ukclique > comp.* > comp.sys.mac

Tim Streater (12.09.2017, 22:52)
Having got a new Air for SWMBO, likelihood is I'll be using it more
than she will.

Anyway, I set up each of us as admins, and then didn't use it for a
week or two. After which I couldn't remember either my p/w or hers.

I was expecting that to be a bit of a disaster, but a quick giggle
turned up that it seems anyone with their hands on the machine can
reset all the passwords and gain access to it quite easily. Reboot
holding down cmd-r, open Terminal and enter the resetpassword command.

Is that everyone's expectation - that if your lappy is stolen it's game
over? If that's so, what is the point of a login password?
nospam (12.09.2017, 23:13)
In article <120920172052021985%timstreater>, Tim Streater
<timstreater> wrote:

> Having got a new Air for SWMBO, likelihood is I'll be using it more
> than she will.
> Anyway, I set up each of us as admins, and then didn't use it for a
> week or two. After which I couldn't remember either my p/w or hers.
> I was expecting that to be a bit of a disaster, but a quick giggle
> turned up that it seems anyone with their hands on the machine can
> reset all the passwords and gain access to it quite easily. Reboot
> holding down cmd-r, open Terminal and enter the resetpassword command.


keep in mind that only resets the login password, *not* the keychain
password, so even though you can log in, you can't access the keychain.

> Is that everyone's expectation - that if your lappy


ugh. is it so difficult to write 'laptop' ?

> is stolen it's game
> over? If that's so, what is the point of a login password?


enable filevault.

it's best if the filevault password is *not* the same as the login
password, although that's less convenient. that's not also the default.
Chris (13.09.2017, 17:11)
Tim Streater <timstreater> wrote:
> Having got a new Air for SWMBO, likelihood is I'll be using it more
> than she will.
> Anyway, I set up each of us as admins, and then didn't use it for a
> week or two. After which I couldn't remember either my p/w or hers.
> I was expecting that to be a bit of a disaster, but a quick giggle
> turned up that it seems anyone with their hands on the machine can
> reset all the passwords and gain access to it quite easily. Reboot
> holding down cmd-r, open Terminal and enter the resetpassword command.
> Is that everyone's expectation - that if your lappy is stolen it's game
> over? If that's so, what is the point of a login password?


Mostly yes. Once someone has physical access to a machine there's very high
probability they "own".

Encryption is the only safe way.
Jon B (17.09.2017, 23:21)
Chris <ithinkiam> wrote:

> Tim Streater <timstreater> wrote:
> Mostly yes. Once someone has physical access to a machine there's very high
> probability they "own".
> Encryption is the only safe way.


Firmware password stops the machine booting off an unknown drive or the
recovery partition, so stops anyway resetting it [1]

However you're pretty much buggered if you forget that one though, so
ensure you've got it locked away somewhere.

Using Firevault disc encryption, also then stops anyone just being able
to hook the machine up in TDM (or removing the drive on a firmware
protected machine) and just being able to see all your data.

[1] Well not quite you can swap a chip on the logic board but you're
making it hard work for people.
Paul Sture (18.09.2017, 21:28)
On 2017-09-17, Jon B <black.hole> wrote:
> Chris <ithinkiam> wrote:
>> Encryption is the only safe way.

> Firmware password stops the machine booting off an unknown drive or the
> recovery partition, so stops anyway resetting it [1]
> However you're pretty much buggered if you forget that one though, so
> ensure you've got it locked away somewhere.


*Locked away* is the important bit there. A few years ago I carefully
set up an important password and scribbled it on a piece of paper.

A few days later I decided to have a spring clean and chucked that
piece of paper away. Ooops, totally locked out.
Chris (19.09.2017, 10:23)
Paul Sture <nospam> wrote:
> On 2017-09-17, Jon B <black.hole> wrote:
> *Locked away* is the important bit there. A few years ago I carefully
> set up an important password and scribbled it on a piece of paper.
> A few days later I decided to have a spring clean and chucked that
> piece of paper away. Ooops, totally locked out.


Use a password manager. They also let you store other important info.
Paul Sture (19.09.2017, 21:13)
On 2017-09-19, Chris <ithinkiam> wrote:
> Paul Sture <nospam> wrote:
> Use a password manager. They also let you store other important info.


Yeah, it was before I got a password manager...
Tim Streater (19.09.2017, 22:19)
In article <hb389e-ec32.ln1>, Paul Sture
<nospam> wrote:

>On 2017-09-19, Chris <ithinkiam> wrote:
>Yeah, it was before I got a password manager...


And you've installed that on the machine you got locked out of, eh?

<runs away>
Jon B (24.09.2017, 18:32)
Paul Sture <nospam> wrote:

> On 2017-09-17, Jon B <black.hole> wrote:
> *Locked away* is the important bit there. A few years ago I carefully
> set up an important password and scribbled it on a piece of paper.
> A few days later I decided to have a spring clean and chucked that
> piece of paper away. Ooops, totally locked out.


Setup one of those Kensington locks on a new MacBook where you could
change the 4 digit pin, phone call at the desk before I had chance to
write the number I'd chosen down, phone call turned out to take 20mins
and I forgot it. Spent an hour trying to figure which of the combos I'd
be likely to choose it was. Ended up very carefully hacksawing it off...

Now like everyone says got a password manager, also got a few customer
firmware passwords saved as a safety net.
Similar Threads