Is this protection adequate?

Joined
Oct 6, 2016
Messages
184
Reaction score
6
Points
18
I know I’ve asked this before in a slightly different way, so forgive the repetition...

My Mac Mini has been FileVaulted, with a 20+ character hard-drive password.

On my hard drive is a folder containing sensitive data, which is an encrypted .dmg using DiskUtility, employing a different 20+character password.

If a smart thief stole my Mac Mini, what could he/she do to gain access to my encrypted.dmg folder?

Thanks.

Allen
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
If a smart thief stole my Mac Mini, what could he/she do to gain access to my encrypted.dmg folder?

Nothing is 100% safe. If there are thieves out there that can gain access to the most sensitive data in 1st world country department databases...and personal/financial data from banks & stores...then these same theives can gain access to your Mac-Mini's data. The question is...how likely is a super smart thief likely to steal your Mac-Mini...actually care what's on the HD...and maybe really only interested in selling the Mac-Mini to someone else for quick cash?

Do as much as you can security-wise...do your backups...then focus on real-life. No level of OCD will ever protect you 100%.

- Nick
 
Last edited:

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
If a smart thief stole your Mini when it was turned on and running, then your encrypted data would no longer be protected, however, the encrypted folder would still be protected as long as it wasn't already open. But I think you know that. If the machine is turned off and just sitting on your desk or in your unattended office, it would be reasonably safe.

You might wish to also add a firmware password to give further protection if your Mini contains sensitive data. You can read up on what a firmware password does by going to the Apple KB.
 
OP
A
Joined
Oct 6, 2016
Messages
184
Reaction score
6
Points
18
Is a firmware password the same as a Root password? If so, I’ve already upgraded that to yet another 20+ password!
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Is a firmware password the same as a Root password? If so, I’ve already upgraded that to yet another 20+ password!

I'm not sure what a "Root" password is, but you can read up on what a firmware password does for protection. With a firmware password in place, a thief would not be able to change out or copy your hard drive data. Without a firmware password in place, a thief could remove your hard drive after stealing the machine and replace the drive with one of his own. A firmware password would not allow the new hard drive to function.
 
OP
A
Joined
Oct 6, 2016
Messages
184
Reaction score
6
Points
18
I think a root is the same as a firmware password from what I can Google. But in that searching, I keep coming across people saying "don't worry overmuch if you can't remember your firmware password (alleged to be gold standard security!) as you can take your machine to an Apple Support Centre and they will reset it for you!"

Now, if the fairly bright people in Apple Support Centres can reset my firmware password, what hope have I got?

The only system that seems to work if you REALLY want to keep some secure data secure is to keep it on a separate flash drive or similar, and remove it from the machine when you are off out, taking the drive WITH you. All right, I might get bashed on the head and my flash drive stolen, but even that's got double-password security, which most thieves wouldn't bother trying to crack (I hope).

The firmware business does upset me, as it tends to blow the myth of Apple's security.

Allen.
 
Joined
Oct 16, 2010
Messages
17,498
Reaction score
1,542
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
Now, if the fairly bright people in Apple Support Centres can reset my firmware password, what hope have I got?

I have a feeling that you don't completely understand just what a firmware password is or how it works or what it can do or prevent.

Maybe do some checking and reading and you could start here that gives the basics:
https://support.apple.com/en-ca/HT204455

BTW: Is the data you want super protected of any value to anyone other than yourself?

If not, you could just stick it in a folder and make the folder invisible, and encrypt it as well if you want.

It's hard to break into or open a folder that isn't even normally visible eh??? :Blushing:




- Patrick
======
 

IWT


Joined
Jan 23, 2009
Messages
10,219
Reaction score
2,176
Points
113
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
M2 Max Studio Extra, 32GB memory, 4TB, Sonoma 14.4 Apple 5K Retina Studio Monitor
if the fairly bright people in Apple Support Centres can reset my firmware password, what hope have I got?

Yes, in theory they could or might; but you would virtually have to have had your entire identity stolen first because they need absolute proof:

That you are who you say you are -

Passport, other ID cards, proof that you live at the address they have down as yours, proof of purchase and ownership of the Mac in question, being able to sign in to your iCloud account on another Mac i.e. knowing the agreed email address & password, answers to the three security questions you set up or, if 2FA is in place have the device with you etc and so forth!

As our Admin, Nick, said - nothing is absolute and going this far and worrying about it seems to me like a health risk.

I know everyone's different and I respect that; it's up to you.

Ian
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
...nothing is absolute and going this far and worrying about it seems to me like a health risk.

Definitely my main point Ian.:)

Heck...we can have a firmware password...an encrypted HD...have Moby Dic-k eat the Mac-Mini...he "poop's" it onto the bottom of the ocean...and we still wouldn't have 100% security! Lol

We do what we reasonably can...against reasonable risks.:)

- Nick
 
Joined
Oct 16, 2010
Messages
17,498
Reaction score
1,542
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
As our Admin, Nick, said - nothing is absolute and going this far and worrying about it seems to me like a health risk.


+1!!! Completely agree. And life's too short and too involved already. :[




- Patrick
======
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Complete protection?

