William Lloyd wrote:
Well... what are you hoping to achieve?
True, if a system is locked and the username is displayed, then a bad-actor would "only" need to know the password, and not also guess the username. So they have half the information they'd need to break in. But, realistically, a better solution is just to use an adequately secure password. Something simple in the 14 character range should be plenty secure when FileVault is turned on.
If it's a device that would be "broken into" by a local person who would spy on your data and then leave you could run the "last" command to see if anyone has logged in that you didn't recognize. Otherwise, if it's stolen, using something like Find My Mac to remotely lock it or erase it (or track it!) may be a better approach than just trying to hide the username.
FWIW even if you DID manage to hide the username, if you have FileVault 2 turned on, the EFI boot screen will display all authorized users who can unlock FV2 and log in. You can't do username and password there. It's a known limitation for now... so if you figured out some trick, the person could find the username by just rebooting the Mac.
A higher level of security after system boot. Some were security deficits I ignored for years while others are just a result of someone accessing the system to make sure it works (I verified this) after it had fallen (my home has security cameras internal and external part of the whole "Smart Home Control System"). While that's a noble cause and I don't hold that person with any disdain in as a result, if it had been a nefarious actor the system was very exposed and has access to the most heavily secured PC in the home which is a gateway to the servers and network switches and a lot of other things not to mention that the system uses LastPass for Password Management (too many websites) as well as 1Password.
While FileVault Disk Encryption shows authorized usernames it doesn't show it until after the EFI Password (you can set EFI back to "Full" mode via Terminal resulting in the system asking for a password at boot no matter whether your just booting the startup disk or not) so rebooting the system will just completely lock them out.
The password was and is secured; the Mac just wasn't enforcing anything like screen saver locking (etc.). However, it's starting to amaze me at how many basic security methodologies are missing. I shouldn't have had to use Terminal to set EFI to require password at boot in any scenario; it should have been an option like it was in older OS X versions.
Maybe I am overstepping the security of the Mac but given the access it has to the far more secure information; well, you know how the story goes.
pinkstones wrote:
Guardian Hope wrote:
pinkstones wrote:
Guardian Hope wrote:
Rysz wrote:
System Preferences > Security & Privacy > General > select checkbox for Require password immediately after sleep or screen saver begins.
BTW, are you really saying that concerned as you are about security, you never visited the Security & Privacy preferences pane?
It would be great if the forums would let me quote both of you but it does not. Those settings I already know about and those settings have already been set. What I am looking for however is a little different and I have done it a multitude of times on Windows - just never OS X.
When the computer wakes from sleep it already has the username of the last active user. What I am asking is if there's a way to have it require the username similar to when you tick the box to require username and password at the main login screen?
In Windows and even RHEL based Linux, I can do this in about a minute or two respectively but in OS X I can't find anything regarding such a scenario.
Windows is not OS X. You shouldn't expect them to be the same. All I know of existing is what is in System Preferences. I've had Mac OS's since Snow Leopard, and I don't recall ever seeing such a setting or function.
Indeed Windows is not OS X but I did bring up RHEL based OS including RHEL, CloudLinux, and CentOS. I have even done it on Ubuntu. I hopped onboard the OS X train with Snow Leopard as well and I was amazed at how much OS X and Unix/Linux are alike. Dress it up anyway you want, underneath the hood, OS X is Unix which is why I can type into terminal "uname -a" and get all the kernel information or open nano with no line breaks by typing "nano -w newfile.txt."
I figured there would be something to actually accomplish this; even if I had to delve into XCode to play around with a plist file.
The reason I said that is I see a lot of first-time Mac users here who migrated over from Windows, asking why they can't do XYZ like they used to on their PC, and you have to tell them that the two operating systems aren't exactly the same, and while there are commonalities, maybe just using different keyboard commands (Control + C vs. Command +C, eg.), there are still stark differences as well.
Understandable. I use a multitude of operating systems day-to-day so I am very experienced with. I will admit, back when I first started with OS X I was in for a shock. I had to get RightZoom so that window zooming worked like Windows and TotalFinder to get the OS to list folders on top because it was irritating to not have folders above all files. After more than six years of using OS X, I am pretty used to everything now and got everything the way I like it though RightZoom doesn't work anymore.
