apple plans to release macOS 10.15 Catalina sometime in October, and like all major operating system releases, Apple has been talking it up since it was introduced at the company’s Worldwide Developer Conference in June. It will feature new Music, TV, and Podcasts apps to replace iTunes. A new Mac Catalyst technology will make it easier for developers to make their iPad apps available for the Mac. Photos, Reminders, and Notes all get major upgrades. Screen Time has migrated over from iOS. And Sidecar lets you use an iPad as a second screen or graphics tablet with an Apple Pencil.
Sounds great, doesn’t it? It will be… eventually. We are upgrading non-essential machines right away so we can become more familiar with the ins and outs of Catalina, but our recommendation to you, right now, is simple:
Do not upgrade to Catalina until we give you the go-ahead.
We know you want to play with all the new features, but Catalina, even more so than previous major macOS upgrades, is not something you should install right away. The reason is that Apple changed Catalina in some fundamental ways that could break your essential apps or workflows. Here are the issues that cause us to recommend delaying your upgrade:
32-bit apps don’t run anymore: Macs have had 64-bit processors since 2006, macOS has been gaining 64-bit support since 10.6 Snow Leopard, and Apple has been warning developers for years that old 32-bit apps would stop being supported at some point. With Catalina, that time has come. To identify which 32-bit apps—and portions of apps—won’t work in Catalina, download and run the free Go64 utility from St. Clair Software. If you rely on any of the software it calls out—pay special attention to Adobe apps—you’ll need to update (which might be expensive), find an alternative (which could be expensive and requires learning a new app), or run the app in a virtualization environment like Parallels Desktop or VMware Fusion (which adds cost and complexity).
Catalina runs in its own read-only volume: To increase security and ensure that an attacker cannot subvert macOS itself, Apple changed the disk structures under Catalina. Now, instead of having one main volume that contains both macOS and your apps and documents, Catalina runs in its own read-only volume. Some behind-the-scenes magic makes the Catalina boot volume and the main volume look like a single volume. This may cause scripts that access files stored in newly changed parts of the directory hierarchy to break. It will also likely mean that backup apps like SuperDuper and Carbon Copy Cloner will require updating to be able to backup and restore data properly. Never upgrade before your backup app is 100% compatible!
Newly installed apps must be notarized by Apple: Notarization is an automated process that Apple uses to verify that an app distributed outside the Mac App Store is free of malware. It’s not optional—in one statement, Apple said, “Mac software distributed outside the Mac App Store must be notarized by Apple in order to run on macOS Catalina.” However, the company has also said that notarization requirements don’t apply to previously distributed software. It’s likely that older apps already on your Mac when you upgrade it will continue to work fine, but if you try to install an older, unnotarized app on a Mac running Catalina, that may not work.
Apps require more permissions than before: In the last few versions of macOS, you’ve probably seen apps asking for permission to do things like access data in Contacts, Calendars, Reminders, and Photos, or be able to use the camera or microphone. In Catalina, apps will have to ask for permission to access files in your Desktop and Documents folders, iCloud Drive, and external volumes. Plus, you’ll be prompted before any app can capture keyboard activity or a screenshot or screen recording. That’s good for security, but it’s possible that older software won’t know how to ask or won’t work properly if you deny its request.
Kernel extension installs require restarts: Kernel extensions are often necessary for third-party hardware peripherals or for apps that need particularly low-level access to the operating system. Installing one requires giving it permission in System Preferences > Security & Privacy > General even now in Mojave, and in Catalina, you’ll also have to restart your Mac. Call us suspicious, but we won’t be surprised if problems ensue from these new security requirements, coupled with the read-only boot volume forcing kernel extensions to run from a new location.
Unanticipated backward-compatibility issues: Here’s the scenario. You upgrade to Catalina, which requires an update to some app you rely on, call it WhizzyWriter. Unbeknownst to you, the new version of WhizzyWriter requires a new file format for its documents, and older versions can’t read it. But since you can’t upgrade all the Macs in your office because some still require 32-bit apps, you end up in a situation where you can’t easily share WhizzyWriter documents within the office anymore. Yes, we’re paranoid, but we’ve seen this sort of thing happen before.
Apple’s OS release schedule has been troubled this year: There’s one final reason that Catalina doesn’t give us warm fuzzy feelings. In recent years, Apple has shipped all its operating systems on the same day, or at least without significant delay. This year, in less than two weeks, Apple has released iOS 13.0, 13.1, 13.1.1, and 13.1.2; iPadOS 13.1, 13.1.1, and 13.1.2; and watchOS 6.0 and 6.0.1 for the Apple Watch Series 3, Series 4, and Series 5; along with tvOS 13. For devices that can’t update to iOS 13, Apple also pushed out iOS 12.4.2, and for the Apple Watch Series 1 and Series 2, which won’t get watchOS 6 until later this fall, Apple released watchOS 5.3.2. Plus, HomePods are still using iOS 12.4 and even iOS 13.1.2 and iPadOS 13.1.2 still lack some promised features. Finally, the new Reminders app can’t share data with older versions after you upgrade its database, which means that you can’t take advantage of its new features until you upgrade everything to iOS 13 or later and Catalina or later. Frankly, it has been a mess.
Traditionally, we’ve recommended waiting until the .1 or .2 update of macOS before you consider upgrading. However, with all the trouble Apple has had shipping this year’s crop of operating systems, and all the problems that Catalina’s changes could cause for you, we suggest that you wait for the 10.15.3 or 10.15.4 update, or get in touch with us early in 2020. By then, Apple should have a stable release, and we’ll have a good handle on how to work around whatever of these issues you might encounter.
(Featured image by Apple)
Social Media: We’ll be blunt. Do not upgrade to macOS 10.15 Catalina right away! We recommend waiting until at least 10.15.3 or early 2020, whichever comes first. And then contact us for help with making sure Catalina won’t destroy your workflow.