05-29-2012, 07:51 PM
|
#1 |
|
Guest
Posts: n/a
|
How to protect a Mac from the password reset trick
What is the best way (other than by the gadget it inside a secure place) to prevent a Mac desktop or laptop from being broken into? I'm asking this because I've just found out that one can get into another's Mac by simply resetting the passwords through the "reboot, press Cmd-R" trick. Thank you.
 This works in Lion. What I know of the previous OSes is that you need to use a an installer DVD or connect a target gadget to another via Firewire and reset the password using one of the tools from the working computer. |
|
|
05-30-2012, 10:17 AM
|
#2 |
|
Moderator
Join Date: Jun 2003
Location: Boulder, CO USA
Posts: 19,551
|
__________________
How to ask questions the smart way |
|
|
|
05-30-2012, 11:16 AM
|
#3 |
|
Hall of Famer
Join Date: Jan 2002
Posts: 2,934
|
Even the EFI password can be broken by changing the amount of RAM in the machine. Sinigang...what are you worried about? Anyone with physical access to your machine and the proper knowledge is going to be able to break into it--with one exception. The only sure way to make your data secure is to encrypt everything, so if that is your goal you should look into FileVault.
|
|
|
|
05-30-2012, 12:18 PM
|
#4 |
|
League Commissioner
Join Date: Jan 2002
Posts: 7,959
|
The "reset the firmware password by changing the amount of RAM" trick does not work with new Macs since (approx) fall 2010, and particularly those that would have shipped with Lion. Nothing to do with Lion, per se - but recent Apple hardware now ignores that reset method.
But, I agree, physical access trumps most forms of security, and an encrypted drive with a strong password is a good choice... |
|
|
|
|
05-30-2012, 06:33 PM
|
#5 |
|
Hall of Famer
Join Date: Apr 2003
Posts: 2,671
|
Encrypted Disk Image might be a better choice
If the amount of Data you need to protect is not huge and you organized you might be better off with an Encrypted Disk Image from Disk Util, 256bit Encryption.
I have never trusted whole disk Encryption. I have seen too many issues over the years with data loss or corruption. Other might disagree. Also note that off site back ups offer Encryption options, e.g. crash plan. By Default the App and Data pass is the same but you can easily change that and should. |
|
|
|
|
05-30-2012, 06:44 PM
|
#6 | |||||||||||||||||||||||
|
Hall of Famer
Join Date: Dec 2007
Posts: 3,642
|
That's an odd statement since OS X has only offered whole-disk encryption since Lion was released 10 months ago. And doing a Google search for data loss lion disk encryption doesn't reveal any issues with FileVault 2 in the first five pages of search results. |
|||||||||||||||||||||||
|
|
|
|
05-30-2012, 08:02 PM
|
#7 |
|
Hall of Famer
Join Date: Jan 2002
Posts: 2,934
|
I understand being cautious with third-party products that operate at the lowest levels of the file system, however with FileVault2 in Lion I think Apple's really done it right. Ars Technica covered the file system changes and specifically addressed File Vault in Lion. It sounds impressive.
|
|
|
|
|
05-30-2012, 08:39 PM
|
#8 | |||||||||||||||||||||||
|
Hall of Famer
Join Date: Dec 2007
Posts: 3,642
|
When I was considering moving up to Lion I was entering a stretch of months where I would be out and about extensively with my MacBook Pro. The new FileVault was one of the primary reasons I made the jump. It's worked well for me, and whatever speed hits there might be from encryption are negligible since I have an SSD. And, yes, even with full-disk encryption I do use encrypted disk images for added protection of some sensitive files. |
|||||||||||||||||||||||
|
|
|
|
05-30-2012, 10:09 PM
|
#9 |
|
Hall of Famer
Join Date: Apr 2003
Posts: 2,671
|
I was speaking of Whole Disk Encryption in general. I am going back many many moons to even the mid 90s.
** I had remembered File vault issues with pre Lion. I do not pretend to be an expert in file vault itself. I did a quick search for fun: Lion file fault problem. See below. https://discussions.apple.com/thread...art=0&tstart=0 Basically, IMHO if an Encrypted Disk image is sufficient for ones needs it is the better option. If it is not then of course onward and upward I suppose... But Back up. Back up. Last edited by anthlover; 05-30-2012 at 10:12 PM. |
|
|
|
|
05-31-2012, 12:53 AM
|
#10 | |||||||||||||||||||||||
|
League Commissioner
Join Date: Aug 2006
Posts: 5,040
|
But do you encrypt the backups as well? If unencrypted backups are in the same physical location as the computer, then that's another security hole! 
|
|||||||||||||||||||||||
|
|
|
|
05-31-2012, 04:37 AM
|
#11 |
|
Hall of Famer
Join Date: Apr 2003
Posts: 2,671
|
My off site back ups are Encrypted with CrashPlan+ 448-bit blowfish encryption as well as disk Image encryption. The local back ups just the Disk Image encryption, no Keychain save of passes. Everything that is "private" is kept in the disk image.
|
|
|
|
 |
| Thread Tools | |
| Display Modes | Rate This Thread |
|
|
Linear Mode
