Previous 1 2 Next 23 Replies Latest reply: Feb 22, 2013 1:56 PM by OrangeMarlin
OrangeMarlin Level 5 Level 5 (5,140 points)

I was reading a thread, helping someone who had lost his admin password and installation disks (yeah, I know, I thought the same thing). I know that if someone stole my computer, they could just wipe my hard drive and they could just do whatever they wanted, but I thought my data was secure. But one of the old-timers around here (well, I've been posting for 10 years, but not at the level of some of you guys) posted this link:

 

http://osxdaily.com/2010/08/10/forgot-mac-password-how-to-reset-mac-password/

 

In other words, with a simple hack at startup, you can reset the admin password, and gain entry into my Mac. Well, that pretty much ruined my day. I knew that the admin password was useless, it's just to keep girlfriends/children/creepy friends out of my computer, but I assumed that if you did get in through some hack, the keychain, for example, was locked.

 

Here's what I've done or I'm considering doing:

 

  1. De-link the keychain from the Admin password. I had recently linked them, because I thought I was secure, but now I know it's not.
  2. Most of my stuff is in 1Password which is rock solid from everything I've read.
  3. I'm out of ideas.

 

I've never considered Filevault, ever since trying it many years ago and having all kinds of problems. I guess that's a possibility. Is there any type of root password? I mean why can someone access my Linux root with a simple hack at log-in?

 

Any other security ideas or links would be helpful. I need to balance paranoid protection and ease of use. Once I log into my computer, I usually am around to watch it (since it's an iMac). When I leave the house, that's when I want it locked down.


iMac (27-inch, Late 2012), OS X Mountain Lion (10.8.2), 16GB, 1GB video, 1TB drive
  • Kappy Level 10 Level 10 (251,085 points)

    Note that the hack only works if the person has physical access to the computer. It doesn't mean that I could hack into your computer from some other physical location.

     

    Are you in a location where people you don't know or trust would have access to your computer? If not then you are worrying over nothing. If you keep sensitive material on the computer then be sure it is protected.

  • Barney-15E Level 8 Level 8 (41,140 points)
    but I assumed that if you did get in through some hack, the keychain, for example, was locked.

     

    It is. What part of that article gave you the impression it is unlocked? I guess this throwaway line might seem to imply that, but it is not true: "All user files and settings are maintained as before the password was forgotten"

     

    You don't need to go to the trouble they did. If you just boot into the Recovery HD, select Terminal from the Utilities menu, and type "resetpassword"

     

    You can then reset the password, but it still does not unlock the keychain. You must reset the keychain password from within Keychain Access.

     

    You can also defeat that, to an extent, with a Firmware password: http://reviews.cnet.com/8301-13727_7-57542601-263/efi-firmware-protection-locks- down-newer-macs/

  • thomas_r. Level 7 Level 7 (29,980 points)

    As Barney has already pointed out, your keychain is fine. Even if you have it set to auto-unlock on login, if the thief has to reset your password to get access to your account, that means that the keychain will no longer auto-unlock, because the passwords won't match. There's no way to get a keychain open, once it's locked, without providing the correct password. (Well, technically, I think there is - or was - a way to get it from RAM under certain circumstances, but that requires a level of sophistication and determination that the average thief will not possess.)

     

    But, beyond that, any unencrypted data in your user folder, or elsewhere on your hard drive, is fair game. If that's a concern, encryption is the only option. FileVault is one possibility, if everything on your hard drive would be considered sensitive. For me, very little is sensitive, and what is sensitive is locked up somewhere... in the keychain, in 1Password or in an encrypted disk image file (where I keep all manner of files containing serial numbers, passwords, bank account information, social security numbers, etc).

  • OrangeMarlin Level 5 Level 5 (5,140 points)

    Kappy wrote:

     

    Note that the hack only works if the person has physical access to the computer. It doesn't mean that I could hack into your computer from some other physical location.

     

    Are you in a location where people you don't know or trust would have access to your computer? If not then you are worrying over nothing. If you keep sensitive material on the computer then be sure it is protected.

     

    I'm presuming that someone will get ahold of my computer physically through theft. Assume the worst, hope for the best.

     

    All of my sensitive information is in three places: an encrypted disk image, Keychain and 1Password.

  • William Lloyd Level 7 Level 7 (20,925 points)

    The only way to secure your data is to encrypt it.  FileVault 2 works well.  It's perfect for a laptop.

     

    If your laptop is unencrypted you cannot secure the data on it.  Period.  It's trivial for anyone who steals your laptop to get the data if it's unencrypted: It's a 2-minute operation (maximum) for anyone to access all your files.

     

    Ergo, use FileVault 2.  Then when your machine is asleep or locked... your data is pretty safe.  Yes, a thief would be able to wipe your laptop and make it theirs, but they wouldn't get your data.

  • OrangeMarlin Level 5 Level 5 (5,140 points)

    This is confusing, because the article implied that once you hacked the admin password by resetting it, you were in. But what you all are saying is that even though I have linked the Keychain password to the admin password (by clicking on Synchronize login keychain password with account, and Set login keychain as default), I am safe, because once someone hacks into the admin account (or I forget my admin password), the Keychain still requires the forgotten password?

     

    Is there a recent article somewhere to confirm all of this? The only thing I worry about are my financial records, my company financial records, and all of the passwords stored in the Keychain, which I assume is about as tough as you can get to hack.

  • OrangeMarlin Level 5 Level 5 (5,140 points)

    William Lloyd wrote:

     

    The only way to secure your data is to encrypt it.  FileVault 2 works well.  It's perfect for a laptop.

