Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Create a 'hidden at login' Admin account' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create a 'hidden at login' Admin account
Authored by: Shawn Parr on Jun 05, '07 08:05:39AM

Bear in mind that this will only work against very casual 'bad guys.'

Anyone who can get a Mac OS installation disk (very easy) can see a list of the user accounts on the computer, change their passwords without having to know the current version, and enable the root account. All just by popping in a disc and holding down the 'C' key.

With that in mind, if you are so worried about people 'seeing' that there is an admin account, why are you using a list of users anyway? Isn't your personal data what is really important? As such if they can click on your name in a list they have already 'guessed' 1/2 of the equation of getting into your account, and thus your personal files, keychain, etc.

Setting the login to display a username and password prompt is a much more effective solution, is easier, and can be done later, rather than having to re-install if you didn't know how to do it initially.

Of course that still doesn't fix the initial issue of using an install disc to change passwords, but you can use filevault to take care of that since changing the password via the install disc is only for the login process, not for the filevault encryption.



[ Reply to This | # ]
Use the keychain too
Authored by: SuperCrisp on Jun 05, '07 09:05:31AM

Yes, yes, security at login level on a Mac is only for casual defense. Store passwords in keychain or a similar app, at the very least. I suffered identity theft twice in my life, once way back in the late 80s when a Mac classic was stolen from my desk, and then again in the 90s by someone who nabbed a palm pilot and wallet off me. It's a hard lesson to learn, but when you get all sorts of bills on your credit card from St. Petersburg, Russia or from a store three states away, you start to catch on. Especially the second time when your bank starts to get a bit annoyed with you. Lock down the stuff that really matters. If you have THAT much stuff that matters secrecy-wise, why are you getting security advice here instead of from Q down in the basement?



[ Reply to This | # ]
Create a 'hidden at login' Admin account
Authored by: pub3abn on Jun 05, '07 09:16:12AM

I believe the install disc technique would only work if someone has not installed the Open Firmware Password utility from Apple (highly recommended for that reason).



[ Reply to This | # ]
Create a 'hidden at login' Admin account
Authored by: designr on Jun 05, '07 09:58:39AM
I believe the install disc technique would only work if someone has not installed the Open Firmware Password utility from Apple (highly recommended for that reason).
The Open Firmware Password is useless if someone has physical possession of the box.

To remove Open Firmware password setting:
1. The total amount of RAM in the computer must change. This can be done by either adding or removing DIMMs.
2. The PRAM must be reset 3 times by holding down CMD+OPT+P+R at restart.
This will completely bypass the password protection.

Instead I use FileVault for the account that has really important data. I use Keychain or a third party password utility like Password Wallet for everything else.

[ Reply to This | # ]