How Secure Is User Password Protection?

Similar Messages

• How secure is master password?

  Hi
  I have very sensitive information on my iBook. I can choose
  master password after screen saver/sleep or FileVault.
  FileVault encrypts the info which I feel uncomfortable with
  as it may make it difficult to backup.
  Can the password be removed by a someone who takes the
  computer? Is there any way around the master password.
  If the hard drive has to be erased to clear the password
  then I feel safe with password.
  I go to coffee shops alot, I am careful so far but someday I
  may slip.
  thanks in advance
  Mark
  iBook G4   Mac OS X (10.4.5)   750 mb ram

  Hi, Mark.
  While it is possible to remove the Master Password from a Mac on which user's Home folders are protected with FileVault, doing so does not permit one to then change the passwords on FileVault-protected accounts. One would still need to know the password for the user account.
  It is important to choose good passwords. Tiger offers a password assistant that helps you choose good passwords.
  If you don't want to use FileVault, using Encrypted Disk Images is the best and easiest route to encrypting and password-protecting select data on a Mac. There are two AppleCare Knowledge Base documents you should read in relation to encrypted disk images:
  - "Mac OS X: About Encrypted Disk Images."
  - "Mac OS X: How to create a password-protected (encrypted) disk image."
  - "Disk Utility 10.5 Help: Creating a disk image."
  You can even burn an encrypted disk image to CD or DVD.
  The most important thing to remember about encrypted disk images is to never lose the password. If you lose it, you will never be able to open it. If you rely on the password being saved in your Keychain, and later format your drive, you lose the password saved in your keychain, so write it down and save it in a secure place, just in case. For added security, do not add the password of an encrypted disk image to your Keychain when this option is offered.
  Note that some of the information above is from the "Security" chapter of my book, Troubleshooting Mac® OS X.
  Good luck!
  Dr. Smoke
  Author: Troubleshooting Mac® OS X
  Note: The information provided in the link(s) above is freely available. However, because I own The X Lab™, a commercial Web site to which some of these links point, the Apple Discussions Terms of Use require I include the following disclosure statement with this post:
  I may receive some form of compensation, financial or otherwise, from my recommendation or link.

• How to setup a password protection in my wireless airPort?

  How to setup a password protection to my wireless AirPort?

  To configure the AirPort base station for wireless security, you will need to use the AirPort Utility.
  AirPort Utility > Select the AirPort > Manual Setup > AirPort > Wireless tab
  Wireless Security: <None | WEP (Transitional Security Network) | WPA/WPA2 Personal | WPA2 Personal>
  Wireless Password: <enter your desired password>
  Verify Password: <reenter your desired password>

• How do I remove password protection from a PDF file in Adobe Reader

  How do I remove password protection from a PDF file in Adobe Reader?

  PDF security can only be implemented or removed using Adobe Acrobat.

• How secure is the password manager?

  How secure is the password manager?
  Can someone hack into it and steal my password?

  You can protect stored password using master password. See:
  * https://support.mozilla.com/en-US/kb/Protecting%20stored%20passwords%20using%20a%20master%20password

• How to import a password protected p12 certificate to keystore?

  Hi all,
  I am new in java security programming.
  And I got something very urgent need your help..
  How to import a password protected p12 certificate to keystore programmatically?
  Does anyone have sample codes on this issue?
  thanks very much
  Wyan

  Hi omslion,
  I responded to a similar post from you (and moved it to the Acrobat forums). Password protecting a file requires Adobe Acrobat. You are welcome to download a free 30-day trial of Acrobat. For more information, see www.adobe.com/products/acrobat.html.
  Best,
  Sara

• How to split a password-protected PDF file?

  There is a tutorial to let you know how to split a password-protected pdf file, check in here:http://www.kvisoft.com/tutorials/split-a-password-protected-PDF-file.html

  Yup. You all are right. I ordered Adobe Acrobat today and the order is still processing. I can get to Adobe Acrobat.com but that too does not work. I guess I will have to wait until my order is processed before I get the keys to the kingdom. Thanks for your help and please forgive my ignorance.Regards,Bob

• How do I open password protected email attachment?

  Does anyone know how to open a password protected attachment in email.
  My email will not download the attachment if it is password protected

  I have the same problem.  When a password protected attachement is sent to my iPhone, there is no icon attached, only the code in the email.  However, it's normal when I view the email with my PC (Fire Fox or IE).  The same thing happens on the iPhone 3, 4 and iPad 3.  If a PDF file is not password protected, the PDF icon appears and all I have to do is click on it and it opens.  Does anyone have any ideas?  Apple Support is clueless on this one.

