Passwords Not Need To Be Complete

in macOS edited January 2014
It seems that when u login or switch users and are prompted for a password, one doesnt need to enter the full password. It seems that after 8 correct letters you dont have to enter anymore, or you can even enter any other letters after the first correct 8 and still log in. This seems like a very big security issue. Maybe this is addressed somewhere else, but I just discovered it. Anyone else know why this happens, or is experiencing it to?



  • Reply 1 of 2
    It's an issue for those on 10.2.8 or earlier...

    This has been addressed in 10.3, but if you did an upgrade install it may need a fix
  • Reply 2 of 2

    Originally posted by macrules101

    This seems like a very big security issue.

    Not at all, this a very unixoid glitch, that is due to the encryption algorithm used to securely store your password in the user database. Most UNIX operating systems that are 2 years old or more suffer the same limitation, because they all used the same encryption algorithm (called DES but i may be wrong on this one, I'm not an expert).

    Anyway, this has been fixed in Panther and most recent versions of Linux, BSD etc...

    This is not a big security issue at all since a good password (good = hard to crack) is not a very long password but a password that is not any close to something included in a crack database : "franklindelanoroosevelt" will be cracked in 10 minutes whereas "t&j3*1+L" will probably never be cracked at all...
Sign In or Register to comment.