This article originally appeared in TidBITS on 2006-10-30 at 12:00 p.m.
The permanent URL for this article is:
Include images: Off

Understanding Mac OS X's Login Passwords

by Joe Kissell

One of the most striking things I noticed when switching from Mac OS 9 to Mac OS X years ago was how frequently the operating system asks me for a password. I've gotten used to this by now, but it's taken me a while to understand what all the different passwords are for, how they work, and how I should select them. Not counting the hundreds of passwords I have for Web sites, I must keep track of login passwords for each of my user accounts, a firmware password, a master password, a root password, and passwords for file sharing, wireless networks, and my keychains. Even a propellerhead like myself can often find that array of passwords confusing.

In this brief excerpt from my new ebook, "Take Control of Passwords in Mac OS X [1]," I look at just one of these password types: the login password. For many of us, it's the password we're asked to supply most frequently, and it's one cause of significant confusion and grief among Mac users.

User Accounts -- Every computer running Mac OS X has at least one user account - a means of identifying the person using the computer at any given time. Using the Accounts preference pane, you can set up additional users on your computer if you wish. Each user gets a separate virtual (and private) space in which to work; this includes access to the user's own preferences, documents, and Finder settings. The password associated with a user account is called the "login password." It's what you use to log in, thus gaining access to your personal space, but it has other uses too (as I explain a bit later).

When you set up a new Mac or install Mac OS X for the first time, you're asked to enter your real name, a user name (typically shorter than your real name; all lowercase and without spaces), and a password. In so doing, you set up a user account for yourself with administrator privileges - meaning that you have the authority to add and delete other user accounts, make changes anywhere on your disk, and install and run any application. Every Mac has one or more administrator accounts. The login password for such an account is also known as an "administrator password." Mac OS X asks you for an administrator password when you take certain actions that can have far-reaching consequences - for example, installing or using software that makes changes to the /Applications, /Library, or /System folder.

Choose and Set a Login Password -- Your login password not only identifies you but also protects a variety of resources (such as your personal files), so it's clearly a security password. (I describe "security" passwords, as distinguished from "identity" passwords that serve merely to identify you, in full detail in the ebook.) This implies it should be at least 10 or 11 characters long and should follow the rules for secure passwords - using a combination of numbers and capital and lowercase letters, avoiding words in the dictionary, and so on. However, if you use a different password for your keychain, you can get away with a less secure login password - and you may wish to do this, because you'll be entering it often and because administrator passwords can be circumvented so easily (see "Reset an Administrator Password," ahead).

To change your login password, go to the Accounts preference pane, click the lock icon at the lower left to "authenticate" (to identify yourself with a user name and password), and select your name in the list on the left. Click Change Password, fill in the appropriate fields, and click Change Password again.

Use Your Login Password -- You enter your login password when you log in to your Mac OS X account (which may happen automatically when you turn on your computer); this gives you access to all your personal files and settings until you log out or turn off your computer.

Entering an administrator password at login doesn't unlock every protected resource for the entire time you're logged in, as you might expect. You must, in general, enter it again every time you do something that makes changes outside your home folder (/Users/your-user-name). Note that if you're currently logged in as a non-administrator and you're asked to supply an administrator password, you must also enter the administrator's real name or user name in the Name field.

The default settings for when your login password is required are not very secure. For example, if you walk away from your computer for a few minutes, someone else could sit down and access any of your files. If you live alone in a house in the country, that's hardly a concern; however, if you do most of your work on your laptop in crowded city cafes, you probably want as much extra security as you can get. So, given the environment in which you use your computer, you should consider whether additional security is advisable.

Each of the following options that you change from the default will result in your being asked to enter your password more frequently, but with a corresponding increase in security:

Note that the remaining options apply to all users on the computer, not just your own account.

Reset an Administrator Password -- I have some good news and some bad news. The good news is that if you forget your administrator password, you can reset it without much difficulty; the bad news is that this very fact makes administrator passwords relatively insecure, because anyone else can do the same thing. However, you can minimize this risk by setting a firmware password and physically locking your computer with a security cable (both are described in more detail in the ebook).

If you know the password of the administrator that was configured when Mac OS X was first installed (the "original" administrator, which Mac OS X sometimes treats in subtly different ways from other administrators), you can change any other administrator password by following these steps (which work similarly for changing other login passwords, though it's generally best left to other users to change their own passwords):

  1. Log in as the original administrator.
  2. Open the Accounts preference pane. If the lock icon is closed, click it and enter your administrator password to authenticate.
  3. Select an administrator and click Reset Password.
  4. Enter (and repeat) a password, and optionally enter a hint.
  5. Click Reset Password.

If your machine has just one administrator account (the original one), you can reset its password as follows:

  1. Put your Mac OS X Install CD or DVD in your optical drive and restart with the C key held down (to boot from the optical disc).
  2. Click through the language selection screen. Then choose Utilities > Reset Password.
  3. Select your usual startup disk. Then, from the pop-up menu below the volume list, choose the user whose password you want to reset. (Do not choose "System Administrator (root)," which represents an entirely different account!)
  4. Enter (and repeat) a new password, and optionally enter a hint. Click Save, and then click OK.
  5. Choose Reset Password > Quit, and then Installer > Quit Installer. Click the Reset button to restart from the hard disk.

Once you've done this, you'll still be prompted to enter a password for your login keychain. If that password was the same as your login password - meaning it too is forgotten - you'll have to delete that keychain, make a new one, and set that keychain as the default.

Login's Run -- It's important to understand how the login password works, because it's typically the first line of defense against unwanted access to your private data, misuse of your computer, and installation of malware. But the login password is only one of numerous passwords that affect your daily Mac usage. I cover the rest, along with full discussion of how keychains work, the Keychain Access utility, third-party password utilities, and ways to generate secure passwords in "Take Control of Mac OS X Passwords [2]," a 96-page ebook available now for $10.