Just yesterday I've discovered that anyone who has physical access to my Mac can easily reset just any password by using the "resetpassword" command from Lion's recovery partition. My question is: is there a way to avoid that?
If they have physical access to your Mac, they can boot it up in Target mode (making the whole Mac an external drive to another Mac), or take the drive out and mount it in an external case.Just yesterday I've discovered that anyone who has physical access to my Mac can easily reset just any password by using the "resetpassword" command from Lion's recovery partition. My question is: is there a way to avoid that?
If they have physical access to your Mac, they can boot it up in Target mode (making the whole Mac an external drive to another Mac), or take the drive out and mount it in an external case.
The best way to avoid such problems are not to leave your expensive computer lying around, and place it in a locked drawer when you're not using it.
Many people leave their laptops continually running, and don't leave a password to get past the screensaver.not with disk encryption. and the recommended methods provided previously.
But, yes proper watch over your stuff is the first step.
Also Back-ups are critical!
Many people leave their laptops continually running, and don't leave a password to get past the screensaver.
Some people let their dorm buddy use their laptop on the same account.
In short, encryption is fine, but it's just one defence against some, but by no means all, of the security threats to your computer.
Most thieves are not Tom Cruise trying to access your special data without you noticing, but will probably just wipe the disk and sell the laptop.
I dunno -- erase it using Linux or Windows? I'd be surprised if diskutil didn't let you somehow, though.Also, tell me how you can erase an encrypted disk? if it were that easy it wouldnt be a defacto encryption process.
And I would expect enterprise-level guys to be following a lot of procedure that most domestic users don't.
Yeah, the Enterprise level equipment with sensitive data is locked in a limited-access secured data center.