We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Apple Mac password?
coffeehound
Posts: 5,742 Forumite
in Techie Stuff
Trying to download Adobe flash player (to see what tunage Tommix is posting) on my secondhand Mac Mini. Mac Mini wants a password before it will install it. Is there a way I can discover this password pls? Haven't yet got an Apple i/d.
0
Comments
-
Have you tried your login password which you use for your account on the Mac?0
-
If you don't know the master password, this is a trick that works with most macs...im sure there will be a fanboy or 2 along to complain, but it really goes to show their not nearly as secure as the hype-machine claims they are.
Scroll down to the "Use Recovery Mode to recover your Mac password"
http://www.macworld.co.uk/how-to/mac/what-do-if-youve-forgotten-your-mac-password-3594395/0 -
"it really goes to show their not nearly as secure as the hype-machine claims they are."
No computer, of any description, is secure against someone with physical access unless the storage is encrypted and that encryption does its key management sensibly. Logging in to a computer which is not encrypted will always work like this:
User types some authentication data x.
Computer transforms it in some way to get x' (usually some form of hashing).
Computer looks the user up in a database and gets secret y.
Computer transforms the result in some way to get y' (on most machines, this transformation is null),
Computer compares x' and y', and if they match assumes that x matches y and permits access.
If you have physical access to the machine, you can always bypass this, because you can always choose a random x, compute x', and then modify the disk (using a recovery mode, a USB boot, physical removal of the drive, whatever) such that y has the appropriate value. In a few, rare, cases you might need to also patch the OS slightly to deal with the transformation y->y' (for example, if there is two factor on login, which is possible but very unusual), but that isn't true of anything that is likely to be encountered in the consumer or commodity enterprise space.
In the limit, you just patch the OS so that the "is the user authenticated?" function always returns true.
And obviously, anyone with physical access to the unencrypted machine can read every byte of data on the machine anyway.
This is not some discussion about the security or otherwise of operating systems. You cannot secure a conventional machine (ie, excluding exotic tamper-resistant hardware which detects interference and wipes its memory, but that almost certainly involves full-disk encryption anyway) against an attacker with physical access unless you use full-disk encryption and manage the keys correctly. If you find a way to do this, write it up and claim your PhD at the door. If you find a _usable_ way to do this, you're going to be very rich.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178K Life & Family
- 260.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards