OSX is a strong and secure system. Until you realize there is a feature called ‘single user login’… which virtually grants you ROOT access, provided that you have physical access to the target machine.
- Boot the system.
- Press CMD + S.
- You should get a bash shell, with ROOT permissions.
That sucks, pretty much. There is just no single password screen. If you have the machine, you can access its files. How do we prevent this????.
In Lion, and Mountain Lion…:
- Open Terminal and type:
[cc lang=”bash”]defaults write com.apple.DiskUtility DUDebugMenuEnabled 1[/cc]
- Open DiskUtility and choose “Show every partition”, from the ‘Debug’ menu you have just unlocked.
- Mount the ‘Recovery HD’ hidden partition.
- In Terminal, type:[cc lang=”bash”]open /Volumes/Recovery\ HD/com.apple.recovery.boot/BaseSystem.dmg[/cc]
- In the BaseSystem DMG you’ve just mounted, locate: Applications/Utilities.
- Launch ‘Firmware Password Utility’, and simply follow the instructions.
That should, at the very least, enhance a little bit your security.