Locked Out Of Your Mac ?
Share
Murphy found himself locked out of his Mac for the first time ever the other day. The Genius Bar had replaced his Macbook Pro with a new machine. They used Target Disk Mode to transfer Murphy’s data from the old machine – but when he got home his password wasn’t accepted.
Murphy called the Apple store thinking maybe they’d changed his password to some Genius Bar standard password. While he was on hold, he Googled the procedure for resetting a forgotten password. Before getting through to the Genius Bar the problem was solved. Here are the steps:
- Boot with your install disk, holding C as the machine starts up.
- Select your language
- The menu bar will appear where it usually does, though you might not notice it! Select the Utilities menu and click Reset Password.
That’s all there is to it. Now your account is accessible and you can get back to work. Apple has a support document on the topic or you can search the Help system for Reset Password.
Hopefully this post shows you how important physical security is when it comes to protecting your data. See the previous post for more information on securing sensitive files.
Here’s a link to a guide you should print out. Have it somewhere handy for that day your Mac won’t boot.
| Permalink
24. February 2008 at 8:54 pm :
Murphy might also be interested to note that this procedure will allow him to reset the *root* password of a machine, so in the event that none of his existing accounts can log in, he can still get root access and create a new account. Very handy, and saved Brian’s behind just recently.
25. February 2008 at 8:25 pm :
Is there a way to prevent this (other than not letting someone get physical access to your computer)? As much as security is touted in OS X, I am surprised that all it takes is an install disk and the time it takes to boot the computer to gain complete access to your system.
Is there a way to turn this ability off in OS X? I would rather risk losing data because of forgotten password than risk someone being to access it with relative ease.
Thanks,
Scott
25. February 2008 at 8:28 pm :
While this will work with “any” Mac of the same OS revision as the boot CD/DVD – it will not unlock a File Vault encrypted home folder. This is the reason for the “Master Password” when enabling File Vault. So when you encrypt your home folder using File Vault you have two passwords. Your main login password for Leopard and a master password to unlock your home folder in the event you forget your password.
Even if someone walks up to your computer, boots with the Leopard DVD and resets your initial logon password they will not be able to access your home folder without the original password nor the master password. The encrypted home folder simply will not mount.
25. February 2008 at 10:23 pm :
Scott -
Many many security procedures operate based on the assumption you’ll have physical security. I don’t look at the ability to recover the root password with the DVD as a “hole” in any way. Once you have physical access the drive can be mounted on a machine where you’re an administrator. Disk permissions mean nothing in that case. But encryption does.
Like James says, FileVault is the way to go if you’re looking for security that might survive physical loss of your machine. That said, there’s a lot of attention this week on a process that attacks the methods people use to protect data in the event of physical compromise.
But again – pretty much every platform has a method comparable to what’s described in this post for recovering a password. If you really need to protect your data, look into FileVault or some of the encryption methods I’ve linked to above.
Personally, I haven’t used FileVault because I have taken the time to research the performance hit I’d take when working with video and screencast materials.
26. February 2008 at 2:59 am :
Scott:
The answer you’re looking for is “Open Firmware Password” for PPC machines, or “EFI password” for Intel machines. Here’s the link: http://docs.info.apple.com/article.html?artnum=106482
Basically, this sets a firmware password that disables booting from any media other than the internal hard drive unless the password is provided. It’s a useful tool for preventing the kind of password resets described here…no FileVault required.
If you’re talking about a mobile machine, or one where you can’t reasonably guarantee physical security and sensitive data is at issue, then you want encryption, of course. But if you’re just worried about locking out alternative boot methods (like the CD) use a firmware pw.
26. February 2008 at 3:25 am :
Thanks Brian, I hadn’t seen that before.
We put firmware passwords on all the laptops where I used to work. Along with a business card taped to the bottom of the machine promising a no-questions-asked reward for returning it.
Going back to FileVault: The idea of all my stuff in one file – that makes me nervous. I’d prefer to keep my sensitive stuff protected with one of the methods I linked to in the post.
I’d love to hear from anyone who uses FileVault regularly – the good and the bad.
27. February 2008 at 4:19 pm :
We don’t use it, for exactly the reasons you mention.
9. June 2008 at 3:21 pm :
What do you do if you forget the password for File Vault!??! I can’t access my data anymore!!!??
Help please
3. April 2010 at 5:27 am :
Agreed with everyone answering Scott’s question. For me, I have been using FileVault since it was first released and have been happy with it. Yes, I had been worried about possible lost of data do to a corrupted file that makes up the FileVault’s disk image, which is why I always do a full back up of my home directory every month. I keep the backup drive under lock and key.
I did run into one issue couple of years ago, when my home folder ran out of disk space, even if my new harddrive had plenty of space. The simple fix was to use the terminal and resize the max size of the disk image, which worked.
30. August 2010 at 1:37 am :
I’ve found TrueCrypt + EFI/BIOS passwords to be my ideal multi-platform security solution. It’s for my own personal insanity that I do this, but if I were in a business environment that required to have my data protected, I would feel pretty good about it.
11. October 2010 at 11:35 am :
I need help getting past the master password I’m lock out of my imac I put in all the other password and then the master password come up and I don’t know it so am lock out plz help me
22. December 2010 at 9:04 pm :
sorry that this is slightly off topic – I’m trying to go through with this, even though I’m not sure if its the exact problem I have… however, what I’m interested in now is, will all my data still be on my computer? its a new computer, I only got it 2 weeks ago, and i put a password on it so when you open it you put in a password (silly really, since the computer stays at home where no one has access to it, after this I won’t be using it anymore) anyways, it wouldn’t recognize my password. So I’m trying this out, but since the computer is so new, I haven’t backed it up or anything, and I have a lot of programs like photoshop that I don’t have the access to the install cd cuz my parents have it on the other side of the country. will those programs still be on it, or have I basically just cleaned the system of all data by reinstalling the operating system?
14. October 2012 at 4:27 pm :
I had to have Apple create a new administrator count to make this work. It looked like the disc was defective. I think mine was an exceptional situation, not the norm.