How secure is Mac OS X's security?

macos security

Solution 1:

It depends on exactly what you mean by:

it was protected with a password

If it means that they were using FileVault, then their data should be pretty much inaccessible.

If it just meant that they had a login password, though, all the thieves have to do is boot the laptop off another disk, and they'll have immediate access to everything on the internal drive.

Solution 2:

If FileVault is not enabled, there are two easy ways to reset the login password in single user mode without even having access to another computer or installation media.

It doesn't reset the password of the login keychain, but the thief could still access most files normally. They couldn't use auto-fill in Safari or log in to accounts in Mail. But if you had set a webmail site to log in automatically and hadn't disabled the option to reset a password with an Apple ID, the thief could reset the Apple ID (it doesn't currently require answering security questions) and use it to reset the keychain password.

The hash of the login password (which is usually also the password of the login keychain) is stored in /var/db/dslocal/nodes/Default/users/username.plist in 10.7 and 10.8. In 10.7 it was easy to crack even relatively complex passwords by using DaveGrohl, but 10.8 switched to PBKDF2, which limits it to about 10 guesses per second per core.

Solution 3:

The current version of FileVault is secure against currently well-known attacks, if best practices are followed.

Some older versions of FileVault had serious issues. See http://en.wikipedia.org/wiki/FileVault#Issues and https://discussions.apple.com/message/18835839#18835839 ; both have more detail. With older versions of and incautiously configured installations of MacOS, it's definitely easy to decrypt the contents of a FileVault-protected drive. Fortunately, those known issues in older versions of FileVault have been fixed.

Google for examples of some "best practices", such as the NSA's configuration guide for Mac OS X.

What was protected by a password is a key question... Do all accounts require a login password? Is there a boot-time password as well? Was Filevault (or other encryption software) used at all? Were good password practices followed? A chain is only as strong as its weakest link.

Related

Delete Mails in Mac Mail without Trash
Is there a way to switch Mac OS boot partitions without going through System Preferences?
If the brightness of the built-in display is turned black, can it be considered off?
Any free software for writing HTML?
Apparently I’m calling random numbers but there's nothing in the call log
Are there any apps to diagnose a Macbook battery?
Any suggestions for a password manager app?
Is there a way to have something similar to Cygwin on Mac?
Free app which shows song name in menu bar
Penetration Testing [closed]
Store file in zip archive with different name (linux command shell)
How to block access to a file from being served by Tomcat?