Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Understanding Mac OS X's Login Passwords

One of the most striking things I noticed when switching from Mac OS 9 to Mac OS X years ago was how frequently the operating system asks me for a password. I've gotten used to this by now, but it's taken me a while to understand what all the different passwords are for, how they work, and how I should select them. Not counting the hundreds of passwords I have for Web sites, I must keep track of login passwords for each of my user accounts, a firmware password, a master password, a root password, and passwords for file sharing, wireless networks, and my keychains. Even a propellerhead like myself can often find that array of passwords confusing.

In this brief excerpt from my new ebook, "Take Control of Passwords in Mac OS X," I look at just one of these password types: the login password. For many of us, it's the password we're asked to supply most frequently, and it's one cause of significant confusion and grief among Mac users.

User Accounts -- Every computer running Mac OS X has at least one user account - a means of identifying the person using the computer at any given time. Using the Accounts preference pane, you can set up additional users on your computer if you wish. Each user gets a separate virtual (and private) space in which to work; this includes access to the user's own preferences, documents, and Finder settings. The password associated with a user account is called the "login password." It's what you use to log in, thus gaining access to your personal space, but it has other uses too (as I explain a bit later).

When you set up a new Mac or install Mac OS X for the first time, you're asked to enter your real name, a user name (typically shorter than your real name; all lowercase and without spaces), and a password. In so doing, you set up a user account for yourself with administrator privileges - meaning that you have the authority to add and delete other user accounts, make changes anywhere on your disk, and install and run any application. Every Mac has one or more administrator accounts. The login password for such an account is also known as an "administrator password." Mac OS X asks you for an administrator password when you take certain actions that can have far-reaching consequences - for example, installing or using software that makes changes to the /Applications, /Library, or /System folder.

Choose and Set a Login Password -- Your login password not only identifies you but also protects a variety of resources (such as your personal files), so it's clearly a security password. (I describe "security" passwords, as distinguished from "identity" passwords that serve merely to identify you, in full detail in the ebook.) This implies it should be at least 10 or 11 characters long and should follow the rules for secure passwords - using a combination of numbers and capital and lowercase letters, avoiding words in the dictionary, and so on. However, if you use a different password for your keychain, you can get away with a less secure login password - and you may wish to do this, because you'll be entering it often and because administrator passwords can be circumvented so easily (see "Reset an Administrator Password," ahead).

To change your login password, go to the Accounts preference pane, click the lock icon at the lower left to "authenticate" (to identify yourself with a user name and password), and select your name in the list on the left. Click Change Password, fill in the appropriate fields, and click Change Password again.

Use Your Login Password -- You enter your login password when you log in to your Mac OS X account (which may happen automatically when you turn on your computer); this gives you access to all your personal files and settings until you log out or turn off your computer.

Entering an administrator password at login doesn't unlock every protected resource for the entire time you're logged in, as you might expect. You must, in general, enter it again every time you do something that makes changes outside your home folder (/Users/your-user-name). Note that if you're currently logged in as a non-administrator and you're asked to supply an administrator password, you must also enter the administrator's real name or user name in the Name field.

The default settings for when your login password is required are not very secure. For example, if you walk away from your computer for a few minutes, someone else could sit down and access any of your files. If you live alone in a house in the country, that's hardly a concern; however, if you do most of your work on your laptop in crowded city cafes, you probably want as much extra security as you can get. So, given the environment in which you use your computer, you should consider whether additional security is advisable.

Each of the following options that you change from the default will result in your being asked to enter your password more frequently, but with a corresponding increase in security:

  • Sleep and screen saver: Normally, your login access remains active when your computer's screen saver activates or when the computer goes to sleep; waking up the computer puts you right back where you were before. However, you can require entry of your login password when the computer wakes from sleep or when the screen saver deactivates, to make your data safer if you're away from your computer for a while. To require a password in both situations, go to the Security preference pane and check Require Password to Wake This Computer from Sleep or Screen Saver. If you use your computer only in a setting where you need not worry about someone else walking up to it and accessing your accounts, leave this disabled; in other situations, I recommend enabling it.

  • Keychain password: By default, your login password is also used as your keychain password, which means your keychain is unlocked automatically when you log in. To prevent this, you can change the keychain's password. Because the keychain password is particularly valuable, I recommend that all users change it to be different from their login password. To accomplish this, launch the Keychain Access utility, select the keychain, and choose Edit > Change Password for Keychain "keychain-name".

Note that the remaining options apply to all users on the computer, not just your own account.

