How to Securely Wipe Your Mac Before Selling It

I just sold my MacBook Pro last month, and honestly, the buyer's first question wasn't about the specs or battery life. It was whether I'd properly wiped it. Smart buyer. Too many people hand over their machines with years of personal data still sitting there, thinking they've done enough by just creating a new user account.

Wiping your Mac properly isn't rocket science, but there are some crucial steps most people skip. And depending on which macOS version you're running, the process looks completely different.

The Big Change: Monterey and Later vs Everything Before

Apple changed the game with macOS Monterey. If you're running Monterey (12), Ventura (13), Sonoma (14), or Sequoia (15), you've got access to "Erase All Content and Settings" — basically the nuclear option that handles everything in one go.

For older Macs running Big Sur or earlier? You'll need to do this the old-fashioned way through Recovery Mode and Disk Utility.

Here's the thing though: both methods work well if you follow them correctly. The newer approach is just more foolproof.

Step One: Back Up What You Actually Need

Before we nuke anything, grab what you want to keep. Time Machine is the obvious choice, but I'd also recommend manually copying critical files to an external drive. Documents, photos, that weird AppleScript you wrote three years ago and still use.

Don't forget about application preferences and licenses. Some software (looking at you, Adobe) can be a pain to reactivate if you don't deauthorize properly first.

And honestly? This is a good time to audit what you actually use. I found 47 browser extensions during my last backup. Forty-seven. I actively used maybe six of them.

Signing Out of Everything Apple

This step is critical, and it needs to happen before you wipe the drive. Apple ties a lot of services to your hardware, and if you don't disconnect properly, you might lock yourself out of reactivating those services later.

Start with iTunes (or Music app, depending on your macOS version). Go to Account > Authorizations > Deauthorize This Computer. If you skip this, that machine counts against your five-device limit forever — or until you contact Apple support.

Next, sign out of iCloud completely. System Settings > Apple ID (or System Preferences > Apple ID on older versions), then click "Sign Out" at the bottom. This is where people often mess up by only signing out of individual services. You want the full sign-out.

Find My needs special attention. Open System Settings > Privacy & Security > Location Services > System Services > Find My Mac and turn it off. Or go straight to icloud.com/find, select your Mac, and click "Remove from Account."

I learned this the hard way when testing CoreLock's device tracking features — Find My can prevent the new owner from setting up their Apple ID properly if you don't disable it first.

The Modern Way: Erase All Content and Settings

If you're on Monterey or later, this is beautifully simple. Apple borrowed this feature from iOS, and it works exactly like you'd expect.

Go to System Settings > General > Transfer or Reset. Click "Erase All Content and Settings." You'll need to enter your admin password and possibly your Apple ID password too.

The system will ask if you want to back up to iCloud first. Skip it if you've already backed up elsewhere. Then it'll show you a progress bar and restart into a fresh setup screen.

What's happening behind the scenes is pretty clever. Modern Macs use APFS (Apple File System), which encrypts everything by default. Instead of actually overwriting every bit of data — which would take hours — the system just throws away the encryption keys. Without those keys, your data becomes cryptographically impossible to recover.

It's like shredding the only key to a safe and leaving the safe behind.

The Old School Method: Recovery Mode and Disk Utility

For Big Sur and earlier, you'll need to boot into Recovery Mode. Shut down your Mac, then hold Command+R while powering back on. Keep holding until you see the Apple logo or a spinning globe.

You'll eventually see the macOS Utilities window. Select Disk Utility and click Continue.

In Disk Utility, select your startup disk (usually called "Macintosh HD" or something similar). Click Erase at the top of the window.

Here's where it gets important: choose "Mac OS Extended (Journaled)" as the format, not APFS. I know that sounds backwards, but trust me on this. For the security options, select "Most Secure" — this actually overwrites your data multiple times.

The process takes forever. Like, grab-a-coffee-and-maybe-lunch forever. But it's thorough.

After the erase finishes, quit Disk Utility and select "Reinstall macOS" from the utilities window. This gives the next owner a clean system to work with.

