Is it unsafe to not use an admin password in OS X?

[MVApple]

I'm using the latest version of OS X and I don't use an admin password. So every time it asks me for my admin password I just hit enter. I realize that this means someone can come onto my computer and install something, but I'm not worried about that. I am worried about the off chance that some trojan laced program might try to install itself on my machine though.

So assuming that I'm not worried about someone installing something on my machine, do I need a password in case some program tries to install itself?

 

[r.j.s]

You should always have an admin password.

Here's a tip to keep it simple for you: Make it a pattern on your keyboard, e.g. 76tyui98 - it's complex enough to not be guessed or cracked, yet the pattern is really easier to remember.

 

[John T]

It's no effort to type in a password and after all, it's always better to be safe than sorry!

 

[Cromulent]

It's no effort to type in a password and after all, it's always better to be safe than sorry!

Heh, it is when you have 4 or 5 10+ character passwords to remember .

 

[mrkgoo]

Heh, it is when you have 4 or 5 10+ character passwords to remember .

The way the admin password works in Unix is a reason why it is more secure than Windows. I wouldn't run a computer without an admin password. I mean, really, how much does it save you? If you are doing a reinstall and it's annoying, for sure, turn it off, but afterwards reinstate it. Even if it is just one key.

 

[Trip.Tucker]

Heh, it is when you have 4 or 5 10+ character passwords to remember .

That's what Keychain is for.

 

[marbles]

Is it unsafe to not use an admin password in OS X

Yes.

 

[Cromulent]

The way the admin password works in Unix is a reason why it is more secure than Windows. I wouldn't run a computer without an admin password. I mean, really, how much does it save you? If you are doing a reinstall and it's annoying, for sure, turn it off, but afterwards reinstate it. Even if it is just one key.

Did I ever state that not using an admin password was the right thing to do? No, I didn't. I mearly responded to a post stating that remembering 4 or 5 10+ character passwords is not easy.

 

[mlts22]

With passwords, length is 80% of the equation, quality (numbers, caps/lower case, symbols) is about 20%. It is far better to have something easy to remember that is longer than something that is seemingly random, shorter, but hard to keep in memory.

 

[sidewinder]

You can't use the "sudo" command in the Terminal program if you do not have an administrator password.

S-

 

[ppc750fx]

That's what Keychain is for.

Ah, the "all my eggs in one poorly-secured basket" approach.

You can configure the keychain to be secure, but in its default configuration depending on it to manage all your passwords is one of the worst things you can do from a security standpoint.

To the OP: what you are currently doing is, to put it gently, stupidly insecure. Using a blank root password completely undermines every single one of the protection measures that OS X has (with the possible exception of seatbelt.) It makes you vulnerable to local and remote attacks as well as trojans. It makes it trivial to decrypt any encrypted volumes you may have mounted. It makes it trivial to retrieve everything in your keychain. It even makes it easier to compromise the security and privacy of SSL-secured connections -- ones like you might make to, say, your bank.

Stop reading this post, and go add a password to your admin account. Seriously.

 

[portent]

You can configure the keychain to be secure, but in its default configuration depending on it to manage all your passwords is one of the worst things you can do from a security standpoint.

Please expand upon this statement.

The primary purpose of passwords is to prevent remote (hackers) or automated (trojan/worm) attacks. Human attackers with physical access can easily defeat passwords. The primary problem with passwords is that they're too hard to remember, so people use weak ones.

The Keychain solves this problem by allowing you to use strong passwords without having to remember them.

Against remote attacks, or trojans/worms/etc, the Keychain is quite secure. A malicous program cannot get access to the Keychain except with the permission of the logged-in user.

Of course, the logged-in user can get access to anything, but if your computer is in the hands of a malicious person, then you're screwed anyway.

 

[ppc750fx]

Please expand upon this statement.

Sure.

In its default configuration, the 'login' keychain is always unlocked. This is convenient for applications because it means that they can access it without prompting you.

According to SubRosaSoft, however, that very setting can be exploited to recover everything in the keychain, even from a Mac that's been put to sleep. Now I don't have ready access to MacLockPick, so I can't elaborate on exactly why it's able to do what it does, but my bet is that if a commercial software developer has figured out how to exploit that setting that the blackhats also have a pretty good idea.

It gets worse though. When last I heard (2008), loginwindow.app didn't purge the login password from memory. Since by default the login password is also used as the keychain password, any app that can get access to the memory address where it's stored will have access to the keychain. Getting access to that memory might be tricky, but it's not impossible (anything that's got root permissions or is doing DMA can do it).

So yeah, maybe "one of the worst things you can do from a security standpoint" was a bit harsh, but it's still, at least in my opinion, a pretty bad idea. IMO a false sense of security is far worse than a lack of security.

The Keychain solves this problem by allowing you to use strong passwords without having to remember them.

I disagree. The Keychain simply changes the attack surface by giving your security a single point of failure. An attacker seeking to gain control of, say, your e-mail accounts no longer has to guess each password individually -- he just has to guess a single password, after which he has access to your e-mail, stored web site passwords, secure notes, and more. I'd argue that's a more dangerous proposition.

 

[portent]

In its default configuration, the 'login' keychain is always unlocked. This is convenient for applications because it means that they can access it without prompting you.

Normally, an application can only access its own information. Indeed, something as simple as a version bump in an appliation will require re-authorization.

According to SubRosaSoft, however, that very setting can be exploited to recover everything in the keychain, even from a Mac that's been put to sleep. Now I don't have ready access to MacLockPick, so I can't elaborate on exactly why it's able to do what it does, but my bet is that if a commercial software developer has figured out how to exploit that setting that the blackhats also have a pretty good idea.

The system they use involves physical access and a hardware device. As I've said, nothing (except for full-disk encryption) can protect against an attacker with physical access, so I consider this to be a largely academic issue.

It gets worse though. When last I heard (2008), loginwindow.app didn't purge the login password from memory. Since by default the login password is also used as the keychain password, any app that can get access to the memory address where it's stored will have access to the keychain. Getting access to that memory might be tricky, but it's not impossible (anything that's got root permissions or is doing DMA can do it).[/QUOTE]This was supposedly fixed in a security update. Besides, if an attcker a root password, or access to hardware (DMA) then the user password is once again pretty academic.

So yeah, maybe "one of the worst things you can do from a security standpoint" was a bit harsh, but it's still, at least in my opinion, a pretty bad idea. IMO a false sense of security is far worse than a lack of security.

You're welcome to your opinion, but I still disagree. I think that the Keychain is a useful tool, one that carries more security benefits than risks. Certainly it (and many other aspects of security in OS X) could be improved upon.

The Keychain simply changes the attack surface by giving your security a single point of failure. An attacker seeking to gain control of, say, your e-mail accounts no longer has to guess each password individually -- he just has to guess a single password, after which he has access to your e-mail, stored web site passwords, secure notes, and more. I'd argue that's a more dangerous proposition.

On the other hand, I feel that attacking the Keycahin to get at (say) an email account is like breaking into my house to steal the lawn gnome in the front yard.

 

[mrkgoo]

Did I ever state that not using an admin password was the right thing to do? No, I didn't. I mearly responded to a post stating that remembering 4 or 5 10+ character passwords is not easy.

Sorry, I didn't mean to quote you, it was an accident! I was referring to the OP.