|
#1
November 13th, 2003, 02:02 PM
| ||||
| ||||
| HowTo-Secure Your Password in Panther From; http://www.apple-x.net/modules.php?o...rder=1&thold=0 If you upgraded to Panther, here's how to fix your password security. One of the biggest problems with account security in OS X in 10.2.x and lower was that the passwords were not truly shadowed and only paid attention to the first 8 characters of the password you entered. Not exactly a good thing. While we didn't hear a lot about this fact, and in truth, there wasn't a lot of info about it available, especially if you were not in certain very specific parts of the hacker scene, it could lead to some pretty major security problems. Luckily, Apple fixed this problem in Panther. If you did a clean install of Panther, then the problem is already fixed for you, no problem. The password now recognizes more than the first 8 characters entered and is stored using real unix shadowing. However, if you did an upgrade, then the old problem persists on your box. Let's fix that right now, it's real simple and a no brainer. It shouldn't take more than a couple of seconds and you won't even have to touch the terminal, unless you want to of course  For those of you who do not like playing around with the terminal or just prefer using GUI tools when possible, launch your System Preferences application. Next, choose the Accounts applet, which will bring you to the users and account editing screen. Click in the top password box and type any character. This will cause Panther to authenticate you. Enter your password in the authentication box that pops up. Once you have been authenticated, replace the password in the boxes with either a new password, or your old one. This will cause Panther to reset your password and by doing so, it will use the updated system features to do so. Close System Preferences. You're done. For those of you who like the terminal, launch it and use the passwd program to reset your password. If you don't know how to do this, then view the passwd man entry, i.e. [DaveG@DaveG]~$]man passwd. Example: [DaveG@DaveG]~$]passwd [enter] changing password for DaveG Old password:MyPassword [enter] New Password:NewPassword [enter] Retype new password:NewPassword [enter] [DaveG@DaveG]~$] To break this down simply, everything that has been emphasized is what this program puts on the screen. [enter] means you should hit the enter/return key on your keyboard. *MyPassword* is your current password and *NewPassword* is the password you are entering now. All text except for the command prompt, i.e. [DaveG@DaveG]~$] that is not emphasized is what you enter. That's all it takes, and now your system is using full passwords and proper password shadowing for you account. If you have other accounts on your box, you will want to do the same thing for those accounts as well. Enjoy your more secure Mac.
__________________ Last edited by bobw; November 13th, 2003 at 05:32 PM.  |
|
#2
November 13th, 2003, 03:51 PM
| ||||
| ||||
| Also, don't use some dumb password like love or your first name -- mix it up. And have a few different passwords: one for low security and two for high security, so if someone hacks your spam hotmail account they can't log into your bank site and transfer all your money away. To come up with a good password one of the best thing's to do is take a song or poem or saying, something you can remember easily, and make an acronym out of the first few letters, or even better the second through seventh words of the fourth verse. That way to remember the password all you do is hum the song, and it will be real hard for someone with a brute force cracker to dictionary your password. For a little more security throw a # or a ^ in there somewhere too. And don't write it down! Someone could find it!
__________________ iMac G3 600Mhz, 256MB RAM, 40GB HD, 10.3.5 20GB iPod (Click Wheel) w/ Griffin iTrip // AIM:kjell05 |
|
#3
November 13th, 2003, 06:32 PM
| ||||
| ||||
| Also, in Keychain Access if you choose to change your keychain password (Edit -> Change Password for Keychain "xxx…") you'll notice a little button with an "i" on it. Click this button then enter your current password. When you enter your new password, this Password Assistant will rate the security of your password. It will notify you if the password is in the dictionary or is a variant on a word in the dictionary. My password is only 8 characters, and thus only rates a 56%… Last edited by cybergoober; November 13th, 2003 at 06:34 PM. Reason: fixed spelling errors |
|
#4
November 14th, 2003, 12:51 PM
| |||
| |||
| Add this Hi Bob, Good info, you might want to add this to your post http://discussions.info.apple.com/We...10@.599bcfe2/0 |
|
#5
November 14th, 2003, 09:13 PM
| ||||
| ||||
| And if you enabled the root account... do the same thing for root...
__________________ TommyWillB Intel iMac 250GB external drive TommyWillB.com hosted on Mac OS X 10.4.x / Apache 1.3.x / PHP 4.x |
