Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Question about OS X and keychain - if stolen do thieves get access to all files?

EvryDayImShufln

EvryDayImShufln

macrumors 65816
Original poster
Sep 18, 2006
1,094
1
Hey, I've looked around a bit for answers to this question, but as it's not exactly one-dimensional a precise answer would be best.

I'm basically wondering this: if a mac laptop is stolen or something, for example, can the thief reset the password using an OS X disk, then log into the account and into Keychain using the newly selected password and unlock access to all the other passwords? At this point, they could log into emails, social sites, finance sites (if passwords are saved), etc, essentially access EVERYTHING.

I really hope this isn't the case, but it seems to me that it is from what I know (though I never tried this on my own macbook). A second part of my question is (if this is true) are there any ways to fully block out access to Keychain or prevent this from happening in other ways? I would activate encryption (FileVault) but performance takes a huge hit and as such can't really do so.

Thanks in advance for your answers!
 
Once someone has physical access to your computer, all bets are off. You can safely assume that they can get access to anything on your computer. Encrypting your hard drive would be a big help in security, but even then, I wouldn't guarantee 100% protection. You're better off controlling who has access to your computer.
 
GGJstudios said:
Once someone has physical access to your computer, all bets are off. You can safely assume that they can get access to anything on your computer. Encrypting your hard drive would be a big help in security, but even then, I wouldn't guarantee 100% protection. You're better off controlling who has access to your computer.
Click to expand...

I'd understand if somebody who had software and knew what they were doing could get access to everything, but I'd just like to know how difficult it is with using an OS X disk. It seems that a child could borderline get access right now.
 
Two things you can do that will make your computer secure. Install Lion and enable Filevault2. That encrypts the entire drive and if you use a strong password nobody is going to crack that.

As a second layer of protection, go into the Keychain app and change the settings so it does not use the same password as the user login. So even if someone did crack Filevault2, they would still need to guess your Keychain password to get website logins etc.
 
Passwords stored in the keychain file are encrypted and require the password to unlock before they can be read. The LOGIN keychain is usually protected with your account password. So outside of brute force attacks to figure out the password (or reading the sticky note you put on your monitor :) ), there isn't an easy way to extract the passwords out of the keychain file.

But using Filevault2 would be recommended if you're very worried about keeping things out of prying eyes.
 
Weaselboy said:
Two things you can do that will make your computer secure. Install Lion and enable Filevault2. That encrypts the entire drive and if you use a strong password nobody is going to crack that.

As a second layer of protection, go into the Keychain app and change the settings so it does not use the same password as the user login. So even if someone did crack Filevault2, they would still need to guess your Keychain password to get website logins etc.
Click to expand...

Thanks, that's a good tip, didn't realize I could change the keychain access password! As much as I'd love to enable filevault I can't really afford the performance hit. But this is already a good start. Though for some reason when apps want to use my keychain it still accepts my user password (???)

iVoid said:
Passwords stored in the keychain file are encrypted and require the password to unlock before they can be read. The LOGIN keychain is usually protected with your account password. So outside of brute force attacks to figure out the password (or reading the sticky note you put on your monitor :) ), there isn't an easy way to extract the passwords out of the keychain file.

But using Filevault2 would be recommended if you're very worried about keeping things out of prying eyes.
Click to expand...

Thanks for your reply! Good to know its encrypted, but the issue here is that by resetting the master password using an OS X disk they would still gain access to my keychain if Filevault2 wasn't activated.
 
EvryDayImShufln said:
Thanks, that's a good tip, didn't realize I could change the keychain access password! As much as I'd love to enable filevault I can't really afford the performance hit. But this is already a good start. Though for some reason when apps want to use my keychain it still accepts my user password (???)
Click to expand...

Start Keychain and go to the prefs pane and UNcheck the two boxes I marked in my screen cap. Then in the Keychain edit menu reset the Keychain password to something different than your user login password. Then quit Keychain.

Now logout then back in and after you enter your user password you will get a separate popup to enter your Keychain password each time you login.

20120108-f47a9ccbh1tkgx7ryhqu1iufs3.jpg


You might turn on Filevault2 and give it a try. It is easy to turn off if you find it slows your system. I use it on my 2010 iMac and I don't notice any speed hit at all.

Another thing you can do is set a EFI (firmware) password so nobody can get to the Lion Recovery partition to reset your password. Reboot and command-R to get in recovery partition and one of the menu choices (I think it is Utilites...) has a EFI password utility. Set an EFI password and a thief will not be able to boot to Lion recovery or a boot CD/image to reset your password.

So you would have EFI password protected, Filevault2 for full disk encryption and a second layer with a separate Keychain password.
 
Weaselboy said:
Start Keychain and go to the prefs pane and UNcheck the two boxes I marked in my screen cap. Then in the Keychain edit menu reset the Keychain password to something different than your user login password. Then quit Keychain.

Now logout then back in and after you enter your user password you will get a separate popup to enter your Keychain password each time you login.

Image

You might turn on Filevault2 and give it a try. It is easy to turn off if you find it slows your system. I use it on my 2010 iMac and I don't notice any speed hit at all.

Another thing you can do is set a EFI (firmware) password so nobody can get to the Lion Recovery partition to reset your password. Reboot and command-R to get in recovery partition and one of the menu choices (I think it is Utilites...) has a EFI password utility. Set an EFI password and a thief will not be able to boot to Lion recovery or a boot CD/image to reset your password.

So you would have EFI password protected, Filevault2 for full disk encryption and a second layer with a separate Keychain password.
Click to expand...

Now this is more like it! Thanks!
 
EvryDayImShufln said:
Thanks for your reply! Good to know its encrypted, but the issue here is that by resetting the master password using an OS X disk they would still gain access to my keychain if Filevault2 wasn't activated.
Click to expand...

I don't recall the password reset tool allowing you to reset a login keychain password.
It will allow you reset the password for admin accounts, but that doesn't change the login keychain password.

This has been my experience with Snow Leopard at least, don't know if they changed it with Lion.
 
iVoid said:
I don't recall the password reset tool allowing you to reset a login keychain password.
It will allow you reset the password for admin accounts, but that doesn't change the login keychain password.

This has been my experience with Snow Leopard at least, don't know if they changed it with Lion.
Click to expand...

I was under the impression the default keychain password was indeed the login password for the administrator. I could be wrong, though I don't recall ever specifically setting a keychain password in the past and it was the same (now I've changed it so that issue is taken care of!).
 
EvryDayImShufln said:
I was under the impression the default keychain password was indeed the login password for the administrator. I could be wrong, though I don't recall ever specifically setting a keychain password in the past and it was the same (now I've changed it so that issue is taken care of!).
Click to expand...

The default is indeed the login password. It can be changed manually, but if you don't change the default settings, the keychain is unlocked automatically at login and uses the same password.

In the situation mentioned, however, the keychain password is not changed when the admin password is changed through the Reset Password tool (it is changed if you change your password through System Preferences, however). This is a security measure to make sure that someone who resets your admin password can't get all your other passwords (since it's fairly easy to do).

jW
 
Mal said:
The default is indeed the login password. It can be changed manually, but if you don't change the default settings, the keychain is unlocked automatically at login and uses the same password.

In the situation mentioned, however, the keychain password is not changed when the admin password is changed through the Reset Password tool (it is changed if you change your password through System Preferences, however). This is a security measure to make sure that someone who resets your admin password can't get all your other passwords (since it's fairly easy to do).

jW
Click to expand...

Ah perfect, thanks for the tip!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back