Changing Forgotten Administrator Password

Discussion in 'Apple' started by TaliesinSoft, Feb 14, 2006.

  1. TaliesinSoft

    TaliesinSoft Guest

    Tonight I was quite taken aback with the ease with which one can replace a
    forgotten administrative password. In about a minute one can reset the
    administrative password without having the foggiest as to what the current
    password is. This seems like a major lapse of security. I'm interested in how
    others feel.
     
    TaliesinSoft, Feb 14, 2006
    #1
    1. Advertisements

  2. It depends on how you did this. Using the Mac OS X install disk? No
    surprise; if someone has physical access to the machine and intends to
    violate security, they'll do it, and this is nothing new.

    Using some other method? Hard to say without more detail...
     
    Tom Harrington, Feb 14, 2006
    #2
    1. Advertisements

  3. Which can be reset almost as easily by anyone who is able to open up the
    case, so you'd probably also want to put a padlock on the Mac's security
    latch (assuming it's a tower Mac).
     
    Wayne C. Morris, Feb 14, 2006
    #3
  4. Did you have physical access to the box? Then normal, expected and
    required.

    Via "sudo"? Out of the box, OS X has "good enough" security for most.
    If you need to restrict sudoers, read the man page or the OS X Server
    docs from Apple.
     
    void * clvrmnky(), Feb 14, 2006
    #4
  5. Letting someone untrusted have physical access to your machine is a
    fundamental and major lapse of security. That's one of the most basic
    principles of system security. Almost all security measures are no good
    if someone gets such access. Ok, the person might actually have to have
    the experience level of - say - the average high school script kiddie.
    And it might take, say 5 or 10 minutes instead of 1. But basically, once
    someone gets physical access, you have lost it all.

    For example, just plugging the disk into another system that the
    intruder brings along is absolutely trivial and will defeat almost all
    security measures. That *IS* script-kiddie-level stuff - no real
    "smarts" required.

    Just about the only defense against that kind of thing is encryption.
    And encryption can be a big PITA. Casual users, for example, are
    *ALWAYS* forgetting their passwords. Make it so that this permamently
    looses all their data with no possibility of recovery and you'll have a
    lot of pissed off casual users - really quite a lot of them and really
    very pissed off.

    Apple does offer encryption options. Make sure you understand the costs
    before using them. Like many things in life, security has a cost and
    must be traded off against other things. It ain't free.

    If someone breaks into your house and steals your desktop among other
    things, odds are that them being able to read the data from it isn't the
    biggest of your problems. (Do contact all your financial institutions
    right away though, if you do anything financial on it). Laptops have
    very different tradeoffs. You need to think carefully about putting
    sensitive data on laptops and about securing it if you do.
     
    Richard E Maine, Feb 14, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.