What is to stop someone from using the reset password utlity?

Discussion in 'macOS' started by astromoose, Oct 7, 2009.

  1. astromoose macrumors member

    astromoose

    Joined:
    Jul 27, 2008
    Location:
    NC
    #1
    Sorry if this is a stupid question. I have my home folder encrypted using filevault. What is to stop someone from booting the OS X install disc and running password reset to change the password on my username?
    Even if I had a firmware password set, could they just stick the drive in another machine and reset the password?
     
  2. electroshock macrumors 6502a

    electroshock

    Joined:
    Sep 7, 2009
    #2
    They could change the password on your login account like these approaches, but it wouldn't change the password your data was encrypted with.

    To decrypt, they will simply have to know the filevault password -- either yours or the master FileVault password. If they do not know either password, then they simply cannot decrypt the data.
     
  3. astromoose thread starter macrumors member

    astromoose

    Joined:
    Jul 27, 2008
    Location:
    NC
    #3
    For example if my macbookpro were to get stolen: could someone not change the login password for the encrypted account with password reset, then reboot, login to that account, and have access to everything in that accounts home folder?
     
  4. melchior macrumors 65816

    melchior

    Joined:
    Nov 17, 2002
    #4
    you can also set a firmware password which would prevent booting from any source without that password
     
  5. devburke Guest

    Joined:
    Oct 16, 2008
    #5
    Read the OP again…

    And OP, here you said…


    But as electroshock said…

    All sorted out? The password you login with is part of how FileVault encrypts your files. So even if you change your password using the reset utility, the password they’re encrypted with is needed to decrypt them. That’s why this warning is there:

    Screen shot 2009-10-08 at 12.43.16 AM.png

    The short answer, or if you don’t understand all the technical stuff, is that they still wouldn’t be able to get your data if it was encrypted with FileVault.
     
  6. astromoose thread starter macrumors member

    astromoose

    Joined:
    Jul 27, 2008
    Location:
    NC
    #6
    You are right.
    If you try and do what i described it comes up with a dialogue that says "Your user account password is different from your FileVault password." And you must enter the old password to gain access...

    Thanks!
     

Share This Page