Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > Password protection on Mac OSx

Password protection on Mac OSx
Thread Tools
jumanji69
Fresh-Faced Recruit
Join Date: Sep 2007
Status: Offline
Reply With Quote
Sep 5, 2007, 01:43 AM
 
Hey,
I'm in love with my new mac but, I just read that if someone wanted access to the files on my HD, all they would have to do is insert a Mac OSx install disc and reset the password. This is very disconcerting for me... is there a way to make my files safer?


Thanks for the help
Tim
     
Aegis
Forum Regular
Join Date: May 2007
Location: Canada
Status: Offline
Reply With Quote
Sep 5, 2007, 02:31 AM
 
Yes, you can reset the login password with an install disk. To stop that, you can institute an open firmware password to prevent booting from a dvd.
However, that can be bypassed by changing the ram configuration.
So in the end if someone is determined they can get to what's laying around your hard drive...

So the solution is to make a disk image with encryption and choose a strong password. Then store your important files in there. You'll have to mount the image every time you want to view or change those files but it's the price you pay for security.
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Sep 5, 2007, 02:41 AM
 
If somebody sketchy is going to be physically ****ing around with your computer, they could just hook the hard drive up to a computer of their own and there's nothing any OS could do to stop it. Storing sensitive files in an encrypted disk image is the best suggestion.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
JKT
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status: Offline
Reply With Quote
Sep 5, 2007, 03:03 AM
 
Read the Help about FileVault. This is what the feature is designed for.
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Sep 5, 2007, 03:14 AM
 
I would recommend an encrypted disk image over FileVault. It literally does the same thing, except FileVault does it to your entire home folder and is kind of dodgy.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
pinenuts
Baninated
Join Date: Aug 2007
Location: i have moved to another location per peter's message
Status: Offline
Reply With Quote
Sep 5, 2007, 09:46 AM
 
It has always, always been the case with computers that once you have physical access then it is only a matter of time before someone gets your data. FileVault helps with this issue, but it's not on by default. In Unix/Linux systems all one has to do is replace the /etc/password file and they have access. Booting into single user mode is the same as it gives you root access.

The best thing you can do is turn on FileVault, use good, strong passwords and use encrypted folders. But this might be a bit paranoid.
     
peeb
Addicted to MacNN
Join Date: Mar 2006
Status: Offline
Reply With Quote
Sep 5, 2007, 10:51 AM
 
Plus a mantrap in your office.
     
jumanji69  (op)
Fresh-Faced Recruit
Join Date: Sep 2007
Status: Offline
Reply With Quote
Sep 5, 2007, 11:25 AM
 
Originally Posted by Aegis View Post
Yes, you can reset the login password with an install disk. To stop that, you can institute an open firmware password to prevent booting from a dvd.].

Thanks for the help guys, I'm not really worried about physical security. Does anyone know how to institute an open firmware password on an Intel Macbook?
     
pinenuts
Baninated
Join Date: Aug 2007
Location: i have moved to another location per peter's message
Status: Offline
Reply With Quote
Sep 5, 2007, 11:39 AM
 
( Last edited by pinenuts; Sep 5, 2007 at 11:46 AM. Reason: misinformation)
     
rehoot
Dedicated MacNNer
Join Date: Nov 2005
Status: Offline
Reply With Quote
Sep 5, 2007, 05:14 PM
 
Originally Posted by Chuckit View Post
I would recommend an encrypted disk image over FileVault. It literally does the same thing, except FileVault does it to your entire home folder and is kind of dodgy.
Yes. Unless your are a CIA agent, you probably don't need all your files encrypted. If you mess up with File Vault, you will have a real problem PLUS your backup procedures become much more complicated with File Vault.

I created some read-write disk images using Disk Utility (in Applications->Utilities) and chose the option for encription. Then enter a gigantic password with upper and lower case, numbers and symbols. When you open the disk image BE SURE TO UNCLICK THE BOX THAT WILL SAVE THE PASSWORD IN THE KEYCHAIN BECAUSE THIS DEFEATS THE PURPOSE OF THE PASSWORD.

I created a small encrypted disk image (1MB) for some small files, that I access often, and for backups I just copy the whole file. I then have a bigger encrypted disk image for bigger files that I don't access too often.
Mac Pro Quad: 2.66GHz; 4 GB Ram; 4x500GB drives; Radeon X1900, 23" Cinema Screen, APC UPS
PowerBook G4: 1.33GHz; 768MB Ram; 60GB drive
     
SpencerLavery
Junior Member
Join Date: Aug 2007
Status: Offline
Reply With Quote
Sep 5, 2007, 06:47 PM
 
This thread title is a little misleading.
WhiteBook 2GHz Core 2 Duo, 3GB RAM, 250GB WD Scorpio HD
Wireless Mighty Mouse, Logitech S530 Wireless Keyboard & Mouse, Hyundia 22" LCD
80GB Apple HD in Omata USB Caddy, 500GB FreeCom NAS formatted as HFS+ so no longer NAS
M-Audio Ozonic keyboard, M-Audio Solaris microphone, M-Audio BX5a speakers, Logic Studio
     
brokenjago
Mac Elite
Join Date: Sep 2005
Location: Los Angeles, California
Status: Offline
Reply With Quote
Sep 8, 2007, 08:52 PM
 
I agree with SpencerLavery.
Linkinus is king.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Sep 8, 2007, 09:34 PM
 
If an intruder has physical access to the machine, the machine is compromised, pure and simple. File Vault has "issues" at times, and forgetting the password or a glitch can lose ALL your data. Physical security is the absolutely essential key to computer security; if you don't have the machine in a secure location and worry about someone using your OS X disc, LOCK UP THE DISC.

