Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I forgot my imac firmware password?
- Thread starter bengrafik
- Start date
- Sort by reaction score
The last time I set a firmware password was years ago, and I don't remember it having any minimum requirements. This is the password box, and it doesn't list any requirements:
I think that the only way to reset a 2011 or newer Mac if you can't remember the password is by taking it to an Apple Store.
Try this
method one (doesnt delete any data)
hold command S during boot
mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
Ls /users
dscl . -passwd /users/username password
reboot
replace username with your username and password with what you want the password to be
Method two (ALWAYS works... but makes the computer think it is bran new so you may or may not lose data)
command S
mount -uw /
rm /var/db/.AppleSetupDone
shutdown -h now
method one (doesnt delete any data)
hold command S during boot
mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
Ls /users
dscl . -passwd /users/username password
reboot
replace username with your username and password with what you want the password to be
Method two (ALWAYS works... but makes the computer think it is bran new so you may or may not lose data)
command S
mount -uw /
rm /var/db/.AppleSetupDone
shutdown -h now
No, this is NOT the correct method.
And wont work since you dont have your firmware password anyway.
Try the ram removal method, if not an Apple store is youre next bet.
that is not a firmware password reset and does not resolve the OP's problem.
that may work for some admin accounts, but not firmware based passwords.
my appologies.... I assumed it would clear it based on theory
I have never set a firmware password... I dont really understand why anyone would want to... but if the mac store is able to reset them there must be some sort of universal password out there
They wouldn't risk a universal password, it would be leaked easily. Firmware password resets (when you don't know the password) generally require doing something physical to the hardware.
Here is what the Apple Genius does when you go in for a EFI PW reset. After you have proved the machine is yours, they will do the following.
1. Option key boot which will result in the EFI PW entry screen.
2. While still in that screen hit command+control+option+shift+s keys all at once. This will bring up a 33 character hash code that uniquely identifies your machine.
3. The Genuis will email the Apple mothership that hash code with a request for a "keyfile" to reset the PW.
4. The keyfile (about 350 bytes) is sent back to the Genius.
5. The Genius puts the keyfile on a USB key and option key boots the machine.
6. The machine reads the keyfile and resets the PW then reboots.
No more EFI PW.
That is rather a fairly secure method for resetting the firmware password. And way better than what I knew of past methods for resetting firmware passwords on various computers.
Nuke61 is correct, but just to clarify, that is not quite what is going on with the OP in this thread. Someone used iCloud's Find my Mac remote lock feature to lock down that machine, and that locks down the firmware like we are seeing here. Removing either the PIN lock (without the PIN) or a firmware PW will require a visit to the Apple Store on newer machines. Even on older machines (pre-2010) where removing a RAM chip would reset the PW, that still does not get around the PIN lock. The two are interconnected security features.
I use Filevault2 and a firmware password on my Macbook Air. If someone steals it they get no data and a pretty much worthless, stolen Macbook that won't work.
I bought my iMac in a local Apple Store and my sales slip was sent by email, so proof of purchase is easy, but what does someone do who bought used on EBay or locally?
Good question. I have never really talked to anybody that went to the Apple Store to do this so I don't know what they ask for as proof.
For anyone still reading this thread I have been to the Apple store in Bluewater in the UK today (Tuesday 2nd October 2013) and took my MacBook Air (mid 2012) model in as I had set a firmware password but couldn't get it to work. I purchased the MacBook Air from eBay (it was sealed when I bought it) and Apple did not ask me for any proof of purchase, they simply inspected the unit for damage, asked me to write my password down or log in and enable the Guest account, took my mobile number and had it done within 30 minutes.
I'll certainly be a lot more careful about setting such passwords in future!
This is not a very assuring practice. Basically... they just trusted you, vs requiring proof of purchase.
/Jim
Setting a FW password along with using FileVault 2 can be used to stop many types of security attacks... such as the "Evil Maid Attack" and others.
It is not perfect... but does give a pretty effective next line of security. I use FV2 + FW Passwords on all of my machines. When I need to leave my machine in a hotel room... I fully shut it down, and store it in the safe.
/Jim
While it is true that they didn't ask for any photo ID they did ask me to log in which I'm assuming that anyone smart enough to want to enable a firmware password wouldn't then be stupid enough not to have a password on their account or any other account with admin privileges, which means that if I had stolen it, in theory I wouldn't have been able to log in at all.
I'm not saying that they shouldn't have asked for some form of ID but I'm just thinking that perhaps they tried to determine of the laptop was mine using a more subtle method?! Still bad I know.
Just out of curiosity how/why is the use of a firmware password combined with a FV2 password not perfect?
I am not a crypto expert... and when I talk with experts, they make my head hurt.
I just know that security is a very tough problem... and I personally do not have faith that anything is 100% foolproof. So, I settle for doing everything reasonable under my control to make things as secure as possible. That includes:
- Using FV2
- Setting a FW password
- Fully shutting down my laptop when left "semi-unsecured", such as a hotel room safe
For a laptop, it may make sense to use a firmware password. For a desktop Mac at home, FileVault 2 should be enough, unless you're sharing with people you don't trust. All I care about is protecting the data. If the system gets stolen, all they can do is wipe the disk. If I had a firmware password it won't get me the computer back.I am not a crypto expert... and when I talk with experts, they make my head hurt.
I just know that security is a very tough problem... and I personally do not have faith that anything is 100% foolproof. So, I settle for doing everything reasonable under my control to make things as secure as possible. That includes:
/Jim
- Using FV2
- Setting a FW password
- Fully shutting down my laptop when left "semi-unsecured", such as a hotel room safe