How secure is OS X login?

I want to have my ibook's harddrive upgraded. This means handing my ibook over to someone for a few days. If my admin and user accounts are secured with really strong passwords (a strong password consisting of all the following: lower case, uppercase, 2 numbers, and two special characters, of at least 8 characters long) is my hard drive secured from exploitation?
I'd like to wipe out all the passwords saved in all my browsers (icab, firefox, explorer, Opera, and probably some old version of Netscape), but I don't know where they're stored. Are they all in keychain?
I don't want to wipe my harddrive because of the 200 audio books in iTunes. I just do NOT want to re down load all those again.

If you don't use FileVault, anybody who has your computer can copy all the files without leaving any traces. They will not, however, be able to get your passwords from your keychain unless they know your password, because the passwords are encrypted in the keychain file. All new browsers should keep passwords in the keychain file, but some might store them unencrypted, in other locations. If the documentation doesn't say, you could test by moving your keychain file, and see if the browser can still produce the passwords when needed. If it can, it is not using the keychain.

Similar Messages

  • How secure is Internet over cell service?

    Based on this thread about using iPhone as a service for credit card swipe
    http://discussions.apple.com/thread.jspa?messageID=6657727&#6657727
    It seems personal financial data transferred over cell network isn't secured. It makes me wonder how secure is it to login to credit card or on-line bank website from iPhone?

    Same as any other iPad or iPhone. 
    There has been no malware that I have heard of on the iPad.
    I would say it is very safe.  I buy on the inernet all the time.
    Optional: for a minor improvement in security, change your DNS server to Google
    You could change your DNS server to Googles. I use Google.
    Google provides free dns lookup.  Their numbers are:
    8.8.8.8
    8.8.4.4
    http://discussions.apple.com/message.jspa?messageID=5908432#5908432
    Robert

  • IPhone Security: How secure is the iPhone?

    We just purchased iPhones for our family. However, I have a question regarding cyber security on these devices.
    Specifically, we have the phones set up to access our MobileMe accounts, and thus the MobileMe password is part of our iPhones. This leads to two questions:
    1) If someone acquires our phones, can they easily reverse engineer the phone to determine our MobileMe passwords?
    2) When we use various free wireless services (for example, while travelling at airports), how secure is the password data as it is passed from our iPhones to MobileMe over the RF spectrum? Could someone easily “listen in” to the communication and sniff out the passwords?
    It’s not that crucial now since it is just our MobileMe account, but I would like to use my iPhone for work e-mail and am not sure if this is safe or not.
    In addition to these questions, any advice, comments, or other sources on iPhone security would be greatly appreciated.
    Thank you very much for sharing your expertise!!!

    CharPatton wrote:
    2) When we use various free wireless services (for example, while travelling at airports), how secure is the password data as it is passed from our iPhones to MobileMe over the RF spectrum? Could someone easily “listen in” to the communication and sniff out the passwords?
    It depends on what the website does, and the rules are the same as using a wifi laptop:
    A) If a site uses regular HTTP with no encryption, any text data can be intercepted.
    B) Using HTTPS encryption like banks do, data can be sniffed but cannot be read unless a sophisticated hacker can unencrypt the sniffed data.
    C) Using a secure VPN for your iPhone (like HotSpot Shield), you can encrypt traffic between the iPhone and the VPN service so that all your communications are secured regardless of what the website does.
    I don't have a MobileMe account, so I don't know whether they layer any encryption over the login, but if they're like many sites, they probably do. As for what happens after login, this article is not very encouraging if the info is still current. That is why I use a VPN.

  • How to redirect user from login page to "Set Challenge question" page

    How to redirect user from login page to "Set Challenge question" page (NOT custom page) after 3 un successful password attempts?
    Meaning when user types wrong password 3 times they will be redirected to set Challenge question page. If user answers the challenge question then password reset page should be appeared other wise (after remaining 3 un successeful challenge question answers) account should be locked out.
    thanks for your help.

    hi sandeep
    Thanks for your answer. Let me ellaborate more on the requirement here.
    - Password Policy and Lost Password management are set up in the identity system
    - Configure login tries allowed= 5. Verify accout is lock out after 5 unsucessful login.
    This is what need to achieve.
    1) If a user attempts to login 3(not 5) times using an incorrect login credential he/she should be redirected to set challenge question (security question) page.
    2) Then if the user attempts (remaining) 2 times incorrect challenge answer then his/her account should be locked out.
    3) If he/she answers the challenge answer correctly then he/she should be redirected to password reset page.
    Is this possible?

  • How secure is this?

