Password protection bypass

[pjaykelly]

I have Snow Leopard, and love it, but I have found a significant issue that I was wondering if any one else noticed. Is there a fix?

I have password protected picture folders specifically so that they are not viewable to the general public. Recently I was using the search history tool and entered the letter j - and lo and behold a password protected image showed up. Not cool.

I tested the folder and yes it was protected, but how can a "protected" file be accessed without the password? Can this be fixed?

 

[Doug b]

Yeah, I don't get that about OS X either. What you'll need to do is hide the folder entirely. But even that might not be 100% effective. There's an app called "hide folders" which works fairly well BUT the caveat is that if someone finds the actual application, as soon as they open it, they'll see the folder which is hidden then all they have to do is click on "show", which will then un-hide the folder. You can however pay for the pro version, which will password protect your "hidden" items. Probably a better idea.

Then, there's a free way to hide stuff. It relies on a terminal command. You basically put a period in front of the name of the directory you want to hide and it's hidden from view from anywhere. The way you access the folder is by opening Finder and going into the menu "go to folder" and then put the name of the hidden folder in with the "." in front of it.

HOWEVER.. this isn't 100% either. The problem is, you have to remember that before you do anything else, you should enter some other string of characters into the search box of the "go to folder" menu item so that the next time someone might go into it, it will display the last thing you entered.

Here's how to do it:

1) Open the Terminal (Applications -> Utilities -> Terminal). Type

mkdir .hidden

The command mkdir makes a new folder (make a directory) in your Home folder. You can change .hidden to anything you want, just as long as the period is in front.

2) Now navigate to your Home Folder. If you did things right, you should not see anything different!

3) In the Finder, go to Go -> Go to Folder, or hit Command-Shift-G. Type in

~/.hidden

and hit enter. Tada, this is your hidden folder! If you don't believe me, Command-Click on the folder name at the top of the window. This tells you the hierarchy of where the folder is nested on your hard drive. See? It's right above your Home Folder, meaning it's really in there! You can drag anything here - music, movies, documents, literally anything - treat it like any other folder. It has permissions, too. And anything you put in here will not show up in Spotlight.

4) If at any time you want to delete this folder, go back to the Terminal and type

rm -r .hidden

But beware, this deletes the folder and all of its contents.

Doug

 

[pjaykelly]

Thanks Doug. I appreciate your help!

 

[technologist]

I'm not sure exactly what pjaykelly is talking about, since there is no way to "bypass" the password security of the Mac. Unless you have a user account and password, you cannot even log into the Mac, and one user cannot access another's files.

Doug b's suggestion makes even less sense. Since the "hidden" folder is again protected by your user account, it cannot be accessed by other users even if it could be seen.

You are both using separate accounts, right? Because it makes no sense whatsoever to give the password to your main account to someone you don't trust. That would be like giving the keys to your brand-new car to a stranger and then worrying about the coins you left in the console.

 

[deus_ex_machina]

That would be like giving the keys to your brand-new car to a stranger and then worrying about the coins you left in the console.

That made me chuckle.

 

[Doug b]

I'm not sure exactly what pjaykelly is talking about, since there is no way to "bypass" the password security of the Mac. Unless you have a user account and password, you cannot even log into the Mac, and one user cannot access another's files.

Doug b's suggestion makes even less sense. Since the "hidden" folder is again protected by your user account, it cannot be accessed by other users even if it could be seen.

You are both using separate accounts, right? Because it makes no sense whatsoever to give the password to your main account to someone you don't trust. That would be like giving the keys to your brand-new car to a stranger and then worrying about the coins you left in the console.

Dude, what are you talking about ? In the REAL world, people tend to walk away from their computers and leave them on and all other kinds of scenarios. Obviously the OP asked about this for a REASON. And the solutions have been presented. What you're saying only applies to how a robot would manage their computer. People put their guard's down, and that's reality.

Doug

 

[chas_m]

Dude, what are you talking about ? In the REAL world, people tend to walk away from their computers and leave them on and all other kinds of scenarios.

If someone is dumb enough to walk away from a computer with embarrassing material on it and not activate a password-protected screensaver, why exactly should we care if they get caught?

There's a simpler solution to this, you know ... its called "don't put embarrassing material on a computer that other people have physical access to."

Also, the phrase "encrypted sparse disk image" is coming to mind for some reason.

 

[technologist]

Dude, what are you talking about ? In the REAL world, people tend to walk away from their computers and leave them on and all other kinds of scenarios. Obviously the OP asked about this for a REASON. And the solutions have been presented. What you're saying only applies to how a robot would manage their computer. People put their guard's down, and that's reality.

Which is why you should use the security features that are built in, and not try to rig up your own. Because when you do, you'll spend a lot more time and effort, but you'll do a lousy job of it.

The security features in OS X (User accounts, the Guest account, Fast User Switching, Screensaver passwords) are built in. They're already there, you just turn them on and use them. Really, really, easy. You don't have to be a "robot" or a paranoid CIA agent. Just flip them on and forget them. All you have to remember is your password, which you have to remember anyway.

People seem to think that it must be easier to use bad security than to use good security. It must be easier to do it all yourself than to use what others have done for you. This is wrong. You'll end up as confused as the OP, trying to build from scratch what people have been working on for forty years now and wondering why it doesn't work right.

 

[Doug b]

Which is why you should use the security features that are built in, and not try to rig up your own. Because when you do, you'll spend a lot more time and effort, but you'll do a lousy job of it.

The security features in OS X (User accounts, the Guest account, Fast User Switching, Screensaver passwords) are built in. They're already there, you just turn them on and use them. Really, really, easy. You don't have to be a "robot" or a paranoid CIA agent. Just flip them on and forget them. All you have to remember is your password, which you have to remember anyway.

People seem to think that it must be easier to use bad security than to use good security. It must be easier to do it all yourself than to use what others have done for you. This is wrong. You'll end up as confused as the OP, trying to build from scratch what people have been working on for forty years now and wondering why it doesn't work right.

Hey, that's really nice and all, and I really appreciate the poor rep mark as well, especially considering that all I said was geared towards helping the OP achieve WHAT HE ASKED. I never stated that he shouldn't take other measures, because perhaps he's already aware of those things.

My attitude in all of this is actually very neutral, and only meant to serve one purpose: to answer the OP's question. I didn't want to presume that he/she didn't already know about the password protected screen lock or similar features. I didn't even bother to ponder whether or not the OP would find it irritating to have to lock and unlock the screen every time they went to the bathroom, and neither did you apparently.

The question was specific and I answered it as such. And I'm not entirely sure that you should be speaking for someone else in terms of whether or not they'll do a good or bad job when it comes to 'rigging' their own security. In this case, it's not even rigging. You make it sound like there are hoops to jump through, where in fact it's a simple command line entry to get you from point A-B, and then up to you if it will suit your purposes.

You're mistaking different security measures for bad ones. Hardly the same. And yeah.. I actually DO understand the features you're speaking of. But it's hardly the point of what the OP was asking. The only dangerous attitude is that of one who thinks there's only one way to skin a cat.

Lastly, I never advised anyone to NOT use anything. Please don't create scenarios which aren't true. This is exactly why I feel the rep system can be abusive at times. People make things up which aren't true, and you get rep'd for it. But it's all good, see my Sig.

Respectfully,

Doug