Don't have a computer, a credit card, a debit card, a cell phone, a land line phone etc. Just live life and unless you are a former KGB Assassin, don't worry about it.
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
I'm not paranoid, it's just that everyone is out to get me! :Oops: ;P
 
Joined
Oct 16, 2010
Messages
17,498
Reaction score
1,542
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
I'm not paranoid, it's just that everyone is out to get me! :Oops: ;P



Man, that sure a relief for me to know, I thought it was me or my Macs they were after. Phew, that's sure a relief. :Blushing:




- Patrick
======
 

Rod


Joined
Jun 12, 2011
Messages
9,631
Reaction score
1,837
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 14.4.1, Mid 2010MacBook 13" iPhone 13 Pro max, iPad 6, Apple Watch SE.
There is one thing that a 20+ character password can do very well. It can keep you out of your files. DON'T forget your passwords.
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
There is one thing that a 20+ character password can do very well. It can keep you out of your files. DON'T forget your passwords.

I was thinking the exact same thing as soon as I saw the beginning of your post.;)

And if someone needs to write down a 20+ character password so it is not forgotten...now security has been compromised a bit because the password is written down & possible for someone to find it.

- Nick
 

Rod


Joined
Jun 12, 2011
Messages
9,631
Reaction score
1,837
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 14.4.1, Mid 2010MacBook 13" iPhone 13 Pro max, iPad 6, Apple Watch SE.
Ah vindication, or at least satisfaction. For some time, I have been using and recommending the use of nonsense sentences as passwords.
Today I read in the Washington Post an article by Robert McMillan where he reviews the recent statements by Bill Burr who in 2003 wrote “the definitive go-to guide for federal agencies, universities and large companies looking for a set of password setting rules to follow.” He now says,“much of what I did I now regret.”

The gist of this article was;

1.Strong passwords need not be impossible to remember combinations of upper and lower case letters combined with numbers and symbols such as, )>0Let#A@!7
It has been calculated it would take hackers 550 years to crack, “correct horse battery staple” written as one word, as compared to 3 days to crack, “TrOub4dor&3.”

2.The second finding was that the advice to change your passwords every 90 days was erroneous. Unless you feel your security has been breached there is no need to change your passwords at all.

The other issue examined in this article is the persistent use of what we thought were smart random passwords based on Burr’s guidelines, resulting in a generation of widely used passwords such as; P*****wOrd or Monkey1. Or instances where demanding users change their password on a 90 day cycle resulted in changing Pa55word1 to Pa55word2. A practice Burr states, “does not keep hackers at bay.”

A recent study by Carnegie Mellon University’s researcher Lorrie Faith Cranor resulted in 500 of the world’s most commonly used passwords like, princess, monkey and iloveyou plus many unprintable examples. She had them printed onto a blue and purple shift dress which she wore to a 2015 White House cyber-security summit at Stanford University prompting much careful study and some embarrassment.

So, yes, use a password manager or a list of randomly generated passwords kept in your wall safe (or encrypted folder) but for day to day, often used passwords try nonsense sentences. They are easy to remember such as one I recently used for my computer Admin password, “My cats like two fish,” written as mycatslike2fish or, “rabbits4hatsthereare.” That’s 20 characters and with current technology would take longer than I am likely to live to crack.
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
Today I read in the Washington Post an article by Robert McMillan where he reviews the recent statements by Bill Burr who in 2003 wrote “the definitive go-to guide for federal agencies, universities and large companies looking for a set of password setting rules to follow.” He now says,“much of what I did I now regret.”

Very very interesting info Rod...thanks!:)

I have not read that article yet...will have to see if I can track it down. Only thing I see that I might question...is what was written way back in 2003 still 100% valid in 2018. A lot of things have changed since 2003...namely:

- Do hackers, crackers, etc now have more sophisticated tools to break passwords (most likely).
- Given the vastly increased performance of computers...hackers can probably crunch through numbers so much faster trying to break a password.

I don't disagree with the findings mentioned (nonsense statements can make great passwords). But maybe it's possible to break those passwords faster in 2018...than back in 2003. Maybe instead of 550 years to crack that password...maybe it's now 5 years. Which is still lots of time...and maybe more of a purely academic discusssion. But then that could also mean that the password that took 3 days to crack in 2003...might be crackable in less than an hour in 2018.

- Nick
 
Joined
Oct 16, 2010
Messages
17,498
Reaction score
1,542
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
But then that could also mean that the password that took 3 days to crack in 2003…might be crackable in less than an hour in 2018.


Not forgetting that no hacker is going to even bother spending any time deciphering any password if they don't think there's anything of value they could use somehow on that particular users Mac's account.




- Patrick
======
 

Rod


Joined
Jun 12, 2011
Messages
9,631
Reaction score
1,837
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 14.4.1, Mid 2010MacBook 13" iPhone 13 Pro max, iPad 6, Apple Watch SE.
I agree that hacking technology has no doubt advanced along with everything else and advice given in 2003 is no doubt outdated now. The survey of popular passwords though only dates to 2015 so replacing “password2” with something better is still relevant today. The point I was making is that a memorable password can be as good if not better than an unmemorable one and you don’t need to write it down which is a security risk in itself not to mention the possibility of losing it.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top