"Unbreakable" password for login?

Discussion in 'Mac Apps and Mac App Store' started by csc, Mar 9, 2008.

  1. csc macrumors newbie

    Joined:
    Mar 8, 2008
    #1
    I recently had my laptop stolen, and learned after the fact that the Tiger login password box is relatively easily bypassed. Is there a program available that will simply impose a master "if you forget it you are permanently screwed" password that will render my new laptop (and existing desktop) useless--except for parts--were I so unfortunate as to have another break-in?

    Thanks in advance.
     
  2. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #2
    Filevault encryption is your best bet, along with secure virtual memory. Also require a password for screensaver or wake from sleep.
     
  3. csc thread starter macrumors newbie

    Joined:
    Mar 8, 2008
    #3
    Thanks for the response. I understand that FileVault slows things down, which may not be true. I do (and did) require a password for screensaver or waking.

    The laptop that was stolen was a computer I used for work, taxes, family photos, etc., none of which I want a stranger viewing. For the replacement, I want the equivalent (or better) of putting a Medeco lock on the front door of a building; it is tough to get through unless you have the key, but once you do you have free access to all of the rooms.
     
  4. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #4
    The performance decrease is negligible. Plus, when you're storing sensitive data like your taxes, performance should be the last thing you worry about.

    Not good. Not good at all. You really should have had that data encrypted. He/She has you by the balls now.

    All the thief has to do is take the hard drive out and hook it up to his system and he's got access to your files. That's where the encryption comes in. Even though he'll be able to hook the drive up to another computer, since he doesn't have the decryption key the files will be complete junk.
     
  5. xraydoc macrumors demi-god

    xraydoc

    Joined:
    Oct 9, 2005
    Location:
    192.168.1.1
    #5
    Your options are basically File Vault (as mentioned above) or at the minimum store your sensitive data (financial files, etc) in an encrypted disk image. On a modern multi-core machine, the File Vault performance overhead is virtually nothing.

    And turning on the encrypted virtual memory option (as mentioned in the post above) found in the Security system settings will help limit any stray data floating around the system as well.

    Do be aware that File Vault doesn't play nicely with Time Machine, however.
     
  6. KingYaba macrumors 68040

    KingYaba

    Joined:
    Aug 7, 2005
    Location:
    Up the irons
    #6
    The funny thing is, I bet it you store files in printer drivers I doubt anyone would look there. :rolleyes:
     
  7. cohibadad macrumors 6502a

    cohibadad

    Joined:
    Jul 21, 2007
    #7
    I'm more interested in how the password is bypassed? Are you talking about using the install disk?
     
  8. macdoobie macrumors member

    Joined:
    Feb 12, 2008
    #8
    Having an unbreakable password doesn't mean they get to have a super nice computer that will eventually work for under $100.

    All your encryption will do is prevent your harddrive from being accessed.

    So, they replace it! $100 vs $1500. you be the judge:D
     
  9. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #9
    Computers are cheap, compared to identity theft.

    That's the point.

    Take the drive out of the machine, plug it into another machine, mount the disk. Sometimes you won't even need to do that, just boot the machine into single user mode and you've got root. Game over.

    Modification and access times would give them away. If you're in a hurry and you're looking for interesting or otherwise sensitive data the easiest thing to do is scan for files that have been touched in the last week.
     
  10. boast macrumors 65816

    boast

    Joined:
    Nov 12, 2007
    Location:
    Phoenix
    #11
    even with fire-vault, the computer needs to be shutoff before it is stolen- being you can now use ram dumps to get in.
     
  11. Glenny2lappies macrumors 6502

    Joined:
    Sep 29, 2006
    Location:
    Brighton, UK
    #12
    Use FileVault. In reality it has no impact on performance. The one issue with FileVault is when logging off when it will reclaim disc space. This can be cancelled.

    Configure your music and other unimportant but large files outside of your home directory, e.g. virtual machines. These don't need to be encrypted, so don't.

    Use two passwords: one for logging on and a different one for KeyChain access.

    Use pass phrases instead of a password. Think of some words to a song/poem/story/saying that is really personal to you. Use upper/lower/numerics in your passwords.

    Do not get Firefox to remember passwords (did you know you can read these in plain text FFS!!).

    Set up another keychain Secure Note containing your passwords -- or use a password manager like OnPass. If using Secure Notes, set it to "Confirm before allowing access" and don't use the Keychain password -- use something completely different.

    Ensure you have it set to require a password when waking from sleep.

    Ensure the screensaver kicks in after a period of inactivity and that it prompts for a password (even if it's an hour, it's better than nothing).