  • Automatic login: By default, Mac OS X logs you in automatically when you turn on or restart your computer. If your computer is in a secure place where no one but you can access it, that's probably fine; otherwise, it's wise to disable automatic login (so that the login window appears every time the computer starts up). You can do this in the Accounts preference pane: click the lock and authenticate with an administrator password; then click Login Options and uncheck Automatically Log In As. Or, in the Security preference pane, simply check the Disable Automatic Login checkbox. In general, laptops should always have automatic login disabled; for other computers, the choice depends on whether anyone you don't completely trust has physical access to your computer.

  • Automatic logout: When your computer goes to sleep or the screen saver activates, you're still logged in, and any applications or documents you had open remain so (even if a password is required when the computer or display wakes up); this can potentially increase your vulnerability to certain kinds of network-based attacks. To take security one step further, you can have Mac OS X log you out automatically after a period of inactivity; all programs running under your user account will quit. To activate this feature, go to the Security preference pane and check the Log Out After __ Minutes of Inactivity checkbox. Enter the desired number of minutes before automatic logout in the field provided. For most users, enabling this setting is unnecessary, but it may be useful for computers kept in highly public places.

  • Secure system preferences: Several preference panes contain settings that affect all users' accounts and potentially have security implications for all users. To make it harder for an unauthorized user to modify these settings, you can require that an administrator password be used to unlock each pane individually. (The default setting is that unlocking one pane unlocks them all.) This setting is useful primarily for computers shared by many people, such as in schools and libraries. To activate this feature, go to the Security preference pane and check Require Password to Unlock Each Secure System Preference. The affected preference panes are Accounts, Date & Time, Energy Saver, Network, Print & Fax, Security, Sharing, and Startup Disk (and some third-party preference panes).

  • Login window as list: When the login window appears, it normally displays a list of all the computer's users, each with an icon; you can click one of them and enter a password to log in. Alternatively, the login window can display two empty fields, one each for user name and password; this makes it harder to break in, because the intruder has to guess not only a valid password but a valid user name as well. To switch the login window from a list to name and password fields, go to the Accounts preference pane, authenticate if necessary, and click Login Options. Then select the Name and Password radio button. Displaying the login window as name and password fields is a good idea for laptops and for situations where more than a handful of people have user accounts.

  • Password hints: After a user tries to enter a login password three times in a row without success, Mac OS X displays that user's password hint (if one was entered). Because these hints can also help an attacker figure out someone's password, you can disable their display. To do this, go to the Accounts preference pane, authenticate if necessary, and click Login Options. Then uncheck Use Password Hints. For even greater security, I suggest not using password hints at all.

Reset an Administrator Password -- I have some good news and some bad news. The good news is that if you forget your administrator password, you can reset it without much difficulty; the bad news is that this very fact makes administrator passwords relatively insecure, because anyone else can do the same thing. However, you can minimize this risk by setting a firmware password and physically locking your computer with a security cable (both are described in more detail in the ebook).

If you know the password of the administrator that was configured when Mac OS X was first installed (the "original" administrator, which Mac OS X sometimes treats in subtly different ways from other administrators), you can change any other administrator password by following these steps (which work similarly for changing other login passwords, though it's generally best left to other users to change their own passwords):

  1. Log in as the original administrator.
  2. Open the Accounts preference pane. If the lock icon is closed, click it and enter your administrator password to authenticate.
  3. Select an administrator and click Reset Password.
  4. Enter (and repeat) a password, and optionally enter a hint.
  5. Click Reset Password.

If your machine has just one administrator account (the original one), you can reset its password as follows:

  1. Put your Mac OS X Install CD or DVD in your optical drive and restart with the C key held down (to boot from the optical disc).
  2. Click through the language selection screen. Then choose Utilities > Reset Password.
  3. Select your usual startup disk. Then, from the pop-up menu below the volume list, choose the user whose password you want to reset. (Do not choose "System Administrator (root)," which represents an entirely different account!)
  4. Enter (and repeat) a new password, and optionally enter a hint. Click Save, and then click OK.
  5. Choose Reset Password > Quit, and then Installer > Quit Installer. Click the Reset button to restart from the hard disk.

Once you've done this, you'll still be prompted to enter a password for your login keychain. If that password was the same as your login password - meaning it too is forgotten - you'll have to delete that keychain, make a new one, and set that keychain as the default.

Login's Run -- It's important to understand how the login password works, because it's typically the first line of defense against unwanted access to your private data, misuse of your computer, and installation of malware. But the login password is only one of numerous passwords that affect your daily Mac usage. I cover the rest, along with full discussion of how keychains work, the Keychain Access utility, third-party password utilities, and ways to generate secure passwords in "Take Control of Mac OS X Passwords," a 96-page ebook available now for $10.


PDFpen and PDFpenPro 9 add 100+ enhancements to improve your PDF
editing experience, with annotations, Tables of Contents, and more
export options. For PDF reviewing, editing, signing, redacting and
exporting, PDFpen has you covered. <>