Different passwords for Filevault and administration

Discussion in 'macOS' started by aiannaccone, Apr 30, 2013.

  1. aiannaccone macrumors newbie

    Joined:
    Apr 30, 2013
    #1
    I'd like to encrypt my files with a reasonably long passphrase, so that my data is safe from brute force attacks even if my computer is stolen. I don't mind entering that long password once on boot/login, but I'd rather not have to enter a long passphrase when I make administrative changes.

    Is there a way to use two different passwords, a long one for Filevault and login and a shorter one for administration?

    Alternatively, can I simply disable password prompts for administrative changes? I can give myself password-less superuser privileges on the command-line using the sudoers file. Is there a comparable setting for GUI-driven privilege requests?

    Thanks in advance.
     
  2. aiannaccone thread starter macrumors newbie

    Joined:
    Apr 30, 2013
    #2
    I'm running OSX 10.8.2 on a late-2012 Macbook Pro Retina (10.1).
     
  3. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #3
    No way around this. When you setup FV2 you are saying "allow this/these accounts to login and unlock FV2", so the login password for a given account unlocks FV2. There is no way to disable to app. install password prompt either. That is a security feature to stop unwanted applications potentially carrying malware from installing themselves.
     
  4. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #4
    No,I don't believe so as it uses your userid password to authenticate you. That is it does decryption on the fly once you are authenticated. The login process for OSX would need to change to have two different passwords. FileVault is integrated into OSX in such a way that you use your userid password.

    ----------

    There is Symantec Drive Encryption's application which may fit your needs better. When it was PGP before Symantec I'd recommend this but now that Symantec owns them I don't think its a good idea (their mac products have not been the best) but check them out.
     
  5. 300DDR macrumors member

    300DDR

    Joined:
    Jul 5, 2012
    Location:
    Los Angeles, CA

Share This Page