Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Possible to login to Mac with password? Urgent Help needed
- Thread starter h2009
- Start date
- Sort by reaction score
Restart the Mac with a Leopard (or whatever OS) disk in the drive.
Click on the CD option.
At the install screen use the "Reset Password" (or something like that) tool from the Tools menu in the top bar.
Click on the CD option.
At the install screen use the "Reset Password" (or something like that) tool from the Tools menu in the top bar.
Or boot in Firewire mode (if it has firewire; press T before the display turns on), prey it does not have firmware password (in which case pressing T would do nothing) or FileVault is enabled for that user, and connect it through Firewire to another computer.
This reminds me of a post where a kid was trying to figure out how to look at his brother's internet history. I could care less what my brothers are looking at.
If you needed to know the original password to reset it then what would be the point?
Then it would just be change password.
As for what you use it for, someone is going to know you've done it as you'll now have an account with no, or a different password.
The user asking the question has been a member for a while & wanted to see the "Internet history", sounded like a concerned parent to me.
Plus AFAIK this process is on the Apple page anyway.
So can you insert any Leopard install disc or does it have to be the same one it was installed with?
The reason I ask is because this seems like a security flaw. If I could take my Leopard disc and change someones password so I can get all their personal/secure information, that's crazy!
exactly. You could install a Firware password, that would add a layer of security, but you can hack EVERYTHING.
see this for further info: http://support.apple.com/kb/HT1352
Even Apple states on there, that you can't prevent others from when they have physical access to the computer.
And this has been covered a dozens times here. I really have no idea why people don't find those threads. I mean as stated above, the OP has been a long time member, but doesn't find a topic which has been on here so many times?
What I think is required to reset the password with an install disk, is an admin password. If that is so, of course it is no security flaw (since if having an admin password, you do not even need that reset to peek into the other account's content).
I agree. I don't think you should be able to reset the password without having an administrator password.
If someone forgets their password and loses all their data, that's their own fault. I would rather that be the case than for someone to be able to reset my password so they can take all my data (or even delete it).
Resetting a Filevault account from the system disc won't give you access to the encrypted files. It simply deletes the original account and saves it as a disk image, and creates a new account with the same username.
FileVault is good to prevent someone from resetting from OS media.
Another way is if you have enabled a master FileVault password, you can reset any account's password on the Mac, including root. Another reason to make sure this master password is long (over 20 characters) but yet memorable, because forgetting it can bring a world of hurt.
Locking the firmware is another good idea. This prevents someone from booting anything but the main OS drive without a password. (Well, there are other methods to get access, but I'll leave that as an exercise for the reader.)
Finally, there is always PGP Whole Disk Encryption if one wants to keep people from even getting to the OS.
Another way is if you have enabled a master FileVault password, you can reset any account's password on the Mac, including root. Another reason to make sure this master password is long (over 20 characters) but yet memorable, because forgetting it can bring a world of hurt.
Locking the firmware is another good idea. This prevents someone from booting anything but the main OS drive without a password. (Well, there are other methods to get access, but I'll leave that as an exercise for the reader.)
Finally, there is always PGP Whole Disk Encryption if one wants to keep people from even getting to the OS.
I actually disable the Master Password on my Macs. It reduces the effective security of FileVault, and introduces yet another secret key that I have to keep track of. I'd rather just write down the damn password in the first place and not reduce the strength of the system.
That's only really a useful protection mechanism when you've got good physical security (such as a machine in a locked kiosk). Otherwise an attacker will just remove some RAM and power cycle the machine.