Does activating auto-login compromise secure password storage?

macos security password login

Solution 1:

Yes. If you enable automatic login, the keychain password is stored in /etc/kcpassword using XOR cipher, which can be decoded easily. You need root privileges to read it though.

sudo ruby -e 'key = [125, 137, 82, 35, 210, 188, 221, 234, 163, 185, 31]; IO.read("/etc/kcpassword").bytes.each_with_index { |b, i| break if key.include?(b); print [b ^ key[i % key.size]].pack("U*") }'

Even if automatic login was disabled, the login password can be reset in single user mode. It doesn't change the password of the login keychain though. If someone logged in to your account after resetting the login password, they could access most of your files normally, but they couldn't log in on your account in Mail or use auto-fill in Safari. If automatic login was enabled, they could see your passwords with something like security find-internet-password -s accounts.google.com -w and use Mail and auto-fill.

There was a vulnerability when automatic login was enabled:

According to a leading password recovery software developer Passware, your password could be easily accessed via the direct memory access associated with the Mac’s FireWire port.

It seems that by enabling the “automatic login” feature the FireWire port on your Mac opens the door to unauthorized password recovery. It seems that this is an issue that has plagued Snow Leopard as well, but as it stands it does not look like there is any fix for it, apart from disabling “automatic login” and spending that extra second or two typing in your password.

The hash of the login password (which is usually also the password of the login keychain) is stored in /private/var/db/dslocal/nodes/Default/users/username.plist in 10.7 and 10.8. In 10.7 even relatively complex passwords could be cracked with DaveGrohl, but 10.8 switched to PBKDF2, which limits it to about 10 guesses per second per core.

Solution 2:

Enabling autologin does store the user's password in recoverable form, but it's not in plaintext (it's obscured, and no, I'm not going to tell you where it is). The reason for this isn't to enable autologin itself, but to allow automatic access to the user's keychain (which is encrypted based on the user's password).

This doesn't weaken security too much; the main implications are that someone (/some malware) with root access to the computer (and/or physical control of it) can find out what your password is; but since they already have full control of the computer, that doesn't matter much. It gives them access to your keychain (which a password reset wouldn't give them), and if you used the same password for other things they know that... but that's about it.

Realistically, if you care at all about security, you shouldn't be enabling autologin anyway.

Related

Sierra sudden shutdown and WiFi crashlogs
How to list content of all .zip files in a folder and grep for a specific file?
How do I connect to an SMB share requiring a user name and password?
how to set icons and theme from terminal?
What is the ".Trash-1000" folder and how to delete it?
"file /var/log/syslog is being edited" message in nano
How can I change a picture's file size?
Getting a graphic on the clipboard to the disk?
How do I check if last shutdown was clean?
Why is my RAID /dev/md1 showing up as /dev/md126? Is mdadm.conf being ignored?
What is the difference between Modify and Change in stat output
Screen times out in i3 WM