    Ok, my program is designed to append a few strings representing credit card details, encrypting, and storing in mysql.
    the encryption details are:
    iterations: 19
    8byte salt value
    encryption type = PBEWithMD5AndDES
    the key itself is stored in mysql, and is an md5 copy of my clients password. When data is put into the database, this key is grabbed from mysql, however for my client to view the cc details, they need to enter their password in a non-md5 format. My program will then convert this to md5 to produce the same key as is used to put info in the database.
    How secure does this sound?

    I know this but i am stuck here. My situation is: i
    am a host, my clients have online shops, where they
    sometimes want to store the customers CC details. my
    clients log in to their admin using their username
    and password, and i keep a copy of their md5 password
    in my database, and obviously my login script turn
    their password into md5 to check against the
    database.
    But when a customer orders something from my client,
    a php script gives me the clients userid,Wide open! Based on this, any user id for any client will do!
    so i can
    check against the data in teh database and know where
    to put the encrypted data. It would be insecure for
    the php script to hold information about theclients
    password.
    Also, how many bits would my algorithm be?I once worked for a big bank that hired security consultants to look at security weaknesses. You should do the same.

  • Anonymous FTP, How Secure?

    All,
    I am sending file to Anonymous FTP server from SAP. I like to know how secure Anonymous  FTP regarding files.
    By using Anonymous FTP, i think we don't need any password.
    In this case, anybody in the network can access the file.
    Please give your inputs.

    U can configure the FTP to ask for login and password while accessing it. If it do not ask any uname/password, then it is called anonymous login. If FTP is configured for prompting username and password, then "Anonymous Login" checkbox is unchecked
    Or
    this is a guet User ID
    the anonymous login will use to have User ID as "anonymous" and enter the password as anything (any password will work).
    this will always have guest permissions and will not be able to temper any of the data without permission.
    the administrator can assign the required permissions and roles to this user ID.
    Reward points..

  • How can i make custom login  and priviliges pages  depend on database ?

        Hi all,
       how can i make custom login page and custom security pages depend on oracle database tables.

    User, please tell us your Jdev version!
    Have you used the search field in the forum?
    This had been asked a couple of times.
    http://biemond.blogspot.in/2008/12/using-database-tables-as-authentication.html and
    http://biemond.blogspot.in/2008/12/using-weblogic-provider-as.html
    Timo

  • How do I remove the login?

    Hi,
    How do I remove the login authentication on my application in APex?
    I want them to go straight to the form?
    Cheers,
    S

    I hope I got this right...
    On the page attributes form, there is a security section - set authorization scheme to "no page auth. required" and set authentication to "page is public"
    Update: Guess not ;-) I have a page in my otherwise authenticated app that is wide open and for that one page, I did the above steps, but on re-read I see he asked about the whole app.
    Message was edited by:
    Lee McCann

  • How secure is Keychain?

    How secure is Keychain? It has all of my Airport passwords stored. The Keychain PW is the same as the machine PW, so the Keychain security is only as good as the machine PW. What level of encryption is offered by Apple?

    Keychain uses Triple Digital Encryption Standard (3DES): http://images.apple.com/macosx/security/docs/MacOSXSecurityTB.pdf
    It is reasonably secure. If someone knows your machine password, then they can also unlock your keychain. However, if someone gains access to your machine and just resets the password so they can login, or just copies the data, your keychain is still secure.

  • How to check whether user login in SNC mode or Non - SNC Mode

    Hi
    When SNC is enabled system will accept secure network connections. But,It is up to the user to login in SNC mode or NOT.
    Can any one let me know How to check whether user login in a SNC mode / Non-SNC mode?. Is it only through SU01?.
    Is there any other possibility?. where to check if user login through RFC connections?.
    Please correct me if i am wrong.
    Regards
    Srinivas P.

    Hi,
    Where to check if user login through RFC connections?
    Check T-Code SM04 on every instance. In the column Type you can see what kind of login has been used (GUI, RFC, Plugin, System).
    But,It is up to the user to login in SNC mode or NOT.
    Depends. Check these [parameters|http://help.sap.com/saphelp_nw04/helpdata/EN/19/164442c1a1c353e10000000a1550b0/content.htm]:
    snc/accept_insecure_cpic     
    snc/accept_insecure_gui      
    snc/accept_insecure_r3int_rfc
    snc/accept_insecure_rfc      
    Regards,
    Sven

  • How can I get all Login/Logout details

    How can I get all Login/Logout details of all SAP Users from SAP Server/Database of any one year? I am asking about SAP License User. Is their any Table or Report by which I can get these details? For example USR02(Logon Data) Table store the last login/logout details of SAP Users. So in same way is any table which store Users Login/Logout details through out a year or month.

