Many PC users are familiar with the idea of a firmware password that needs to be entered before the computer will load the OS. For PC power-users the BIOS or CMOS interface is familiar territory – and it’s the place where they set such a password.
Murphy Mac commenter Brian posted information on something similar for your Mac. Here’s the rundown.
Using the Open Firmware Password utility you can set a password on your Mac that will stop someone from resetting a user account password using the method described in this previous post. Essentially, it prevents unauthorized users from using a disk other than the machine’s internal drive to boot. The utility comes on the install disk that ships with your Mac.
Keep in mind this isn’t much additional security. It might slow down a casual attacker, but a determined foe with physical access to your machine can bypass this security. Your best bet for security that lasts is to encrypt your sensitive files using one of the methods described previously.
Murphy found himself locked out of his Mac for the first time ever the other day. The Genius Bar had replaced his Macbook Pro with a new machine. They used Target Disk Mode to transfer Murphy’s data from the old machine – but when he got home his password wasn’t accepted.
Murphy called the Apple store thinking maybe they’d changed his password to some Genius Bar standard password. While he was on hold, he Googled the procedure for resetting a forgotten password. Before getting through to the Genius Bar the problem was solved. Here are the steps:
- Boot with your install disk, holding C as the machine starts up.
- Select your language
- The menu bar will appear where it usually does, though you might not notice it! Select the Utilities menu and click Reset Password.
That’s all there is to it. Now your account is accessible and you can get back to work. Apple has a support document on the topic or you can search the Help system for Reset Password.
Hopefully this post shows you how important physical security is when it comes to protecting your data. See the previous post for more information on securing sensitive files.
Here’s a link to a guide you should print out. Have it somewhere handy for that day your Mac won’t boot.
Murphy has been thinking about security after discussing the previous post all over the Internet. In case you missed them, here are some security posts you might have missed:
Encrypting files from the command line. This is a quick and easy way to lock up a file tight. Not so great if you’re sending it to a Windows user though. You’ll also get started with making an interactive shell script.
Encrypting files using a widget. This post built on the command line method mentioned above. The widget supports drag and drop, just drag the file and hold onto it before invoking Dashboard.
Create an encrypted DMG. A screencast detailing use of Disk Utility to make a password protected secure DMG file.
1Password. This is a utility for storing the usernames and passwords you use all over the Internet. If you use the same credentials on every site you visit you should probably stop. This tool integrates fully with the OS X keychain and is easy to transfer from Mac to Mac.
Here’s another little tidbit: You can unzip a password-protected zip file using Terminal on your Mac. Open Terminal, type unzip followed by a space. Then drag the zip file from Finder onto the Terminal window and hit return. You’ll be prompted for the password and your file will be unzipped.
Note to Murphy Mac regulars: Murphy needs your help! Visit this link on Digg and Digg the story. Murphy could use the traffic. Thanks !
Help Murphy !
An industrious Murphy Mac visitor has taken two posts and run with them. Things that would have taken Murphy weeks to unravel have been hammered out in mere minutes.
First, Chris at millshalligan posted a widget for converting a single file into an encrypted file. (After seeing Murphy’s post here!) So if you’re a Widget kind of person and not really interested in the Terminal take a look.
After that, Chris posted a solution for having your WordPress site contact your Mac via Growl when a comment is posted to your blog. Murphy had wondered about the plausibility of such a feature in his own Growl post. Maybe Murph should wonder about some other stuff and see if Chris keeps cranking out answers.
It looks like Bluehost doesn’t allow the outbound Growl notification – unless you pay an additional $30 annually for a dedicated IP address. Check with your own host before trying this out.
Thanks to Chris at millshalligan for some great stuff.
In today’s installment of Terminal Thursday we’ll be encrypting a single file from the command line courtesy of an excellent tip from the guys over at OSXDaily. The openssl utility ships with your Mac – and it’s pretty easy to use.
An OSXDaily reader posted a comment asking if there was a drag and drop way to encrypt a file. We’ve got a solution – sort of. Murphy sees this as a perfect place to introduce a shell script that prompts the user for input. Just kick off the shell script and you’re prompted for the file you want to encode. You can drag the file onto your Terminal window and hit enter. You’ll be prompted to set a password and you’re done.
You could make a similar shell script for decrypting the files too. And you’re not stuck with Murphy’s method, which dumps the output in a pre-configured folder. You could concatenate an extension onto the encrypted filename instead. Whatever works for you.
The screencast assumes you’ve seen Murphy’s post about making a shell script, so you might want to check that one out before getting started. It also introduces basename – which helps us extract a file name from a full path.
A word of warning from the original post: Don’t forget your password. Chances are you’re not going to find a way to break triple-des security.
UPDATE: Carry out this process with a Widget.