Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: A FileVault/wake from sleep password issue' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: A FileVault/wake from sleep password issue
Authored by: simX on Jul 10, '06 12:22:29PM

*sigh* This is not a hint. This is NORMAL behavior.

The login window is different from security authentication, yes. In all security authentication dialogs that come up, the name/password for ANY administrator user can be used. This is logical, because if you are logged in under a normal non-admin account, you need ADMINISTRATOR privileges to do things, and your own login/password combo can't be used for those purposes.

In a sense, the wake from sleep/screensaver dialog is a special case because it allows a NON-administrator user to unlock it (as well as all admins) -- that is, only the combo for the account that is currently blocked. If you're not that user or an admin, you can click the "Change User..." button to get back to the login window. It wouldn't matter if Mac OS X blocked admins from being able to unlock this panel, because they can get access to root privileges (through authentication), which allows them to do anything, including accessing your account. And, by the way, FileVault home folders usually have a backdoor password available to administrators, so that if you forget your password, there's another one that can still unlock your files. It's highly recommended that you use this.

This issue appears on MacFixIt every 6 months or so, and each time it gets taken down because this is OBVIOUS DESIGN. Please delete this hint from MacOSXHints -- it does not belong here.



[ Reply to This | # ]
Not really true
Authored by: buz on Jul 11, '06 03:34:53AM

Your comment is not entirely correct in my opinion. The point here is that *after* a FileVault disc image in opened, who can access it?

In my opinion knowing the admin password should not automatically grant you access to the encrypted homes. What would it be the point of securing your home directory when it is just a matter of resetting the admin password to access your home?

To me encrypting your home means that not only you secure your data fron network related problems, but most important fron the physical access to your computer.

What security would be to start up your computer fron an ipod and access all your data.

The point here is whether it is correct or not that after a user logs in and opens his FileVault image, would that image be granted to anyone having admin password?

Note: the FileVault option is supposed to protect you data, and if you forget your password there is no (easy) way to recove your files.



[ Reply to This | # ]
10.4: A FileVault/wake from sleep password issue
Authored by: dan55304 on Jul 11, '06 06:37:02AM
This issue appears on MacFixIt every 6 months or so, and each time it gets taken down because this is OBVIOUS DESIGN. Please delete this hint from MacOSXHints -- it does not belong here.
Nonsense. While this may not be a typical hint, the resulting comments provide lots of "hints" how this "feature" works and is valuable information to Hints readers.

We don't need to be condescending to those providing useful information to the community. This just breeds fear to post a hint because of the backlash of a few.

[ Reply to This | # ]
10.4: A FileVault/wake from sleep password issue
Authored by: martyl on Jul 14, '06 08:28:24PM

My main issue with this is that since the Security control panel has a checkbox that says "Require password to wake this computer from sleep or screensaver", it implies a certain degree of protection, more than could be defeated by a 3-year old. If you're an advanced user who knows the subleties of this behavior, that's great. But it's far from obvious or intuitive to the "average" user, who legitimately expects that encrypting an account with FileVault, then seeing it ask for a password means that their data is somewhat more secure than the equivalent of popping a doorknob lock with a paperclip.

---
Marty Lindower



[ Reply to This | # ]