Securing Passwords - Good Idea?

Posted:
in macOS edited January 2014
From DaveG at Apple-X Net:



Link To Article/Tip





If you upgraded to Panther, here's how to fix your password security.





One of the biggest problems with account security in OS X in 10.2.x and lower was that the passwords were not truly shadowed and only paid attention to the first 8 characters of the password you entered. Not exactly a good thing. While we didn't hear a lot about this fact, and in truth, there wasn't a lot of info about it available, especially if you were not in certain very specific parts of the hacker scene, it could lead to some pretty major security problems. Luckily, Apple fixed this problem in Panther. If you did a clean install of Panther, then the problem is already fixed for you, no problem. The password now recognizes more than the first 8 characters entered and is stored using real unix shadowing. However, if you did an upgrade, then the old problem persists on your box. Let's fix that right now, it's real simple and a no brainer. It shouldn't take more than a couple of seconds and you won't even have to touch the terminal, unless you want to of course





For those of you who do not like playing around with the terminal or just prefer using GUI tools when possible, launch your System Preferences application. Next, choose the Accounts applet, which will bring you to the users and account editing screen. Click in the top password box and type any character. This will cause Panther to authenticate you. Enter your password in the authentication box that pops up. Once you have been authenticated, replace the password in the boxes with either a new password, or your old one. This will cause Panther to reset your password and by doing so, it will use the updated system features to do so. Close System Preferences. You're done.





For those of you who like the terminal, launch it and use the passwd program to reset your password. If you don't know how to do this, then view the passwd man entry, i.e. [[email protected]]~$]man passwd.



Example:

[[email protected]]~$]passwd [enter]

changing password for DaveG

Old password:MyPassword [enter]

New Password:NewPassword [enter]

Retype new password:NewPassword [enter]

[[email protected]]~$]



To break this down simply, everything that has been emphasized is what this program puts on the screen. [enter] means you should hit the enter/return key on your keyboard. *MyPassword* is your current password and *NewPassword* is the password you are entering now. All text except for the command prompt, i.e. [[email protected]]~$] that is not emphasizedis what you enter.





That's all it takes, and now your system is using full passwords and proper password shadowing for you account. If you have other accounts on your box, you will want to do the same thing for those accounts as well. Enjoy your more secure Mac.

Comments

  • Reply 1 of 15
    No, securing passwords is not a good idea. What happens if you forget your password? It's best to leave them so you can figure it out if you forget it. Especially if you've got critical data on your computer.
  • Reply 2 of 15
    mcsjgsmcsjgs Posts: 244member
    Quote:

    Originally posted by pensieve

    No, securing passwords is not a good idea. What happens if you forget your password? It's best to leave them so you can figure it out if you forget it. Especially if you've got critical data on your computer.



    If I am getting the gist of this correctly, the article is talking about taking advantage of the longer password length in Panther as opposed to the eight character limitation in Jaguar, not how you store your passwords.
  • Reply 3 of 15
    kickahakickaha Posts: 8,760member
    *ahem* I believe he was being sarcastic...
  • Reply 4 of 15
    Quote:

    Originally posted by Kickaha

    *ahem* I believe he was being sarcastic...



    You can't let it go for more than one post, can ya? You did the same thing to me in that thread about the packets clogging up ast3r3x's internet connection.



    Yes, I was being sarcastic. Of course it's a good idea. What kind of silly question is that?
  • Reply 5 of 15
    kickahakickaha Posts: 8,760member
    *LOL*



    My apologies, mon frere!



    From now on, I will willingly and willfully refrain myself from correcting when you bait the newbies, you insufferably sadistic bastard.



    mcsjgs: Good catch on the article, thanks for the pointer, and please, ignore the cranky old guy in the corner mumbling to himself.
  • Reply 6 of 15
    Has anyone here honestly ever forgotten their password? If I start to use a new one I'll write it down and keep it in a very safe place till I am 100% sure I know it by heart. If you are smart about it, you will never forget. However, I don't think that password securing is a huge deal.
  • Reply 7 of 15
    kecksykecksy Posts: 1,002member
    Anyone who forgets his or her password is an idiot who deserves to face whatever consequences result from his or her own stupidity.
  • Reply 8 of 15
    Humble newbie takes a licking and keeps on ticking
  • Reply 9 of 15
    Quote:

    Originally posted by Kecksy

    Anyone who forgets his or her password is an idiot who deserves to face whatever consequences result from his or her own stupidity.



    hey. i may be an idiot, and maybe i do deserve what i got for losing my password, but... i forget how i was gonna end that sentence.
  • Reply 10 of 15
    kickahakickaha Posts: 8,760member
    Duh, that's what Post-It notes on your monitor are for...



  • Reply 11 of 15
    Quote:

    Originally posted by mcsjgs

    Humble newbie takes a licking and keeps on ticking



    No offense intended. I'm just an ass sometimes. Feel free to ignore me if I'm sounding rude... I'm not really.
  • Reply 12 of 15
    kickahakickaha Posts: 8,760member
    Oh shut up, yes you are.



  • Reply 13 of 15
    Quote:

    Originally posted by Kickaha

    Oh shut up, yes you are.







    From the posting guidelines:



    Quote:

    Excessive ad-hominem attacks of forum members will not be tolerated. We understand that things get heated, but it helps to maintain a modicum of respect for the membership. Attack ideas, not people. Be open-minded and try to help foster meaningful discussion (yes, meaningful discussion is possible if everyone respects each other).



    That's twice in this thread alone you've insulted me! I'm gonna complain...



    Oh, who am I fooling? I am an ass. I figure after 3000+ posts, I can be whoever I want....
  • Reply 14 of 15
    kickahakickaha Posts: 8,760member
    Join the club, brutha.
  • Reply 15 of 15
    Quote:

    Originally posted by pensieve

    No offense intended. I'm just an ass sometimes. Feel free to ignore me if I'm sounding rude... I'm not really.





    None taken. I was being excessively cautious in my response. All in good fun.



    BTW on this securing passwords, it worked just fine for all the users on the machine except root. In root, it caused the root login (by name and password) to disappear from log-in window. I understand you can hold the shift key to see it, but I ended up with a large hassle in netinfo to get it back into the log-in window. So be warned.
Sign In or Register to comment.