    Lock your settings.



    And then it's on to a backup. As mentioned above, Time Machine doesn't work with FileVault. This is really boneheaded on the part of Apple. You will need to use another backup program; Sync? There's loads available.

    Make sure you have at least one full system backup.

    Protect your backup drives. If you need security on them, create a secure partition on it.


    You have my sympathy. I'll let you guess why the above is so fresh in my memory - the clue is on my new laptop.
     
  12. Glenny2lappies macrumors 6502

    Joined:
    Sep 29, 2006
    Location:
    Brighton, UK
    #13
    I think this is a bit esoteric and not a 'normal' threat from your typical tea-leaf.

    Still, what's the old adage:-
    Security, Ease of Use, Low Cost; pick any Two.
     
  13. BowZinger macrumors member

    Joined:
    Dec 8, 2007
    #14
    what about PGP?
    http://www.pgp.com/

    that is a hard drive encryption deal, I have heared that it is better than file vault but I don't know!
     
  14. The General macrumors 601

    Joined:
    Jul 7, 2006
    #15
    $100? Just format the drive... $0
     
  15. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #16
    That's why you enable secure virtual memory.
     
  16. thestaton macrumors 6502

    Joined:
    Jan 19, 2006
    #17
    You could make a secure disk image, and dump all your important stuff into it.
     
  17. csc thread starter macrumors newbie

    Joined:
    Mar 8, 2008
    #18
    Miscellaneous responses

    Thanks for all of the comments. It seems like FileVault was the solution I should have used and is the solution I need.

    Random comments to other points:

    1. Identity theft is THE problem; I needed a new computer anyway and was just waiting for the new MBPs. Since I've been through the process, I might as well share. If you think it is an issue, this is a useful "what to do" checklist: http://myfloridalegal.com/pages.nsf/Main/CBBEBA3F2583433385256DBA004BC600?OpenDocument You can get a 90-day fraud alert just by calling or registering on line; with a police report, you get it for 7 years (not a typo). I was able to get the alerts placed with the three companies the next morning; it works, because I needed to change my cell plan and the company would not do it until they spoke to me through one of the numbers I had provided to Experian, etc.

    2. "Breaking" the password is easy; it is an install-disk issue. I won't explain how; however, this was confirmed by Apple Tech Support

    3. To get Apple to note your computer in its system as stolen, you need your police department's fraud unit to contact Apple's Fraud Unit--which Apple Tech said they can and will do.

    4. I don't use Firefox to remember passwords--or write them down on paper--but that is a good word of warning. I'm really not concerned with the password being figured out; bypass is my problem. If you want to test a password, use Keychain (in Applications) as if you were setting up a new one; it has a little strength meter pop up.

    5. Using a password for every "waking" function is an extremely good idea. With a laptop, there is really no reason not to do so. Anyone who steals it will, at some point have to close it--and probably at the point of theft; that alone is worth something. Also, I cannot think of a good reason why you wouldn't do it on a desktop.

    6. Luckily, the most important items--10,000 digital photos of my kid--were backed up. I do need to get Backup now, because it was only on my laptop. [Yeah, THAT was bright, in retrospect.] I'm not sure of the utility of Time Machine; however, a separate backup--kept in a separate location (even if only within the same residence--is a necessity if you have anything about which you care on any of your computers.

    7. I'm willing to be convinced otherwise, but is Time Machine anything more than a bell-and-whistle?

    Thanks again to all.
     
  18. KingYaba macrumors 68040

    KingYaba

    Joined:
    Aug 7, 2005
    Location:
    Up the irons
    #19
  19. Glenny2lappies macrumors 6502

    Joined:
    Sep 29, 2006
    Location:
    Brighton, UK
    #20
    Dog and pony:)

    Good summary.
     
  20. boast macrumors 65816

    boast

    Joined:
    Nov 12, 2007
    Location:
    Phoenix
    #21
    virtual memory is... virtual, on the HDD.

    we be talkin' bout RAM, that hardware stuffz. :)

    I thought the same with this whole " the Tiger login password box is relatively easily bypassed;" "the hdd can be hooked up to another computer if not encrypted;" etc...
     
  21. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #22
    Doh! Total brain fart.
     
  22. cowm007 macrumors regular

    Joined:
    Feb 2, 2005
    #23
    Make an encrypted disk image with Disk Utility or True Crypt and keep your important files there. I used to use File Vault but the performance hit is annoying. You don't need EVERY file encrypted (like preference plists and such) so it's really an easier solution.
     

Share This Page