To quote Bob Marshall: “Security is always relative, never absolute”
When i started contracting, i thought it would be a good idea to make my macbook require a password on booting up or waking up from screensaver. For weeks i’ve been using it fine coming out of screensaver, but today i rebooted. I couldn’t log in. I think it must be something to do with the colemak keyboard layout. I entered the correct password, in colemak and qwerty, but it was having none of it.
Slightly flustered i turned to my phone and searched for “forgot osx password”. Very quickly i found a few articles on how to restart, hold down Cmd + s to get into single user command line mode, and then mount the filesystem for reading and writing.
Without entering a password, you now have superuser access to the whole system. You can reset people’s passwords. You can view and modify files. You can wipe the whole computer if you want to.
All i’m saying is, if you think an account password will protect you, you’re wrong. It may act as a deterrent, but if someone really wants access to your mac, they coud get it in less than 5 minutes.
It’s not just macs either: How To Reset Admin/Root Password gives easy to follow instructions for FreeBSD, Linux, OS X, Solaris and Windows. Ironically, Windows is the hardest one to crack on this point!
It’s a bit of a wake-up call for me.