OS X: So you think you’re password protected?

To quote Bob Marshall: “Security is always relative, never absolute”

When i started contracting, i thought it would be a good idea to make my macbook require a password on booting up or waking up from screensaver. For weeks i’ve been using it fine coming out of screensaver, but today i rebooted. I couldn’t log in. I think it must be something to do with the colemak keyboard layout. I entered the correct password, in colemak and qwerty, but it was having none of it.

Slightly flustered i turned to my phone and searched for “forgot osx password”. Very quickly i found a few articles on how to restart, hold down Cmd + s to get into single user command line mode, and then mount the filesystem for reading and writing.

Without entering a password, you now have superuser access to the whole system. You can reset people’s passwords. You can view and modify files. You can wipe the whole computer if you want to.

All i’m saying is, if you think an account password will protect you, you’re wrong. It may act as a deterrent, but if someone really wants access to your mac, they coud get it in less than 5 minutes.

It’s not just macs either: How To Reset Admin/Root Password gives easy to follow instructions for FreeBSD, Linux, OS X, Solaris and Windows. Ironically, Windows is the hardest one to crack on this point!

It’s a bit of a wake-up call for me.

Advertisements

6 comments on “OS X: So you think you’re password protected?

  1. I have a password on my Mac account because it encrypts the Keychain and secures 1Password. Store anything you seriously want to protected in an encrypted sparsebundle.

    • Congratulations on reading the first sentence and deciding to make your comment just based on that.
      Failspammer.

  2. Yeah. If someone has physical access to your box you’ve pretty much leaked whatever is not encrypted.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s