Firmware password not secured?

Discussion in 'macOS Sierra (10.12)' started by blackbirdz, Dec 25, 2016.

  1. blackbirdz macrumors member

    Joined:
    Apr 2, 2012
    #1
    I want to secure my Mac so that even me or our NSA friend would not be able to login without correct password. I thought firmware password is secured, but Apple said:

    If you can't remember the password you set using the Firmware Password Utility or Find My Mac, schedule a service appointment with an Apple Retail Store or Apple Authorized Service Provider. Bring your proof of purchase (original receipt or invoice) with you.

    It sounds like the procedure is very easy so long you have receipt, Apple service provider could open it. Is there anyway to make MacOS like iOS? If password is forgotten, even Apple won't be able to open it (not sure whether this is true or not, but it's much more secure than providing receipt).

    Any feedback?
     
  2. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #2
    You want to use FileVault disk encryption, not so much the firmware password.
     
  3. fisherking macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #3
    i always had a firmware protection on my powerbooks, macbooks. but this year, i couldn't get in to recovery on my 2015 macbook pro, and wound up taking it to an apple store, & having them remove the FW password. will not try that again....
     
  4. psik macrumors 6502

    Joined:
    Aug 21, 2007
    #4
    this dont make sense
     
  5. fisherking macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #5
    i could not get past the firmware protect window; the cursor would freeze before i could either move to the input window (for my password), or freeze as soon as i typed a letter or 2. and since i couldn't get in, i could not reinstall the OS.

    i tried any number of things, finally called apple. they sent me to an applestore, where (armed with my purchase receipt), they kept my MBP for 2 days, and removed the firmware protect.

    am sure this is an isolated incident, and i never had a problem previously (i've owned macbooks/powerbooks since the 2400c).
     
  6. bcave098 macrumors 6502

    bcave098

    Joined:
    Sep 6, 2015
    Location:
    Northern British Columbia
    #6
    +1
    Especially considering taking the hard drive and putting it in another computer is an easy workaround for a firmware password.
     
  7. xraydoc macrumors 604

    xraydoc

    Joined:
    Oct 9, 2005
    Location:
    192.168.1.1
    #7
    Unless you have one of the new MBPs with non-removable SSDs.
     
  8. zaxxon72 macrumors member

    Joined:
    Oct 5, 2007
    #8
    And for those, Apple added a connector on the board so they can be accessed from another machine.
     
  9. xraydoc macrumors 604

    xraydoc

    Joined:
    Oct 9, 2005
    Location:
    192.168.1.1
    #9
    True. But my understanding is that, at least thus far, the equipment required is entirely proprietary.
     
  10. Undecided, Dec 27, 2016
    Last edited: Dec 27, 2016

    Undecided macrumors 6502a

    Joined:
    Mar 4, 2005
    Location:
    California
    #10
    Hardening your personal computer against the NSA is an unrealistic goal, I believe. Especially since all bets are off once the attacker has physical access. Better to just stop the common thief.

    The firmware password will just prevent booting from a different drive, which is what would typically be done to wipe an encrypted internal drive and have a new, clean computer. Filevault, of course, prevents access to your data, so that's essential.

    Bottom line: if you want to protect your data, use Filevault. If you want to turn the device into dead weight if it's stolen, use a firmware password (and FileVault). As you know, the firmware password can be reset, so know your serial number and report it as stolen to Apple. That way, it can be intercepted if they bring it to Apple to reset the firmware password. (There are also third party tools, but a common thief won't have them, I don' think.) Frankly, I wish the firwware password and FileVault were required - that might discourage theft once word got out.
     
  11. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #11
    This is exactly right, and very well said.
     
  12. fisherking macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #12
    apple will only reset the firmware password if either a: you bought your mac from apple, or b: you bring in proof of purchase (which is what i had to do). so a stolen mac brought to an applestore would never get the FW password reset...
     
  13. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #13
    I was hoping that the introduction of the Secure Enclave on the new MacBook Pros would be a step towards this, but it seems that this is not the case. At least Apple has not advertised this so far.
     
  14. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #14
    I don't think Apple tracks stolen Macs. At least from what I have read I have not seen any evidence that they track them. Even Apple's support doc here just tells you to report it to the police.

    Another flaw in this is there are eBay sellers who will reset the EFI for you. I have been skeptical if this works, but the two I see on there now have a bunch of favorable reviews and I have seen forum posts here from people who successfully used these services.

    I notice both the sellers are saying their method no longer works on 2015 and newer models though.
     
  15. fisherking macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #15
    either way, apple itself will not reset a firmware password without proof of purchase...
     

Share This Page