Anyone can change the password to my mac, ridiculous

Discussion in 'macOS' started by tennismanclay, Jul 6, 2008.

  1. tennismanclay macrumors regular

    tennismanclay

    Joined:
    May 11, 2007
    Location:
    US-Texas
    #1
    Ok so yesterday my cousin (huge pc user) said he could change my admin password without him knowing it. After a laugh i let him try. I came back later and i couldn't log in. He had successfully changed my password without knowing it what so ever. He finally told me what he did, apparently he booted into single user mode and typed some of those fsck and mount -uw junk, then he simply typed passwd and my account name, and it asked for a new password.

    My first questions is how do i make this so he cant do it, would enabling root or firevault or something help?

    If not this is ridiculous since this is the most secure OS, right?


    -Clay
     
  2. ajthomason macrumors 6502

    #2
    I believe enabling the Firmware Password will prevent access to single user mode.
     
  3. Tallest Skil macrumors P6

    Tallest Skil

    Joined:
    Aug 13, 2006
    Location:
    1 Geostationary Tower Plaza
    #3
    I love single-user mode.

    My mom's school locked her out of being able to administrate the four iMacs that she got with a grant (because her school refuses to buy her Macs), so I booted into single-user mode and created a new administrator account so that I could give her account on each computer administrator access.

    Firmware passwords are handy. People who don't know enough to use them (the Microtards in her tech room) are very vulnerable.
     
  4. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #4
    Remember if someone has physical access to the machine, they can still defeat Open Firmware passwords by removing or adding a stick of RAM, thus allowing a PRAM reset even if an OF password is set.

    This dates from 2005, but I'm pretty sure it's still valid:

     
  5. The General macrumors 601

    Joined:
    Jul 7, 2006
    #5
    The problem could've been solved by:

    1. Not giving him your computer.
    2. Not letting him change your password.

    It's not like you could go to a website in Safari catch a virus that changes your password.
     
  6. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #6
    Like others have said, you can change the password on pretty much any machine running any OS (OS X, Windows, Linux) if you have physical access to the machine.
     
  7. ajthomason macrumors 6502

    #7
    Open Firmware was the one on PowerPC Macs, not Intel ones - it is no longer valid.
     
  8. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #8
    From Apple:
    Unless the specific bypassing process from the 2005 article no longer holds.
     
  9. Tallest Skil macrumors P6

    Tallest Skil

    Joined:
    Aug 13, 2006
    Location:
    1 Geostationary Tower Plaza
    #9
    I have one on mine. 17" Core 2 iMac.
     
  10. ajthomason macrumors 6502

    #10

    From Apple:
    I'm not sure what the list was from, but that quote from http://support.apple.com/kb/HT1352 Says it all really...
     
  11. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #11
    I stand corrected. We quoted the same kb article. Apparently you just read more closely. ;) Notwithstanding any differences between Open and Extensible, I still wonder if the RAM change method still applies. I really don't feel like futzing with it right now...
     
  12. ajthomason macrumors 6502

    #12
    You can still have a firmware password on an intel mac, but it isn't using Open Firmware though (it uses EFI) - so that problem should not be, well, a problem.

    :)
     
  13. applefan69 macrumors 6502a

    applefan69

    Joined:
    Oct 9, 2007
    Location:
    Medicine Hat
    #13
    also not ANYONE could change ur pasword, it would take someone with quite a bit fo experience in command line and UNIX.

    Plus they have to have physical access to your computer, this kind of thing is not new and is not really a big security threat, and like others have said there is way to prevent even this minute security hole.
     
  14. t0mat0 macrumors 603

    t0mat0

    Joined:
    Aug 29, 2006
    Location:
    Home
    #14
  15. priller macrumors regular

    Joined:
    Dec 15, 2007
    #15
    or a Leopard DVD.
     
  16. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #16
    Not if the Firmware password is set -- they won't be able to boot from the DVD without it.
     
  17. HLdan macrumors 603

    HLdan

    Joined:
    Aug 22, 2007
    #17
    Seems scary using the Firmware password thing if it prevents the use of starting up with the DVD. At any rate the OP doesn't have much to worry about, only a very tiny percentage of the world know how to boot into single user mode and perform the FSCK commands, I don't even know how to do it and I've been on the Macintosh for 12 years now, I just never bothered to learn.
     
  18. The General macrumors 601

    Joined:
    Jul 7, 2006
    #18
    And if they have access to the hardware, they can reset the firmware password and then boot to the DVD. Or they can take the harddrive out and put it in an external enclosure and get your data.

    There is no way around it, you can't protect yourself from attackers with access to your hardware.
     
  19. ajthomason macrumors 6502

    #19
    That's what file vault is there for. :D
     
  20. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #20
    Which is what we've already established--I was only mentioning that simply having a Leopard DVD is insufficient to bypass Firmware passwords. The RAM change is probably the quickest & easiest means to defeat it. Two or three minutes and you're in.
     
  21. The General macrumors 601

    Joined:
    Jul 7, 2006
    #21
  22. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #22
    I'm less worried about data security with FileVault than I am totally hosing myself somehow by forgetting the password. Until there's an instant DNA authentication combined with iris scan (and a 78-bit password, to boot), we just have to take our MacBooks to the potty with us, I suppose. :D

    Curious, though, is that RAM dump attack applicable to the Mac OS & Firmware?
     
  23. ajthomason macrumors 6502

    #23
    Damn it!

    *Rips out power cable, throws MBP on the floor and using only fingernails, tears apart the case, removes the hard drive, takes out a hammer and smashes it to pieces*

    They'll never get it now ;)
     
  24. SimonTheSoundMa macrumors 6502a

    Joined:
    Aug 6, 2006
    Location:
    Birmingham, UK
    #24
    Unfortunately it is normal for UNIX to allow for the master password to be changed via passwd.

    You just need to disable single user mode and stop passwd from being used to change passwords. Google will give you more help, rather than me repeating what I google.
     
  25. Sonicjay macrumors 6502a

    Sonicjay

    Joined:
    Jan 1, 2008
    #25
    Except that it already happened to him..

    Anyhow, great thread!
     

Share This Page