Is it unsafe to not use an admin password in OS X?

Discussion in 'macOS' started by MVApple, Feb 15, 2009.

  1. MVApple macrumors 6502a

    Joined:
    Jul 18, 2008
    #1
    I'm using the latest version of OS X and I don't use an admin password. So every time it asks me for my admin password I just hit enter. I realize that this means someone can come onto my computer and install something, but I'm not worried about that. I am worried about the off chance that some trojan laced program might try to install itself on my machine though.

    So assuming that I'm not worried about someone installing something on my machine, do I need a password in case some program tries to install itself?
     
  2. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #2
    You should always have an admin password.

    Here's a tip to keep it simple for you: Make it a pattern on your keyboard, e.g. 76tyui98 - it's complex enough to not be guessed or cracked, yet the pattern is really easier to remember.
     
  3. John T macrumors 68020

    John T

    Joined:
    Mar 18, 2006
    Location:
    UK.
    #3
    It's no effort to type in a password and after all, it's always better to be safe than sorry!
     
  4. Cromulent macrumors 603

    Cromulent

    Joined:
    Oct 2, 2006
    Location:
    The Land of Hope and Glory
    #4
    Heh, it is when you have 4 or 5 10+ character passwords to remember :).
     
  5. mrkgoo macrumors 65816

    Joined:
    Aug 18, 2005
    #5
    The way the admin password works in Unix is a reason why it is more secure than Windows. I wouldn't run a computer without an admin password. I mean, really, how much does it save you? If you are doing a reinstall and it's annoying, for sure, turn it off, but afterwards reinstate it. Even if it is just one key.
     
  6. Trip.Tucker Guest

    Joined:
    Mar 13, 2008
    #6
    That's what Keychain is for.
     
  7. marbles macrumors 68000

    marbles

    Joined:
    Apr 30, 2008
    Location:
    EU mostly
    #7
    Yes.
     
  8. Cromulent macrumors 603

    Cromulent

    Joined:
    Oct 2, 2006
    Location:
    The Land of Hope and Glory
    #8
    Did I ever state that not using an admin password was the right thing to do? No, I didn't. I mearly responded to a post stating that remembering 4 or 5 10+ character passwords is not easy.
     
  9. mlts22 macrumors 6502a

    Joined:
    Oct 28, 2008
    #9
    With passwords, length is 80% of the equation, quality (numbers, caps/lower case, symbols) is about 20%. It is far better to have something easy to remember that is longer than something that is seemingly random, shorter, but hard to keep in memory.
     
  10. sidewinder macrumors 68020

    sidewinder

    Joined:
    Dec 10, 2008
    Location:
    Northern California
    #10
    You can't use the "sudo" command in the Terminal program if you do not have an administrator password.

    S-
     
  11. ppc750fx macrumors 65816

    Joined:
    Aug 20, 2008
    #11
    Ah, the "all my eggs in one poorly-secured basket" approach. :)

    You can configure the keychain to be secure, but in its default configuration depending on it to manage all your passwords is one of the worst things you can do from a security standpoint.

    To the OP: what you are currently doing is, to put it gently, stupidly insecure. Using a blank root password completely undermines every single one of the protection measures that OS X has (with the possible exception of seatbelt.) It makes you vulnerable to local and remote attacks as well as trojans. It makes it trivial to decrypt any encrypted volumes you may have mounted. It makes it trivial to retrieve everything in your keychain. It even makes it easier to compromise the security and privacy of SSL-secured connections -- ones like you might make to, say, your bank.

    Stop reading this post, and go add a password to your admin account. Seriously.
     
  12. portent macrumors 6502a

    Joined:
    Feb 17, 2004
    #12
    Please expand upon this statement.

    The primary purpose of passwords is to prevent remote (hackers) or automated (trojan/worm) attacks. Human attackers with physical access can easily defeat passwords. The primary problem with passwords is that they're too hard to remember, so people use weak ones.

    The Keychain solves this problem by allowing you to use strong passwords without having to remember them.

    Against remote attacks, or trojans/worms/etc, the Keychain is quite secure. A malicous program cannot get access to the Keychain except with the permission of the logged-in user.

    Of course, the logged-in user can get access to anything, but if your computer is in the hands of a malicious person, then you're screwed anyway.
     
  13. ppc750fx macrumors 65816

    Joined:
    Aug 20, 2008
    #13
    Sure.

    In its default configuration, the 'login' keychain is always unlocked. This is convenient for applications because it means that they can access it without prompting you.

    According to SubRosaSoft, however, that very setting can be exploited to recover everything in the keychain, even from a Mac that's been put to sleep. Now I don't have ready access to MacLockPick, so I can't elaborate on exactly why it's able to do what it does, but my bet is that if a commercial software developer has figured out how to exploit that setting that the blackhats also have a pretty good idea.

    It gets worse though. When last I heard (2008), loginwindow.app didn't purge the login password from memory. Since by default the login password is also used as the keychain password, any app that can get access to the memory address where it's stored will have access to the keychain. Getting access to that memory might be tricky, but it's not impossible (anything that's got root permissions or is doing DMA can do it).

    So yeah, maybe "one of the worst things you can do from a security standpoint" was a bit harsh, but it's still, at least in my opinion, a pretty bad idea. IMO a false sense of security is far worse than a lack of security.

    I disagree. The Keychain simply changes the attack surface by giving your security a single point of failure. An attacker seeking to gain control of, say, your e-mail accounts no longer has to guess each password individually -- he just has to guess a single password, after which he has access to your e-mail, stored web site passwords, secure notes, and more. I'd argue that's a more dangerous proposition.
     
  14. portent macrumors 6502a

    Joined:
    Feb 17, 2004
    #14
    Normally, an application can only access its own information. Indeed, something as simple as a version bump in an appliation will require re-authorization.

    The system they use involves physical access and a hardware device. As I've said, nothing (except for full-disk encryption) can protect against an attacker with physical access, so I consider this to be a largely academic issue.

    It gets worse though. When last I heard (2008), loginwindow.app didn't purge the login password from memory. Since by default the login password is also used as the keychain password, any app that can get access to the memory address where it's stored will have access to the keychain. Getting access to that memory might be tricky, but it's not impossible (anything that's got root permissions or is doing DMA can do it).[/QUOTE]This was supposedly fixed in a security update. Besides, if an attcker a root password, or access to hardware (DMA) then the user password is once again pretty academic.

    You're welcome to your opinion, but I still disagree. I think that the Keychain is a useful tool, one that carries more security benefits than risks. Certainly it (and many other aspects of security in OS X) could be improved upon.

    On the other hand, I feel that attacking the Keycahin to get at (say) an email account is like breaking into my house to steal the lawn gnome in the front yard.
     
  15. mrkgoo macrumors 65816

    Joined:
    Aug 18, 2005
    #15
    Sorry, I didn't mean to quote you, it was an accident! I was referring to the OP.
     

Share This Page