Skip navigation

What's the security aspect of having a short/weak password for mac?

251 Views 5 Replies Latest reply: Feb 14, 2013 12:27 PM by BobHarris RSS
Feilin Calculating status...
Currently Being Moderated
Feb 14, 2013 7:34 AM

I just realised that maybe having an easy password to simplify logging in from a locked screen might not be such a good idea, after all. I suppose anyone with my password and my physical machine can do just about anything, but what of remote access and such attacks? How big is the risk of having someone guessing my password and doing nasty stuff? I kinda got cold feet and changed to something that was green in the built-in password analyser, but looking at the strength level of my former password was kinda worrying (red's a bad color, right?...)

 

Is there a way to lock the screen (when folding the lid etc) with a password that's super easy (just to scare off prying partners etc) that differs from the one I use as admin? (preferrably without any third party apps)

 

Not as big of a risk, but what about having the same pass as the apple account? I can't see any particular risks with that, so long as it's "strong enough".

MacBook
  • Linc Davis Level 10 Level 10 (108,160 points)

    The password to unlock the screen is the same as your login password. You can't change that.

  • BobHarris Level 6 Level 6 (12,545 points)

    Risk all depends on where your Mac is sitting.

     

    At home behind a home router, then just the risk of theft and other family members.  If the disk is encrypted (FileVault, TrueCrypt, PGP Whole Disk Encryption), then even theft is lower risk, if the password is difficult to break.

     

    If you do not have any open ports (no System Preferences -> Sharing -> Screen Sharing, File Sharing, Remote Login, Remote Management enabled), then even if you are out and about, there would be no ports to enter your weak password to gain access.

     

    I would suggest a long, but easy to type and remember password.  Longer passwords trump difficult to type and remember passwords.  For example "this is fairly secure" is easy to type (even on an iPhone/iPad/iPod Touch), but is also very difficult to crack (centuries and centuries of brute force attacking).

     

    See <https://www.grc.com/haystack.htm>.

    Also see: <http://xkcd.com/936/>.

  • BobHarris Level 6 Level 6 (12,545 points)

    Any single dictionary word is at risk because it is easy to go through an electronic dictionary, or just gather unique works by processing all the words from web sites.

     

    Any well known phrase can be added to a dictionary attack.

     

    Commonly used passwords, such as "12345678" or "password" (there are lists available) are part of a cracking dictionary.

     

    After that, it is brute force.  Combining words from a dictionary gets into combinational numbers that makes things difficult.  Add in some easy to type repeated characters will add length but not be part of a cracking dictionary.

     

    Contrary to Hollywood showing passwords being cracked 1 letter at a time, the real world says you have to get it exactly correct, or as far as the login is concerned it is totally wrong.  You do not get told if you got some of the password correct.  So once the cracking dictionary attack fails, it is now a brute force attack that has to try every combination of letters, numbers, special characters.  Thus length matters, not difficulty to enter.  Make your life easy and crackers hard

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.