    Hi Sudheer,
    Check this .
    You can find the transactions by a particular user from the transaction SM04.
    SM04 gives you the details of the users logged in,terminals,transactions the user is working on, the time he has logged in,no of sessions user has opened, and the memory used by the user's programs... all of that w.r.t to the client we login. but we can't get info like date and number of times the user has logged in.
    U can see tables:
    USR01 User master record (runtime data)
    USR02 Logon data
    USR03 User address data
    USR05 User Master Parameter ID
    USR12 User master authorization values
    plz rewards points if helpful
    cheers
    srinivas.k
    Edited by: k srinivas on Apr 28, 2008 11:54 AM

  • How to change the Default login script and the USER login script in Netware3.12

    I need to cut down the disk map from Neware 3.12 in Win98 client's PC.
    please tell me
    how to change the Default login script and the USER login script in
    Netware3.12 ?
    Or is there any other ways to do this thing?
    Thanks a lot!

    On 4/6/2006 [email protected] wrote:
    > how to change the Default login script and the USER login script in
    > Netware3.12 ?
    Please repost in the discontinued.forums.
    Edison Ortiz
    Novell Product Support Forum SysOp
    (No Email Support, Thanks !)

  • How to change the default login user id for firefox home?

    I need to enter a login id to open a firefox page. Unfortunately, I made an error on the login id. How to change this default login ID to open a Firefox home page?

    sheldonidx wrote:
    Can this be modified to change the underscore to a period?No.
    I'm not sure if this is possible because it looks like the XML refers to compiled Java classes. Correct. A similar request has been discussed before:
    http://forums.sun.com/thread.jspa?messageID=10626873#10626873
    Regards,
    Shane.

  • Parallel How many times user can login to the SAP system through ITS

    Hello all
    We are using the ITS ---620 and following 46D R/3 system 
    R/3 system details:
    Kernal :
    kernel release :46D
    O/S :SunOS 5.8 Generic_108528-05 sun4us
    We would like to now, At a time How many times user can login to the SAP system through ITS
    Kindly letus know  if any one have idea about parameter which can restrict the end users to u201CNu201D times/ sessions.
    Transaction SITSPMON/SMICM are not working in R/3 system as it is 46D.
    We found that parameter u201Clogin/disable_multi_gui_loginu201D works with SAPgui logons.
    System logons using the Internet Transaction Server (ITS) or Remote Function Call (RFC) are not affected by this Parameter u201Clogin/disable_multi_gui_loginu201D
    I need similar parameter u201Clogin/disable_multi_gui_loginu201D for the ITS users.
    Thanks

    I have searched all docs and notes.
    Everytime the answer is PArameter for multi_gui_logonis not applicable for SAP Gui for HTML ( Browser )
    The functionality does not exist for SAP Gui for HTML.
    Regards,

  • How to switch off re-login???

    Hi.
    In Layout of BSP-Page I show an image off Business Document Server (Smart Form Object):
    <IMG SRC="/sap/bc/smart_forms/gr/graphics/bmap/bcol/TEST1.bmp">
    In Browser the user just see the image when he logs in one more time. But he is already logged in. When choosing "cancel", the image will not be shown. How to prevent the second login? Did some service-options to be changed?
    Thank you for answering.

    sorry, wasn't the right Forum...

Maybe you are looking for

  • Can air for html/ajax accessing serial port or usb?

    I just have made use of Adobe AIR .I want to use printer with air . Do air have some poperties to accessing serial port or usb? I look up that on the Adobe AIR documents.I only found 'Adobe® AIR™ provides the eans to check for changes to the network

  • Export webi report to excel print on 1 page

    is there anyway in BO for a webi report when exported to excel to automatically print on one page? THe work around is to set the print area in excel itself wondering if it can be done in BO itself BO Edge XI 3.0 SQL 2005

  • Create file txt

    Hello, How I do to create a file txt with action script. Thanks

  • Problem on ASP site after OS X update

    I'm the webmaster on an ASP website and I'm using OS X 10.6.7.  After the Security update 2011-002, if I go to the adminstrator's area on that website and try to enter data it's like the keyboard isn't connected.  I can boot to older images of my har

  • Pic in Pic problem.

    Need help getting  advanced tool bar to show up for Pic in Pic in IMovie'11.  Have enabled Show Advanced Tools via Preferences, but when try to add clip for Pic in Pic it only adds as regular video clip.