[P1] Woe is me...

[david]

On 12/6/02 1:25 AM, "PaulKurtz III" <paulkurtz at mac.com> wrote:

> I don't even have OS X, but am I the only one who sees this as a major
> security risk?
> 
> Paul
> 
>> Don't bother. Just reset it:
>> 
>> 1. Boot up from OS X CD.
>> 2. Ignore main screen and go to the "File" menu in menubar.
>> 3. Select "Reset Master Password."
> 
First, if some type of 'back door' weren't provided to reset a password, the
world would have lots of expensive white (and other colored) paper weights.
People forget passwords, it is as simple as that. I remember about 10 years
ago buying a security application that had a backdoor requiring a call to
the vendor for a one-time password. The next release of the program didn't
have this feature - the vendor was overwhelmed by calls for help from people
who forgot their security password.

Second, even though the password can be changed by anyone who has the OS X
CD, this passwording system does provide more than a modicum of security.
Someone can't just sit down at your unattended computer, browse your data,
and walk away. It takes time to reboot with the CD, the password has to be
changed (letting you know something happened while you were away), and the
computer rebooted yet again to get to the desktop. By this time you may well
be back from the coffee room and catch the malefactor in the act.

Third, assuming that I have physical access to your computer *nothing* is
going to keep your data safe from my eyes if you haven't encrypted it. And
even then I might get at it. People are so predictable about their
passwords.

david 

-=-=-=-=-=-=--=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=--=-=-
All that is gold does not glitter, Not all those who wander are lost;
The old that is strong does not wither, Deep roots are not reached by frost.

davidwb at spymac.com