     

    If your laptop is unencrypted you cannot secure the data on it.  Period.  It's trivial for anyone who steals your laptop to get the data if it's unencrypted: It's a 2-minute operation (maximum) for anyone to access all your files.

     

    Ergo, use FileVault 2.  Then when your machine is asleep or locked... your data is pretty safe.  Yes, a thief would be able to wipe your laptop and make it theirs, but they wouldn't get your data.

     

    I have an iMac, but my concerns remain the same. Again, corporate and personal financial data are in an encrypted disk image that has a password not stored in the Keychain, but it is stored in 1Password, which has another pretty complex password. Breaking an encrypted disk image is pretty **** tough, probably no easier than FileVault, though I may consider it.

     

    My worry is really Keychain access. And I guess access to iCloud and email and everything else. If they get past the admin password, and enter my computer, will they be able to read emails, my web browsing, whatever. Even with FileVault?

     

    I think my question is more complex. Let's say they hack the admin password like is described in my original post. Here are my questions:

     

    1. Is Keychain secure? The answers seem to be it is, but if someone could point me to something that confirms that, I'd be much happier.
    2. Is my email secure? I assume that the passwords are tied to the Keychain, so if that is locked, then email is locked?
    3. Is FileVault easier to use than an encrypted DiskImage (which has some annoyances, like once you set the size, it's done, and Time Machine always thinks it's been changed, and backs up the full 25 GB at each backup).
    4. How secure is my Time Machine backup? Can it backup FileVault or am I going to mess up stuff. I know I could probably look that up, but I figured since you all are here, you'll just help me out.

     

    By the way, this hack is really lame. It probably is beyond the skills of any thief, but seriously being able to gain admin access with a simple Linux command line statement? That boggles the mind.

  • William Lloyd Level 7 Level 7 (20,925 points)

    Nobody needs to "hack" the admin password to a machine.  It's possible to simply reset it.  There is nothing you can do to prevent this, and it's not really a security risk.  If someone has physical access to an unencrypted system, it's all over: Your data is available to them.  The account password will NOT prevent them from accessing this data, period.

     

    Note however that resetting the account password will NOT give the person access to your password.  It will just reset it to something else.  So if you have data in your keychain (or in 1Password, both are equally secure), such as passwords, that information is not available as it is encrypted and locked.  But, basically, this info is the ONLY data that is secure on a system that is not encrypted with FileVault 2 or other full disk encryption software.

     

    Setting your admin password and keychain passwords to be different is not really any more secure, and it is more tedious in every day use.

  • OrangeMarlin Level 5 Level 5 (5,140 points)

    Barney-15E wrote:

     

     

    You can also defeat that, to an extent, with a Firmware password: http://reviews.cnet.com/8301-13727_7-57542601-263/efi-firmware-protection-locks- down-newer-macs/

     

    OK, this I like. This pretty much blocks the hack dead in the tracks as far as I can tell. Although forgetting this password does not appear to be something one should do.

  • William Lloyd Level 7 Level 7 (20,925 points)

    1.  Yes, keychain is secure.

    2.  No, your email is not secure.  It's unencrypted on disk.  It's available.

    3.  Yes.  FileVault 2 is MUCH easier to use than encrypted disk images.  It's just one setting, and it's pretty much invisible in everyday use.  You'll have no idea it's in use.

    4.  You can encrypt an external volume  that you use for your Time Machine backup.  I recommend this.

     

    This hack is not "lame."  No system with an unencrypted disk is secure.  It doesn't matter if it's OS X, Windows, Linux, or anything else.  Hacking them is as simple as plugging the disk into another system.  An admin password is no barrier to entry at all for local compromise of a system.  It's absolutely critical for you to understand this fact, if you're concerned about the security of your data.

  • William Lloyd Level 7 Level 7 (20,925 points)

    Nope.  Because you can just remove the drive and put it in another computer.  Game over.

     

    Encrypted disk = secure

    Unencrypted disk = not secure.  And it cannot be secured in any reasonable way, for general documents and data.

     

    It really is that simple.

  • OrangeMarlin Level 5 Level 5 (5,140 points)

    William Lloyd wrote:

     

     

    Setting your admin password and keychain passwords to be different is not really any more secure, and it is more tedious in every day use.

     

    Right now, my only worries are the Keychain, as I know 1Password locks itself as soon as my computer goes to sleep or shuts down. I'm going to figure out Filevault, as a quick search through these forums seems to agree with you that it's a good tool, and has really overcome it's past "challenges."

     

    So, once the admin password is changed, the Keychain is locked out. Period, end of story, unless they know the original admin password (which would mean they wouldn't have gone through the trouble).

     

    Slightly off topic, those people who are making recommendations to users who are asking for help here because they lost their admin passwords aren't getting the whole story. They're going to lose a lot of stuff.

  • Kappy Level 10 Level 10 (251,085 points)

    Then I am not sure what you are worried about. If you have an encrypted disk why are you worried you would be hacked? And, this even ignores that you have an encrypted keychain and 1Password.

  • OrangeMarlin Level 5 Level 5 (5,140 points)

    William Lloyd wrote:

     

    Nope.  Because you can just remove the drive and put it in another computer.  Game over.

     

    Encrypted disk = secure

    Unencrypted disk = not secure.  And it cannot be secured in any reasonable way, for general documents and data.

     

    It really is that simple.

     

    So a thief would be angry because the iMac would not run any more, but someone wanting my financial records (if they were unencyrpted, which they aren't), could simply rip out the hard drive (which with my iMac means destroying it), and plug it into anything. Got it. This is very interesting. So the firmware password doesn't lock the drive, just the machine.

Previous 1 2 Next