Resetting login password on a Macintosh


Due to a problem encountered by a friend recently when trying to deal with a lost admin password on a relative's Macintosh, I had occasion to revisit the topic of resetting Macintosh passwords. This is both an interesting tip, and a cautionary tale for those with important data on their computers.

First, the tip. If you lose your password on your Macintosh and need to reset it, you can boot your Mac from the install disks that came with it or your most recent OS install disk (use whichever matches your current OS).

Once you've booted and answered the installer language question, go to the Utilities menu and select "Reset Password...". This will let you reset the password for any account.

It's important to note that if you do this, and you don't know your account password, you'll likely as not end up having to reset your keychain to nothing, since that password is usually based on the login password. If you're sure you can't remember it, you'll have to follow the instructions in this Apple Technote on Resetting Keychains to reset or delete it.

Warning

Now that you know how easy it is to reset the password on an account (with admin privileges, no less), you realize that the data on your Macintosh isn't very safe if it's only behind that wall. What should you do to protect it further? Two things. First, if you want to lock down your passwords so that they can't be changed this way, you can enable the OpenFirmware password (the name is a bit of an anachronism, since the newer Intel Macs don't actually have OpenFirmware, but no matter). To do this, follow the instructions in the Apple Technote about Open Firmware Passwords.

Alas, this will be a good attempt, right up until you have somebody who's willing to open up the machine (except on the MacBook Air). Once they've opened it, they can reset the password. It's tricky and I'm not going to make it any easier by explaining it, but don't think it's secure.

If you have data that is important enough to keep secret, you should consider either using a secure disk image, or investigate using whole-disk encryption, such as that available with PGP.

Update

Since this was originally written, Apple has introduce FileVault 2, which includes Full Disk Encryption and has a negligible impact on performance, especially with recent CPUs or T2 chips. I strongly encourage everyone to use FileVault 2 encryption and to save your recovery key in a safe place.