Why You Don't Need to "Zero Out" SSDs

This is where old advice gets dangerous. If you've got a traditional hard drive (spinning disk), writing zeros over your data multiple times makes sense. Those magnetic patterns can theoretically be recovered with specialized equipment.

But modern Macs use SSDs, and SSDs work completely differently. The APFS crypto-erase I mentioned earlier is actually more secure than overwriting because it's instant and comprehensive. Plus, repeatedly writing to an SSD just wears it out unnecessarily.

I see people recommend using dd commands or third-party wiping tools for SSDs. Don't. You're just burning through write cycles for no security benefit.

The one exception might be if you're dealing with classified data or you're genuinely concerned about nation-state actors. But honestly, if that's your threat model, you probably shouldn't be reading a blog post about this.

Double-Checking Your Work

After the wipe, boot the Mac normally. You should see the setup assistant asking you to choose a language — the same screen you saw when the machine was brand new.

Don't complete the setup. Just verify that it's working and shut down. The buyer can handle the rest.

If you want to be extra paranoid, boot into Recovery Mode one more time and run Disk Utility's First Aid on the drive. Any errors here might indicate the wipe didn't complete properly.

You can also check the serial number in System Information (hold Option and click the Apple menu). Make sure it matches your machine and that no personal data appears anywhere in the system info.

What About FileVault?

If you had FileVault enabled (and you should have), the crypto-erase approach is even more effective. FileVault encrypts your entire drive with a separate key from APFS's default encryption.

When you erase with FileVault enabled, you're essentially throwing away multiple layers of encryption keys. Even if someone recovered the raw data somehow, they'd need to break multiple encryption schemes to read it.

This is actually one area where I might be overthinking things. FileVault + APFS crypto-erase is probably overkill for most personal data. But better safe than sorry, right?

The Stuff You Might Forget

External drives. If you've been using Time Machine or storing files on external drives, those need wiping too. The process is similar — just select the external drive in Disk Utility instead of your main drive.

Keychain items sometimes sync in weird ways. Even after signing out of iCloud, some password managers might have cached data. If you used third-party password managers, make sure you've signed out of those too.

Browser saved passwords and bookmarks. Most browsers sync this stuff to your Google or Firefox account, but local storage might contain sensitive data. If you're doing the full wipe, this gets handled automatically. But if you're just deleting user accounts (which I don't recommend), you'll need to clear browser data manually.

Network settings. Your Mac remembers Wi-Fi passwords, VPN configurations, and network preferences. The full wipe handles this, but it's worth mentioning because these can contain business network details you definitely don't want to hand over.

When the Simple Approach Isn't Enough

Most people can stop here. But if you've got specific compliance requirements or you're dealing with sensitive business data, you might need additional steps.

Some organizations require certificate-based wiping or want documentation that the wipe actually happened. Professional security tools can generate audit logs for this kind of thing.

There's also the question of what happens if your drive is partially corrupted. I've seen cases where Erase All Content and Settings fails partway through, leaving the machine in a weird state. Having a backup plan — like knowing how to do the Recovery Mode method — isn't a bad idea.

Testing Your Process

Here's something I learned while building CoreLock's disk analysis features: you can't really test a secure wipe on your primary machine. But if you've got an old Mac lying around, it's worth running through this process once just to see how it works.

Time the process. Note any error messages. Get familiar with what the screens look like so you're not guessing when it matters.

I'd also recommend checking out Activity Monitor before you start the wipe. Run through what normal system activity looks like so you can spot anything unusual that might interfere with the process.

The Bottom Line

The modern "Erase All Content and Settings" feature is genuinely excellent. It's fast, thorough, and handles all the account disconnection stuff automatically in most cases.

For older Macs, the Recovery Mode approach works fine but takes longer and requires more manual steps. Either way, the key is being methodical about it.

Don't rush this process. Plan for it to take a few hours, especially if you're backing up data first. And don't hand over the machine until you've verified that the setup assistant appears on boot.

The crypto-erase approach means you don't need to worry about data recovery tools or forensic analysis. Your data isn't just deleted — it's cryptographically scrambled beyond recovery.

That said, if you're selling a machine that had access to genuinely sensitive data, consider whether you should be selling it at all. Sometimes the peace of mind from keeping the drive is worth more than the resale value.