16GB iPod Touch $339 - Save $59

Locked Out Of Your Mac ?

February 24th, 2008

Locked out of your MacMurphy found himself locked out of his Mac for the first time ever the other day. The Genius Bar had replaced his Macbook Pro with a new machine. They used Target Disk Mode to transfer Murphy’s data from the old machine - but when he got home his password wasn’t accepted.

Murphy called the Apple store thinking maybe they’d changed his password to some Genius Bar standard password. While he was on hold, he Googled the procedure for resetting a forgotten password. Before getting through to the Genius Bar the problem was solved. Here are the steps:

  • Boot with your install disk, holding C as the machine starts up.
  • Select your language
  • The menu bar will appear where it usually does, though you might not notice it! Select the Utilities menu and click Reset Password.

That’s all there is to it. Now your account is accessible and you can get back to work. Apple has a support document on the topic or you can search the Help system for Reset Password.

Hopefully this post shows you how important physical security is when it comes to protecting your data. See the previous post for more information on securing sensitive files.

Here’s a link to a guide you should print out. Have it somewhere handy for that day your Mac won’t boot.

| Permalink

Posted in Security, Utilities, Mac OS X, Beginner |

del.icio.us Digg Furl Reddit StumbleUpon

Why does Murphy use Bluehost?

8 Responses to “Locked Out Of Your Mac ?”

  1. Brian Says:
    February 24th, 2008 at 8:54 pm

    Murphy might also be interested to note that this procedure will allow him to reset the *root* password of a machine, so in the event that none of his existing accounts can log in, he can still get root access and create a new account. Very handy, and saved Brian’s behind just recently.

  2. Scott Says:
    February 25th, 2008 at 8:25 pm

    Is there a way to prevent this (other than not letting someone get physical access to your computer)? As much as security is touted in OS X, I am surprised that all it takes is an install disk and the time it takes to boot the computer to gain complete access to your system.

    Is there a way to turn this ability off in OS X? I would rather risk losing data because of forgotten password than risk someone being to access it with relative ease.

    Thanks,
    Scott

  3. James Says:
    February 25th, 2008 at 8:28 pm

    While this will work with “any” Mac of the same OS revision as the boot CD/DVD - it will not unlock a File Vault encrypted home folder. This is the reason for the “Master Password” when enabling File Vault. So when you encrypt your home folder using File Vault you have two passwords. Your main login password for Leopard and a master password to unlock your home folder in the event you forget your password.

    Even if someone walks up to your computer, boots with the Leopard DVD and resets your initial logon password they will not be able to access your home folder without the original password nor the master password. The encrypted home folder simply will not mount.

  4. Murphy Says:
    February 25th, 2008 at 10:23 pm

    Scott -

    Many many security procedures operate based on the assumption you’ll have physical security. I don’t look at the ability to recover the root password with the DVD as a “hole” in any way. Once you have physical access the drive can be mounted on a machine where you’re an administrator. Disk permissions mean nothing in that case. But encryption does.

    Like James says, FileVault is the way to go if you’re looking for security that might survive physical loss of your machine. That said, there’s a lot of attention this week on a process that attacks the methods people use to protect data in the event of physical compromise.

    But again - pretty much every platform has a method comparable to what’s described in this post for recovering a password. If you really need to protect your data, look into FileVault or some of the encryption methods I’ve linked to above.

    Personally, I haven’t used FileVault because I have taken the time to research the performance hit I’d take when working with video and screencast materials.

  5. Brian Says:
    February 26th, 2008 at 2:59 am

    Scott:

    The answer you’re looking for is “Open Firmware Password” for PPC machines, or “EFI password” for Intel machines. Here’s the link: http://docs.info.apple.com/article.html?artnum=106482

    Basically, this sets a firmware password that disables booting from any media other than the internal hard drive unless the password is provided. It’s a useful tool for preventing the kind of password resets described here…no FileVault required. :)

    If you’re talking about a mobile machine, or one where you can’t reasonably guarantee physical security and sensitive data is at issue, then you want encryption, of course. But if you’re just worried about locking out alternative boot methods (like the CD) use a firmware pw.

  6. Murphy Says:
    February 26th, 2008 at 3:25 am

    Thanks Brian, I hadn’t seen that before.

    We put firmware passwords on all the laptops where I used to work. Along with a business card taped to the bottom of the machine promising a no-questions-asked reward for returning it.

    Going back to FileVault: The idea of all my stuff in one file - that makes me nervous. I’d prefer to keep my sensitive stuff protected with one of the methods I linked to in the post.

    I’d love to hear from anyone who uses FileVault regularly - the good and the bad.

  7. Brian Says:
    February 27th, 2008 at 4:19 pm

    We don’t use it, for exactly the reasons you mention.

  8. Paul Says:
    June 9th, 2008 at 3:21 pm

    What do you do if you forget the password for File Vault!??! I can’t access my data anymore!!!??
    Help please

Leave a Reply

Text Link Ads