Question about OS X and keychain - if stolen do thieves get access to all files?

Discussion in 'Mac OS X Lion (10.7)' started by EvryDayImShufln, Jan 2, 2012.

  1. EvryDayImShufln macrumors 65816

    EvryDayImShufln

    Joined:
    Sep 18, 2006
    #1
    Hey, I've looked around a bit for answers to this question, but as it's not exactly one-dimensional a precise answer would be best.

    I'm basically wondering this: if a mac laptop is stolen or something, for example, can the thief reset the password using an OS X disk, then log into the account and into Keychain using the newly selected password and unlock access to all the other passwords? At this point, they could log into emails, social sites, finance sites (if passwords are saved), etc, essentially access EVERYTHING.

    I really hope this isn't the case, but it seems to me that it is from what I know (though I never tried this on my own macbook). A second part of my question is (if this is true) are there any ways to fully block out access to Keychain or prevent this from happening in other ways? I would activate encryption (FileVault) but performance takes a huge hit and as such can't really do so.

    Thanks in advance for your answers!
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    Once someone has physical access to your computer, all bets are off. You can safely assume that they can get access to anything on your computer. Encrypting your hard drive would be a big help in security, but even then, I wouldn't guarantee 100% protection. You're better off controlling who has access to your computer.
     
  3. EvryDayImShufln thread starter macrumors 65816

    EvryDayImShufln

    Joined:
    Sep 18, 2006
    #3
    I'd understand if somebody who had software and knew what they were doing could get access to everything, but I'd just like to know how difficult it is with using an OS X disk. It seems that a child could borderline get access right now.
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    Two things you can do that will make your computer secure. Install Lion and enable Filevault2. That encrypts the entire drive and if you use a strong password nobody is going to crack that.

    As a second layer of protection, go into the Keychain app and change the settings so it does not use the same password as the user login. So even if someone did crack Filevault2, they would still need to guess your Keychain password to get website logins etc.
     
  5. iVoid macrumors 65816

    Joined:
    Jan 9, 2007
    #5
    Passwords stored in the keychain file are encrypted and require the password to unlock before they can be read. The LOGIN keychain is usually protected with your account password. So outside of brute force attacks to figure out the password (or reading the sticky note you put on your monitor :) ), there isn't an easy way to extract the passwords out of the keychain file.

    But using Filevault2 would be recommended if you're very worried about keeping things out of prying eyes.
     
  6. EvryDayImShufln thread starter macrumors 65816

    EvryDayImShufln

    Joined:
    Sep 18, 2006
    #6
    Thanks, that's a good tip, didn't realize I could change the keychain access password! As much as I'd love to enable filevault I can't really afford the performance hit. But this is already a good start. Though for some reason when apps want to use my keychain it still accepts my user password (???)

    Thanks for your reply! Good to know its encrypted, but the issue here is that by resetting the master password using an OS X disk they would still gain access to my keychain if Filevault2 wasn't activated.
     
  7. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #7
    Start Keychain and go to the prefs pane and UNcheck the two boxes I marked in my screen cap. Then in the Keychain edit menu reset the Keychain password to something different than your user login password. Then quit Keychain.

    Now logout then back in and after you enter your user password you will get a separate popup to enter your Keychain password each time you login.

    [​IMG]

    You might turn on Filevault2 and give it a try. It is easy to turn off if you find it slows your system. I use it on my 2010 iMac and I don't notice any speed hit at all.

    Another thing you can do is set a EFI (firmware) password so nobody can get to the Lion Recovery partition to reset your password. Reboot and command-R to get in recovery partition and one of the menu choices (I think it is Utilites...) has a EFI password utility. Set an EFI password and a thief will not be able to boot to Lion recovery or a boot CD/image to reset your password.

    So you would have EFI password protected, Filevault2 for full disk encryption and a second layer with a separate Keychain password.
     
  8. EvryDayImShufln thread starter macrumors 65816

    EvryDayImShufln

    Joined:
    Sep 18, 2006
    #8
    Now this is more like it! Thanks!
     
  9. iVoid macrumors 65816

    Joined:
    Jan 9, 2007
    #9
    I don't recall the password reset tool allowing you to reset a login keychain password.
    It will allow you reset the password for admin accounts, but that doesn't change the login keychain password.

    This has been my experience with Snow Leopard at least, don't know if they changed it with Lion.
     
  10. EvryDayImShufln thread starter macrumors 65816

    EvryDayImShufln

    Joined:
    Sep 18, 2006
    #10
    I was under the impression the default keychain password was indeed the login password for the administrator. I could be wrong, though I don't recall ever specifically setting a keychain password in the past and it was the same (now I've changed it so that issue is taken care of!).
     
  11. Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #11
    The default is indeed the login password. It can be changed manually, but if you don't change the default settings, the keychain is unlocked automatically at login and uses the same password.

    In the situation mentioned, however, the keychain password is not changed when the admin password is changed through the Reset Password tool (it is changed if you change your password through System Preferences, however). This is a security measure to make sure that someone who resets your admin password can't get all your other passwords (since it's fairly easy to do).

    jW
     
  12. EvryDayImShufln thread starter macrumors 65816

    EvryDayImShufln

    Joined:
    Sep 18, 2006
    #12
    Ah perfect, thanks for the tip!
     

Share This Page