Point of interest generated from http://www.antionline.com/showthread.php?s=&threadid=272990

Is changing the root password on OSX a good thing to do(security-wise)? I have always accessed root by sudo using my own password. I had assumed it was locked down for the betterment of all OSX users, not just non-power users.

Any comments?

Cheers,

Al

Well, depends on how your Mac was set up. You may or may not have a password for the root account. If you follow the instructions provided in that other thread, you can change it to something more secure than blank or whatever was done at install. And then don't use it unless you must.

Most of the people I've come across with Macs running OSX are just running in root mode with no password. They didn't set up a user account. I've heard sales droids at Mac stores tell new laptop buyers that the OS firewall was turned on and that was all they needed. Macs were secure by default, they said.

Just plain scarey.

It is wise to change blank/default passwords as the bad guys know them and you are just asking for trouble if you do not.

Write the password down and keep it in a safe place.

:)

Thats interesting... at my old job, the seasoned sysadmins were setting a root password on their macs because they reported, by default, there is no password for root... the account is locked by the OSX user administration GUI which is different from the underlying Unix...

Also, on installation, you are required to create a user... I am using Tiger, maybe this is different from Panther?

*ping* Are there other day to day Mac users on this forum?

Write the password down and keep it in a safe place.

nihil - I agree to disagree!

alleyCat: Make the password so complex and long that you cannot remember it, and make sure that you don't write it down (this could lead to a leak of the password and you'd end up in big trouble)! :)
I use my iMac quite often - not every day, but almost. I spend more time on Linux or my M$ laptop, but I do know my way around it quite well - so if you've got any questions, I'll try to help you out. ;)

And as for the original question: as the others have said, set one. This ensures that no other users on your Mac are able to change key settings without your permission (technically root permission), and it will make a cracker's job much more difficult to break into your system.

Cheers,

-jk

J_K9

nihil - I agree to disagree!

You missed the point.....................I specified a "safe place " If your physical security is compromised then you have bigger worries than your root password. :D

It is common practice in commerce, industry etc. to have the master password written down and placed in a sealed envelope in the responsible director's safe.

I actually have some very scary news for you:

The launch codes for the US and UK thermonuclear arsenals are actually written down and kept in a safe place.

;)

nihil: I think you missed the point of J_K9's comments: he wants me to forget my root password too...

Hi alleyCat

No, I did see the irony...............hey, if you can't use it, neither can "they" :D

hehe no worries... I guess if I didn't have the password it would kinda be hard to change if I did get externally hacked.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=272994#post880645) by nihil
You missed the point.....................I specified a "safe place " If your physical security is compromised then you have bigger worries than your root password.

That's for sure ;)

It is common practice in commerce, industry etc. to have the master password written down and placed in a sealed envelope in the responsible director's safe.

What if they crack the safe? :D

I actually have some very scary news for you:

The launch codes for the US and UK thermonuclear arsenals are actually written down and kept in a safe place.

Thank you for that extra bit of knowledge I just gained - although I did expect it. alleyCat, as nihil suggested, that is the best thing to do - not mine which involved forgetting an immensely long and complicated pass and not writing it down....heh!

One last thing nihil - weren't there some missiles whose launch codes were 0000 or something? :eek:

Hmmm,

What if they crack the safe?

Once again, that is the balance between physical and electronic security? They would still need to get into the computer room and know how to operate the box. Also the security compromise would be pretty obvious.

One last thing nihil - weren't there some missiles whose launch codes were 0000 or something?

Yes, actually this is not surprising or scary. You are talking about battlefield/tactical weapons and those dropped from aircraft. You are already at defcon 1 in that situation.

:)

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=272994#post880706) by nihil

Once again, that is the balance between physical and electronic security? They would still need to get into the computer room and know how to operate the box. Also the security compromise would be pretty obvious.

I know - I was just kidding . They'd have to break into the place first anyway ;)

Yes, actually this is not surprising or scary. You are talking about battlefield/tactical weapons and those dropped from aircraft. You are already at defcon 1 in that situation.

Ah ok - I thought they were ground-launched ones. :D

Just to set the record straight.

The Root user account in OSX is disabled by default. To do anything as Root, you either need to enable the Root account (not recommended) or use the SUDO command to allow an Admin privileged user to perform Root functions.

Whenever an OSX machine is first setup, the initial user is an Admin account and NOT Root. This is a much safer configuration. Of course there are always additional areas to improve with OSX security such as enabling secure memory mode in the Security preference pane and enabling a password protected screensaver. Oh, yes, use a strong password and don't write it down.

:rolleyes:

I keep seeing a theme in AO threads by new(er) members. The trend is that most people believe that password cracking is a rampant problem (and must be defended against at all costs), when in reality, it is not. There are soooo many easier ways to compromise and steal these days. Who needs to crack passwords?

Just like street level criminals, cybercriminals (yep, another coined phrase) are looking for targets of opportunity. They will always gravitate towards the easiest targets unless there is a very specific motive for targeting your host, i.e., there is something unique on there that has tremendous value to the said cybersleeze.

Also remember that most home users don't have many things worth the effort of grinding passwords remotely (very noisy process). And, if a bad guy does get physical access you're pwned - period. No need to crack a damn thing so password complexity is useless in this case.

Anyway, just a thought completely off topic but sparked by several comments in this thread. Now, back to your regularly scheduled program.

:)

--Th13

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=272994#post880757) by thehorse13
I keep seeing a theme in AO threads by new(er) members. The trend is that most people believe that password cracking is a rampant problem (and must be defended against at all costs), when in reality, it is not. There are soooo many easier ways to compromise and steal these days. Who needs to crack passwords?

I agree TH13.

There are many techs (myself included) who are paranoid about their personal systems security... and while it may not be needed at this minor level, I think its a healthy thing to desire the most secure personal configuration... Its about developing good habits.

EG: A dentist didn't brush his own teeth... would you listen to him when he told you to brush? Would you even really want him working on your teeth?

Al