• Any user can unlock any other user password protected screen?

  Major problem I'm having...!
  On my Macbook Air - both myself and my wife can unlock each others password protected screen saver?
  Surely this shouldn't be the case...?
  We are both admin - but I would of assumed each could only unlock it's own user password protected screen saver.
  Any help would be appreciated.

  ..."That doesn't make sense...as the login window is available from that password protected screensaver also..."...
  The option to switch to the loginwindow only appears if the "Fast User Switching" GUI is enabled in the "Accounts" pref pane. If that option were to be disabled and eg. a user on a shared computer went home without logging out, in the absence of "admin" access, that computer would be entirely unusable to other users short of pulling the plug, which might interrupt any background operations in progress.
  I suppose the behaviour could be alterred depending on the "FUS" status, but really, what would be the point since, as you acknowledge, an "admin" user ultimately has the ability to access an open session anyway?
  For reference, note that "admin" users, in addition to the "session owner" are granted the right to unlock the screen in the "/private/etc/authorization" file under the 'system.login.screensaver' key so the behaviour can be adjusted from there.

• How can my end user password-protect a document that has been digitally signed?

  Hello,
  I have seen some threads that indirectly address parts of this question, but am still left unsure about whether this process can be done - and if it can, I could use your help in understanding it - thank you.
  Two of our end users use digital signatures (certificate-based) in Acrobat 9 Pro to sign documents attesting the accuracy & calibration status of lab equipment for use in a legal environment.  These end users are concerned that their documents could be altered or edited, and asked me if password protection can also be applied to their documents that need to be digitally signed.
  Thank you in advance for your advice.

  isakten wrote:
  Do you apply "Open" password or "Permissions" password or both? If you apply "Permissions" password (with or without the "Open" password) make sure that "Changes Allowed" include Filling in form fields and signing existing signature fields" or "Commenting, filling in form fields and signing existing signature fields". If permissions do not allow you to sign, you cannot sign.
  Be aware of the alert that Acrobat pops up when you apply "Permissions" password that all Adobe products respect permissions that you set but that 3rd-party PDF Viewers may not (and many do not).
  That is exactly what I was missing! I apply only "Permissions" password, but had the "Changes Allowed" drop-down set incorrectly - it was set to "None."  After changing that setting to allow "Filling in form fields and signing existing signature fields," the end user was able to digitally sign the document, her desired goal.
  Thank you so much.

• How robust is PDF-Password protection? Does it also work for PDF/A?

  Several sources say that PDF passwords can be removed with appropriate software. Is this true?
  Can I also protect a PDF/A with a password? If not, how can I be sure that I can still open a regular password protected PDF in 10 years from now?
  Many thanks.

  Actually PDF/A is specifically designed to guarantee that the documents can be read in the distant future (barring global destruction, end of reality as we know it, alien sheep invasions, etc.)
  While we cannot predict which vendor will be providing the software to do it, or how the data will be stored by then (holographic data mice are still in beta) the PDF/A standard is designed to do two very important things:
  The standard is open, so the structure of a PDF/A file can be interpreted by anyone who can open it and compare the contents to the standard (which itself is also published in PDF/A). It's basically a text file with lots of symbols in it.
  PDF/A forbids any encryption or licensed algorithms (e.g. H.264) that could be impossible or illegal for a future viewer to use, for example if a password is lost or the inventor of a proprietary algorithm goes crazy and cancels all the licenses.
  Combined, these points make PDF/A impossible not to be parsable. It may end up projected directly into your brain by the aforementioned holographic data mouse, but you'll be reading it all the same.
  MichaelKazlow wrote:
  As to your ability to open a secured password in 20 years from now? Heck there is no guarantee that your non-secured pdf file will be readable in 20 years. With PDF/A your chances are pretty good as it uses standards based file format, but there is no guarentee that Adobe or any other company doing business today will be in business 20 years from now.

• How can I lock / password protect an album?

  I have iPhoto 6. Is there any way I can lock / secure / password protect
  1. film rolls within the Library
  2. Specific Albums and Slideshows I have created?
  Thank you,
  HDP

  HDP,
  There is a Mac 101 tutorial that may help. Try this page first, then scroll down to where it says "About User Accounts". A bit below that is "Creating User Accounts". It may or may not be useful for you, as I think the tutorials are based on Tiger, and your specs show you on Panther. But take a look, since it might be close enough to help you figure it out on your Mac.

