Target Disk Mode & Security

Discussion in 'macOS' started by Let's Sekuhara!, Aug 4, 2008.

  1. Let's Sekuhara! macrumors 6502

    Let's Sekuhara!

    Joined:
    Jun 30, 2008
    Location:
    日本
    #1
    I recently was surprised to learn that Target Disk Mode doesn't prompt for a password, even if a password is normally required to log in to that computer.

    So after doing some research I've come to realize that in order to fully secure the data on my machine I will need to set an open firmware password.

    This page explains the process for setting such a password.
    http://support.apple.com/kb/HT1352

    But if I do this is it going to prompt me for the firmware password in addition an account password every time I start up my computer? Because that would be annoying.

    Also, is there anything else I should know before going ahead with this? I find it strange that it's not a setting that can be changed in System Prefs, and even more unusual that (in Leopard at least) it requires booting from the install disc to set the password. Am I understanding this correctly?
     
  2. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #2
    You can bypass an account password by enabling "Automatic login" in System Preferences > Accounts > Login Options.
     
  3. iShater macrumors 604

    iShater

    Joined:
    Aug 13, 2002
    Location:
    Chicagoland
    #3
    Which is a very bad idea, especially that most people have their main account with admin privileges.

    Vote NO to Automatic Login! :D
     
  4. Tosser macrumors 68030

    Joined:
    Jan 15, 2008
    #4
    Before you go the route of using open firmware password protection, you might want to consider this:

    Well, I thought you might wanted to know.
     
  5. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #5
    Which is not a problem if you have a firmware password enabled.
     
  6. Let's Sekuhara! thread starter macrumors 6502

    Let's Sekuhara!

    Joined:
    Jun 30, 2008
    Location:
    日本
    #6
    OK, so I can just use auto-login in conjunction with a firmware pswd and there will be just one pswd to type. Good.

    I've booted from a disc using the "C" key maybe once in my life.
    I don't know what a NetBoot server is, so I'm sure I won't need the "N" key command.
    I don't think I've ever used Verbose mode, nor can I recall what it is.
    I've never had to reset the PRAM.
    I don't know exactly what the Startup Manager does.


    So I won't need to use any of those features. But I will need to use Target Disk Mode. Here's the deciding factor: does it completely forbid the use of those features or does it simply require that you enter the firmware password in order to use them?
     
  7. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #7
    You might want to read this article: Link

    Based on my interpretation, it completely blocks the use of those features.
     
  8. BaldiMac macrumors 604

    BaldiMac

    Joined:
    Jan 24, 2008
    #8
    A firmware password is not going to "fully secure the data" on your machine. The data would remain unencrypted.

    To encrypt your data, simply enable FileVault for your home folder.
     
  9. kolax macrumors G3

    kolax

    Joined:
    Mar 20, 2007
    #9
    Anyone could unhook the hard drive from your Mac and mount it if they wanted to (assuming you had valuable data on it and it got nicked).

    File vault I don't know too much about - it caused slowdowns in previous versions of OSX, and I've never used it myself.
     
  10. durija macrumors 6502

    Joined:
    Jan 16, 2008
    Location:
    Seattle
    #10
    Maybe there is a totally different to accomplish your goal. How much of your data is that sensitive? Maybe you could put it all in a sparseimage. I don't think there is any way to break into a sparse image without the password. I'm sure someone will correct me if I am wrong.
     
  11. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #11
    An AES-256 sparse image uses the same encryption that Filevault does, so yes, it's generally just as secure for data inside it. You just have to make sure nothing you consider sensitive is stored outside, e.g. in your library folder (caches, etc). If security is a legitimate issue (HIPAA, legal concerns, etc), Filevault plus the other related security options (secure VM, etc) are the best option.
     
  12. alphaod macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    NYC
    #12
    Whatever encryption you use, don't forget to keep your private keys safe.
     
  13. Let's Sekuhara! thread starter macrumors 6502

    Let's Sekuhara!

    Joined:
    Jun 30, 2008
    Location:
    日本
    #13
    Yeah, if File Vault causes slow downs it's out of the question. I guess I'm just surprised that it's not easier to protect your data. There's not much point in having a password on your account at all if Target Disk Mode is a back door that any Mac user with a firewire cable can use to bypass it.

    I'm not keeping legally sensitive data or govt secrets or anything. It's just that I like to store my passwords in my web browser. That includes passwords to my email and bank account etc. So if I can secure my OS X user account then I don't have to remember 15billion passwords in order protect myself. Hence Target Disk Mode vulnerability concerns me.

    Am I the only one?
     
  14. durija macrumors 6502

    Joined:
    Jan 16, 2008
    Location:
    Seattle
    #14
    I keep passwords and in a spread sheet and put them inside a sparseimage. That might work for you as well, OP
     
  15. Let's Sekuhara! thread starter macrumors 6502

    Let's Sekuhara!

    Joined:
    Jun 30, 2008
    Location:
    日本
    #15
    That brings up a good point. Yes, if there is a practical way to keep just my stored passwords safe then I wouldn't need to be as concerned. Any advice on best practices for that?
     
  16. kolax macrumors G3

    kolax

    Joined:
    Mar 20, 2007
    #16
    For my bank password, I have a few small letters about the wall of my room, left to right in random places.

    Lot of effort, but no one could even see them unless they knew where to look. And there is like 15 of them!
     
  17. iShater macrumors 604

    iShater

    Joined:
    Aug 13, 2002
    Location:
    Chicagoland
    #17
    Umm ... Keychain might be what you are looking for.

    I use FileVault, while I am sure it adds some overhead, my system is still running fine, and I feel better that if it gets lost/stolen, my passwords/quicken/etc. won't be easy reading for anybody.

    There is a balance between security and convenience, and you have to find the balance that makes you happy. MacWorld had a whole security article a few months back, they went into details about all this stuff.
     

Share This Page