Note that there is no such thing as Open Firmware on Intel Macs. For pre-Intel Macs, here are Apple's Open Firmware password instructions For Intel Macs, I can't find definitive instructions for setting the (available) firmware password-hopefully someone will chime in.

And I'm going to change the title to something that actually relates to the subject.

Glenn -----OTR/L, MOT, Tx
     
Art Vandelay
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status: Offline
Reply With Quote
Sep 8, 2007, 10:39 PM
 
Originally Posted by ghporter View Post
Note that there is no such thing as Open Firmware on Intel Macs. For pre-Intel Macs, here are Apple's Open Firmware password instructions For Intel Macs, I can't find definitive instructions for setting the (available) firmware password-hopefully someone will chime in.
Pinenuts posted a link above detailing how to set a firmware password on Intel Macs. You just use the Firmware Password Utility on the install DVD. You can also set it via the Terminal the same way you would on a PowerPC Mac, with the nvram command.
Vandelay Industries
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Sep 9, 2007, 12:04 PM
 
Ah. On the DVD! I went looking for the utility as if it were installed with the OS. It makes more sense that it's on the DVD, and thus harder to access and mess with/up. I had sort of glossed over pinenuts' post-sorry pinenuts!

Glenn -----OTR/L, MOT, Tx
     
Gee4orce
Professional Poster
Join Date: Dec 2000
Location: Staffs, UK
Status: Offline
Reply With Quote
Sep 9, 2007, 04:23 PM
 
Originally Posted by rehoot View Post
BE SURE TO UNCLICK THE BOX THAT WILL SAVE THE PASSWORD IN THE KEYCHAIN BECAUSE THIS DEFEATS THE PURPOSE OF THE PASSWORD.
Not true. As long as your login password is strong, the keychain is a safe way of storing multiple passwords. You can then safely make the other passwords, for files and websites, etc insanely strong, because you'll never have to remember them. Click on the little key icon that appears when you're asked to create a password, to open the Mac OS X password assistant, which will help you make some very strong passwords.

If someone gets hold of your encrypted files, they will have very little chance of breaking the password, and even if they do, that password will only be good for that one file.

Of course, if you're login/keychain password is 'password' or 'abc123' then all this advice goes out of the window.
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Sep 9, 2007, 04:28 PM
 
Originally Posted by Gee4orce View Post
Not true. As long as your login password is strong, the keychain is a safe way of storing multiple passwords.
This brings us back to the beginning of this thread: If somebody has physical access to your computer, they can change your password to "paperclip" or whatever they want. That's why we were suggesting an encrypted disk image if this is a major concern.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
Gee4orce
Professional Poster
Join Date: Dec 2000
Location: Staffs, UK
Status: Offline
Reply With Quote
Sep 9, 2007, 04:41 PM
 
Ah - yes, in that case, fair point.

Interestingly, there is a document available from the NSA that describes appropriate security measures on Mac OS X. One of it's suggestions is to actually store your keychain on a removeable flash drive - and take this with you when you leave your Mac.

Personally, for super-secure documents I use an encrypted partition on a USB flash disk (thanks to Knox), and keep that with me. I have the password for it stored in my keychain, but that's no use to anyone if the documents are in my pocket ! And if I should loose the flash drive, the AES128 encrypted image is rated by the NSA as good for Top Secret information !
     
Art Vandelay
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status: Offline
Reply With Quote
Sep 9, 2007, 04:43 PM
 
You can't change the Keychain password unless you have the original password. If someone steals your computer, when they reset the login password with an OS X disc, they do not reset the Keychain password. You can only change the Keychain password through the Keychain utility or through System Prefs and only if you have the existing password.
Vandelay Industries
     
rehoot
Dedicated MacNNer
Join Date: Nov 2005
Status: Offline
Reply With Quote
Sep 10, 2007, 12:03 AM
 
Originally Posted by Gee4orce View Post
Not true. As long as your login password is strong, the keychain is a safe way of storing multiple passwords.
The level of security that is needed will dictate the best course of action -- for some people putting all passwords in the keychain is good enough.

I stopped using the key chain long ago, so I'm not sure about the current features. I'm not sure if OS X allows you to leave it unlocked??? If you are not forced to enter a keychain password, then you might leave it unlocked by mistake (Murphy's law). This might mean that the computer repair person or anyone who uses your computer could get to your banking information or other important files.
Mac Pro Quad: 2.66GHz; 4 GB Ram; 4x500GB drives; Radeon X1900, 23" Cinema Screen, APC UPS
PowerBook G4: 1.33GHz; 768MB Ram; 60GB drive
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 03:58 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,