Root account security

The root account is disabled to discourage users from "running as root" .

When knowing a privileged users name only the password would need to be cracked. Thus with root disabled a cracker would have to crack both the username and password.

As Mark Jalbert says, 'root' is a well known account. And there are regular probes for open port 22 (ssh) and attempts to login to 'root' using password dictionary lists.

If you were to enable "Remote Login" (ssh), then tell your router to port forward port 22 to your Mac, then come back a few days later, you would find a bunch of failed ssh login attempts for the 'root' account in the Console Logs.

Since your Mac's 'root' account is disabled, none of them can work. And since the script kiddies do not know your personal admin account name, they are much less likely to guess that, and if they do, then they need to guess your password. But the ssh login code will not tell the guesser if they got the name right and the password right. It will give the same error if right name, wrong password, or right password, wrong name. The combined length of your username and password increase the odds of not being broken into.

Disabling the 'root' password has been a hard lesson to be learned in the computer industry, but repeated security failures because the 'root' account was broken into, have eventually sunk in, and very few Unix systems include a fully enabled 'root' account. They all depend on the 'sudo' command.

Now if you go around leaving your Mac unattended and do not require a screen saver password, and strangers can walk up and mess with it, then if they can guess your password, they can get to root. So it is good idea to NOT let you make sit unprotected around strangers, and it is a good idea to use a good password for your admin account

Then again, if you let your Mac sit around unattended with strangers, they could just remove your hard disk and look at it from another computer, unless you also use FileVault to encrypt the disk.