• How to creat a Password Protected Folder

  Hi
  I was wondering how do I create a single folder that contains all of my passwords (Banking ...etc) that only I have access to - I would like to password protect this foder and if possible have the information inside encripted.
  I was looking into security vault - but I'm afraid it encripts all the folders on my Mac. I just want to create a single folder - everything else should be as it was.
  Any help is greatly appreciated
  Thanks

  Create a password-protected (encrypted) disk image
  1. Open Disk Utility at /Applications/Utilities.
  2. Images>New>Blank Image... or click the "New Image" button in the Toolbar.
  • go to step 3
  2a. To encrypt an existing folder..
  • Go to...Images>New>Image from Folder.
  • In the dialog window, select the folder and press "Open"
  3. Type and/or select from popup window .....
  • Name • location • Format
  • Size (no size option for folder)
  • Encryption .....AES-128 must be selected
  4. Click the "Create" button ..... or if Image from folder was used, click "Save"
  5. Enter and verify your password when prompted and click "OK".
  6. The .dmg will appear on the desktop and the left pane of Disk Utility.
  •Important...If you forget the password, the data stored will be lost.If you save your password in the keychain file, it will be available to you there.
  An easy way to password-protect certain folders
  To password protect a specific folder in any version of OS X, if you're an administrator, simply change the permissions in the "Get Info" box so that the folder is owned by the system. You'll be prompted for a password. To access the folder again, just change the ownership back - and it will require a password to be made accessible.
  Secret Folder lets you conceal a folder and its contents.
  http://apimac.com/secret_folder/index.php

• How to change user password from default realm programaticaly

  Hello,
  I would like to know if there are any ways to change a users password from a file
  realm through java classes ie . programaticaly.

  Thank you for the support.
  After looking at the code, I noticed RealmManager is not documented in the BEA
  Javadocs. Am I missing something or is it not documented. Lot of other methods
  also not documented. Do you have the latest Javadocs?
  Thanks
  John
  "Tom Moreau" <[email protected]> wrote:
  >
  See message #4589 - it posts the code magic needed
  to change the password. The caller doesn't have to
  be aware of which realm is being used - that's taken
  care of for you.
  -Tom
  "John M" <[email protected]> wrote:
  Hello,
  I would like to know if there are any ways to change a users passwordfrom
  a file
  realm through java classes ie . programaticaly.

• How to prevent user password being reset to the same password?

  Hi,
  As you all know, domain admin has the power to reset user password.  Let's think of the following scenario:
  if an admin lets a user reset his password to use the same string, this action means he could nullify company policy on password which requires user's last N passwords being recorded in the history.
  We could very well imagine that the admin reset his own personal password in order to bypass company policy.
  I have asked partner forum to see if there's a way to prevent such thing, but the reply I got is "No".
  I wanted to know if anyone of you have any idea to prevent such thing from happening?
  Or if it's possible to get the hash value of users past N password to see if he's always using the same password?
  Thanks in advance for your ideas.

  Good rules is better alternative to complex policy.
  Combine password history with time interval between changes.
  Regards
  Milos
  You don't understand what I mean.
  He knows exactly what you mean. 
  check out this link below:
  http://technet.microsoft.com/en-us/library/cc757692%28v=ws.10%29.aspx
  Enforce password history
  The Enforce password history policy setting determines the number of unique new passwords that must be associated with  a
  user account before an old password can be reused .
  The possible values for this Group Policy setting are:
  A user-defined number from 0 through 24.
  Not defined.
  Discussion
  Password reuse is an important concern in any organization. Many users want to reuse the same password for their account over a long period of time. The longer the same password is used for
  a particular account, the greater the chance that an attacker will be able to determine the password through brute force attacks. If users are required to change their password, but nothing prevents them from using the old password or continually reusing a
  small number of passwords, the effectiveness of a good password policy is greatly reduced.
  Specifying a low number for Enforce password history allows users to continually use the same small number of passwords repeatedly. If you do not also set Minimum
  password age, users can change their password as many times in a row as necessary in order to reuse their original password.
  If you set Enforce password history to a number greater than zero, users must come up with a new password every time they are required to change their old one. This
  improves security, but it can increase the risk that users will write down their passwords so they do not forget them.
  If you set the value to the maximum of 24, it helps to ensure that vulnerabilities caused by password reuse are kept to a minimum.
  For this policy setting to be effective in your organization, configure Minimum password age so that you do not allow passwords to be changed immediately. Enforce
  password history should be set at the level that combines a reasonable maximum password age with a reasonable password change interval requirement for users.
  Location
  GPO_name\Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\
  Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  IT Stuff Quick Bytes