I recently was surprised to learn that Target Disk Mode doesn't prompt for a password, even if a password is normally required to log in to that computer. So after doing some research I've come to realize that in order to fully secure the data on my machine I will need to set an open firmware password. This page explains the process for setting such a password. http://support.apple.com/kb/HT1352 But if I do this is it going to prompt me for the firmware password in addition an account password every time I start up my computer? Because that would be annoying. Also, is there anything else I should know before going ahead with this? I find it strange that it's not a setting that can be changed in System Prefs, and even more unusual that (in Leopard at least) it requires booting from the install disc to set the password. Am I understanding this correctly?
You can bypass an account password by enabling "Automatic login" in System Preferences > Accounts > Login Options.
Which is a very bad idea, especially that most people have their main account with admin privileges. Vote NO to Automatic Login!
Before you go the route of using open firmware password protection, you might want to consider this: Well, I thought you might wanted to know.
OK, so I can just use auto-login in conjunction with a firmware pswd and there will be just one pswd to type. Good. I've booted from a disc using the "C" key maybe once in my life. I don't know what a NetBoot server is, so I'm sure I won't need the "N" key command. I don't think I've ever used Verbose mode, nor can I recall what it is. I've never had to reset the PRAM. I don't know exactly what the Startup Manager does. So I won't need to use any of those features. But I will need to use Target Disk Mode. Here's the deciding factor: does it completely forbid the use of those features or does it simply require that you enter the firmware password in order to use them?
You might want to read this article: Link Based on my interpretation, it completely blocks the use of those features.
A firmware password is not going to "fully secure the data" on your machine. The data would remain unencrypted. To encrypt your data, simply enable FileVault for your home folder.
Anyone could unhook the hard drive from your Mac and mount it if they wanted to (assuming you had valuable data on it and it got nicked). File vault I don't know too much about - it caused slowdowns in previous versions of OSX, and I've never used it myself.
Maybe there is a totally different to accomplish your goal. How much of your data is that sensitive? Maybe you could put it all in a sparseimage. I don't think there is any way to break into a sparse image without the password. I'm sure someone will correct me if I am wrong.
An AES-256 sparse image uses the same encryption that Filevault does, so yes, it's generally just as secure for data inside it. You just have to make sure nothing you consider sensitive is stored outside, e.g. in your library folder (caches, etc). If security is a legitimate issue (HIPAA, legal concerns, etc), Filevault plus the other related security options (secure VM, etc) are the best option.
Yeah, if File Vault causes slow downs it's out of the question. I guess I'm just surprised that it's not easier to protect your data. There's not much point in having a password on your account at all if Target Disk Mode is a back door that any Mac user with a firewire cable can use to bypass it. I'm not keeping legally sensitive data or govt secrets or anything. It's just that I like to store my passwords in my web browser. That includes passwords to my email and bank account etc. So if I can secure my OS X user account then I don't have to remember 15billion passwords in order protect myself. Hence Target Disk Mode vulnerability concerns me. Am I the only one?
I keep passwords and in a spread sheet and put them inside a sparseimage. That might work for you as well, OP
That brings up a good point. Yes, if there is a practical way to keep just my stored passwords safe then I wouldn't need to be as concerned. Any advice on best practices for that?
For my bank password, I have a few small letters about the wall of my room, left to right in random places. Lot of effort, but no one could even see them unless they knew where to look. And there is like 15 of them!
Umm ... Keychain might be what you are looking for. I use FileVault, while I am sure it adds some overhead, my system is still running fine, and I feel better that if it gets lost/stolen, my passwords/quicken/etc. won't be easy reading for anybody. There is a balance between security and convenience, and you have to find the balance that makes you happy. MacWorld had a whole security article a few months back, they went into details about all this stuff.