Teenager knows how to use the CLI to change password, and access my system


How can I lock my computer to unauthorized access? What good are passwords at OS X login if they can be circumvented with the CLI??? I'm a little ticked off right now. I've read somebody post something about Hardware password. Can anybody point me to where I can learn how to secure my system from unauthorized access please?
Are you asking about limiting your teen's internet use?
Or completely blocking them from your Mac, so they can't log in to anything?
Or, to keep them from viewing YOUR stuff, in spite of the fact that this Mac is the household's only computer?
Or - does your teen also have their own computer for their own use?
Teenagers can be so smart - when they want to be.

First - a Hardware password is used in a network setting (companies) with Windows PCs. It is done through the bios and only on specific models/makers.

Second - you don’t say if you want to block your computer wiz from the entire machine or just your user. Here’s an article that does give you some step by step methods.
Prevent break ins on your Mac
It looks like you may be offering just the info I need. The problem is that my boy has watched some youtube videos and now thinks he is above the law with his new discovered talent at using the CLI (command line interface) to discover and reset user passwords. I want to keep him from being able to restart the computer and get into the CLI so he can't discover what the passwords are, and so he cannot reset the passwords. He's already done it to my personal laptop, because "dad's" computer is better than everybody else's to use.

The question is whether the above info you linked to will keep my boy from being to reset the passwords by using the CLI? How could Apple just leave that open for anybody to break into a computer. As I understand, all my boy has to do to compromise my system is boot up with an OS X Install disk (in this case the Recovery HD partition on the system, activate the CLI, type in a couple commands, and then he has total access as an administrator to the computer upon restart and login.
All this password garbage at the OS X level is pure hot air. Without FileVault enabled, anybody can apparently access your system anyway. What a joke.
Apple does highly recommend using FileVault. It is up to the user to determine if they want the tighter security.

I’d love to see the face of your teenager when he finds out that he can’t hack into your computer. :)
No, FileVault isn't what protects everyone from accessing your stuff. It just encrypts everything in your home folder.
Which can be a desirable thing (like for you here), but you also will want to make sure your files are backed up somewhere else. Just in case.

But to keep him from inconveniencing you on your laptop, keep a good password, and change it periodically. Lower and upper case, numbers, special characters, maybe phrases with spaces... something said teenager can't guess, and that isn't in a dictionary.

Second, restrict his access.

Lock your laptop away physically when you are not using it, like in your room behind a locked door.

And go in System Preferences, and in the search field (top right) search for remote. You'll find a number of places to check and change if needed.
Like Remote Management. That should be off. Remote Login - off absolutely. And every single other item on that list (the only one that may make sense on is file sharing, but unless you particularly need that, leave it off. And no, it will not share ALL your files, only the ones that are in Shared Folder, and only if you have chosen to). Like Screen Sharing - off. Remote Apple Events - off. Et cetera. When those are off, he can't remote to your system to do any acrobatics.

Then, make sure he does not have an account on your computer.
You should have an account on your computer. You. Not him.

If there is an absolute need for an account for him on that computer, then a limited user. Definitely not an admin user, and since he has bad habits with computers, I would go a step further and create a managed account instead. Like the ones for children - and list only what apps he can use. Then turn every single annoying parental control on just because you can, so you'll have to approve his email senders and being sent, and his new chat buddies etc. If he would have an account on your system, and that account was an admin one (or he could guess the admin password, same thing), then well, he could have a way to do what he did.

That's where the Open Firmware password comes in. He can't change the passwords or boot the system as he pleases after that's set (but make sure only YOU know the OF password, AND do not lose it).

And one more thing. Since his command line acrobatics are annoying and inconveniencing you, AND you are his parent, set some rules. Every time he messes with your computer, there goes the weekly allowance (and phone credit and gas money or whatever else benefits he has). Three strokes, and his evening curfew time gets set to ten or eight (whatever inconveniences him) for the weekend, week, month (whatever suitable). Ten strokes - and it'll be time to look for a new roof to live under, or the car, bicycle, skiing tools (your pick, a major inconvenience. Car is good) goes away. Inconvenient for him? Tough luck. Set the rules, and if rules will be broken, there will be consequences (just like there will be when he's an adult and out of your house).