How to Protect Your Files on a Multiuser Mac OS X Snow Leopard System
If security is a potential problem on your Mac and you still need to share a computer between multiple users, Snow Leopard lets you lock things down. To protect Mac OS X Snow Leopard from unauthorized use, take care of these potential security holes immediately:
Disable the Sleep, Restart, and Shut Down buttons: Any computer can be hacked when it’s restarted or turned on, so disable the Restart and Shut Down buttons on the login screen. (After a user has successfully logged in, Mac OS X can be shut down normally by using the menu item or the keyboard shortcuts.) Open the Accounts pane in System Preferences, click the Login Options button, and deselect the Show the Sleep, Restart, and Shut Down Buttons check box. Press Command+Q to quit and save your changes.
Disable list logins: With a list login, any potential hacker already knows half the information necessary to gain entry to your system, and often the password is easy to guess. Therefore, set Mac OS X to ask for the username and password on the Login screen. This way, someone has to guess both the username and the password, which is a much harder proposition.
Disable Automatic Login: Automatic Login is indeed very convenient. However, all someone has to do is reboot your Mac, and the machine automatically logs in one lucky user! To disable Automatic Login, display the Accounts panel in System Preferences and click the Login Options button; then click the Automatic Login pop-up menu and click the Off entry.
Disable the password hint: By default, Mac OS X obligingly displays the password hint for an account after three unsuccessful attempts at entering a password. Where security is an issue, this is like serving a hacker a piece of apple pie. Therefore, head to System Preferences, display the Accounts settings, click the Login Options button, and make sure that the Show Password Hints check box is empty.
Select passwords intelligently: The best method of selecting a password is to use a completely random group of mixed letters and numbers. If you find a random password too hard to remember, at least add a number after your password, like dietcoke1. A favorite location spelled backwards, with a number mixed in is easier to remember than a completely random sequence of characters!
For even greater security, make at least one password character uppercase, and use a number at the beginning and ending of the password. Or, do the c001 thing and replace characters with numbers, like the zero that you insert in dietc0ke.