Non-password based authentication for Mac?

Discussion in 'macOS' started by Polydactyl, Apr 24, 2011.

  1. Polydactyl macrumors member

    Joined:
    Oct 25, 2009
    #1
    I'm looking at different ways to lock/unlock my Mac. I've been using a program called Proximity to detect my iPhone via Bluetooth and lock/unlock when the phone moves in and out of BT range. Unfortunately, the unlock requires an Applescript file with the password stored in plain text.

    What else is there? I've found a few things (LemonKey, Airlock), but nothing that works as advertised or without some kind of fatal flaw. I'm thinking along the lines of:

    Facial recognition
    USB token
    Fingerprint reader
    Bluetooth (a la Proximity)

    No major requirement for this...I've just had it with passwords.
     
  2. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
  3. Jolly Jimmy macrumors 65816

    Jolly Jimmy

    Joined:
    Dec 13, 2007
    #3
    You could try saving the applescript as run only. That way there is no way to access the underlying code containing the password.
     
  4. Polydactyl thread starter macrumors member

    Joined:
    Oct 25, 2009
    #4
    Jolly Jimmy: I didn't see a way to do this through the GUI. Are you referring to the CHMOD?

    Miles: Interesting. Any first hand experience with this?
     
  5. Ommid macrumors 6502

    Joined:
    Oct 27, 2008
    #5
    Bit risky if it goes wrong, imagine if you had a shave one day....
     
  6. Jolly Jimmy macrumors 65816

    Jolly Jimmy

    Joined:
    Dec 13, 2007
    #6
    When saving the applescript tick the "Run Only" box.
     

    Attached Files:

  7. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #7
    Yes. It works as well as you'd expect a non-dedicated biometric device to work (about 75% success on the first try, 90% on the second).
     
  8. Polydactyl thread starter macrumors member

    Joined:
    Oct 25, 2009
    #8
    Doh! I used CHMOD to change permissions to execute only but that didn't work. Your solution was obviously much simpler and works nicely. Thanks.

    BTW, is there any way to turn off run only if I ever need to change the script?
     
  9. Jolly Jimmy macrumors 65816

    Jolly Jimmy

    Joined:
    Dec 13, 2007
    #9
    No, once it's saved you can't access or edit the contents at all.
     
  10. Polydactyl, Apr 25, 2011
    Last edited: Apr 25, 2011

    Polydactyl thread starter macrumors member

    Joined:
    Oct 25, 2009
    #10
    Good thing I'm a firm believer in backups!

    Edit: Actually, I just figured out I could still open the script in textedit. Most of it came up as gobbledygook, but there was my password in plain text! Used CHMOD to make it read only, only to me. Still bugs me a little bit, but slightly more secure than before (but still less secure than just not having my password contained in any file.)
     
  11. bender o macrumors 6502

    bender o

    Joined:
    Mar 14, 2009
    #11
    Actually they fixed having to put your password in plain text http://hints.macworld.com/article.php?story=20091221173111783

    My problem now is when I close my Macbook Pro and I have my iPhone connected, if I leave you can just open it and it won't ask for the password until it realizes you're gone and close the mac again, is there a way to fix this? The whole point I use a password is in case it gets stolen but with this bug the thief could just open my mac and never close it again and he'll never have to enter the password.
     
  12. spidey3 macrumors regular

    Joined:
    Jul 1, 2010
    #12
    Fingerprint-based security is fundamentally flawed. It is trivial to lift your fingerprint off on anything you have touched [notably your keyboard or monitor], and then use this to spoof the fingerprint reader.

    See this Mythbusters segment.

    Josh
     
  13. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #13
    It is no more or less flawed than any other authentication method against a determined attacker. Also, Mythbusters should not be used to support any argument. It is entertainment, not science.
     
  14. spidey3 macrumors regular

    Joined:
    Jul 1, 2010
    #14
    Mythbusters episode shown as an example of spoofing, simply because it was convenient. The result has been replicated see http://www.washjeff.edu/users/ahollandminkley/Biometric/index.html, http://stdot.com/pub/ffs_article_asten_akaseva.pdf and many others findable via Google.

    If you want to be truly secure, you need to have good physical security, all data encrypted [e.g. using FileVault] and some kind of two-factor authentication - requiring at least two of the following to allow login and decrypt data:

    • Something you know (e.g. a password)
    • Something you have (e.g. a token)
    • Something you are (e.g. some biometric info)
    Password and token work pretty well [this is what we do at my work]. Most biometric info fails because it is easily copied: We leave fingerprints on everything we touch, a photograph can be used to spoof facial recognition, an audio recording can spoof voice recognition, etc...
     

Share This Page