Sunday, 13 January 2013

FileVault - Resetting master password

This article is about resetting a FileVault password. While researching this I saw a post in Apple Support Communities:
First, turn off "FileVault" on any and all accounts created while the current "master password" has been in effect. This may take some time, and requires sufficient free space on the hard drive.

The "master password" is associated with the "FileVaultMaster.keychain" and "FileVaultMaster.cer" in the computer's main "/Library/Keychains" folder. If these files are removed, the system will think that a "master password" has not been set. It might be a good idea to keep the files backed up somewhere if you happen to have any backups of old "FileVault" sparse images somewhere, in case you need to get in to them and happen to remember the old "master password" at some point.

Anyway, after removing those files, it should be possible to set a new "master password" from the "Security" pref pane. If "FileVault" is subsequently turned on, the disk images will be created, incorporating the new "master password".

And I had to try it out myself. It worked great on OS X Leopard (maybe great isn't the word). Resetting the admin password is easy, and this is another security hole in FileVault. You can simply use the Cmd+S method:

  1. Hold down Cmd+S to go into single user mode.
  2. Type fsck -fy
  3. Type mount -uw /
  4. Type passwd <username> where username is the user you want to reset
It would seem the only real way to secure a Mac against physical access is to set an EFI or Open Firmware password.

1 comment:

  1. Hacker are always wandering for the people who is most important to hack their personal information for creating mess up. valet parking luton airport