How To Break Into A Mac (And Prevent It From Happening To You)

How To Break Into A Mac (And Prevent It From Happening To You)

We recently went through a few ways to break into a Windows PC without the password, and it turns out it’s just as easy to break into a Mac too. Here’s how to do it and keep yourself protected.

Just like on Windows, there are quite a few ways to break into a Mac, but many of them are variations on the same thing, so we’re going to highlight the two easiest ways — one with a Mac OS X installer CD and one without — and show you how to keep yourself protected. Note that while these two methods will get you into the OS without knowing the password, you can always just use our previously mentioned “lazy method” with a Mac too — just boot up the computer with a Linux Live CD and start grabbing files.

How to Reset the Mac OS X Password

Both of the methods outlined below are ways to reset the Mac OS X password. While there are cracking utilities like John the Ripper or THC-Hydra, they’re either complicated to use or expensive to buy, so we won’t go into them here like we did with Windows (which has the very easy-to-use Ophcrack). Both of these methods assume the target computer is running Snow Leopard.

Method One: Use the Mac OS X Installer CD

If you have the Mac OS X installer CD handy, it’s super easy to change the administrator account’s password. Just insert the CD into the target Mac and hold the “c” key as you boot up the computer. It will boot into the Mac OS X installer.

Go to Utilities in the menu bar and choose Password Reset. You’ll get a window prompting you to select the drive on which OS X is installed; so choose the drive you want to get into and select the user who’s password you want from the drop-down menu.[imgclear]

Enter a new password for that user and hit the save button. That’s it! When you reboot the computer, you can use your new password to log into the computer. Note that unfortunately, you still won’t be able to unlock the Keychain, so if what you’re trying to access has another layer of password protection, you won’t be able to access it.

Method Two: Boot into Single-User Mode

If you don’t have an installer CD handy, you just need to do a bit of fancy command-line footwork to achieve the same end as the CD method. Boot up the computer, holding Command+S as you hear the startup chime. The Mac will boot into single user mode, giving you a command prompt after loading everything up. Type the following commands, hitting Enter after each one and waiting for the prompt to come up again before running the next one:

/sbin/fsck -fy
/sbin/mount -uw /
launchctl load /System/Library/LaunchDaemons/
dscl . -passwd /Users/whitsongordon lifehacker

Replace whitsongordon with the user who’s account you want to access and lifehacker with the new password you want to assign to that user.

If you don’t know the users username, it should be pretty easy to run ls /Users at any time during single user mode to list all the home folders on the Mac, which usually correspond to the usernames available on the Mac. Note that, once again, this doesn’t give you access to the OS X Keychain, so anything protected with another layer of password s will be off-limits.

How to Protect Your Mac from Being Broken Into

Luckily, while it’s pretty easy to break into a Mac, it’s also just as easy to protect yourself. Just like last time, our main recommendation is encrypting your entire OS. Note that this does not mean use OS X’s built-in FileVault tool. We weren’t impressed with FileVault the last time we looked at it, and it turns out it’s pretty easy to get past FileVault’s so-called protection.

Instead, we recommend you use our favourite free, open-source encryption tool TrueCrypt. It came out with a Mac version back in 2008, and it still works wonderfully at encrypting entire partitions and drives on your computer. And, since anyone wanting to boot the computer needs to know your TrueCrypt password, they’ll never even get to the password reset stage — so all your files will be safe.

As always, these are just a few of the easiest ways to break into a Mac. Do you know of any others? Share them with us in the comments (don’t forget to share their weaknesses, too, so we know how to protect ourselves from them).


  • You forgot to mention about using the Firmware Password Utility to lock down single user mode, target disk mode and the startup manager.

    You can find the utility in the same place (menu) as the Reset Password tool mentioned above.

  • “We weren’t impressed with FileVault the last time we looked at it, and it turns out it’s pretty easy to get past FileVault’s so-called protection.”

    Okay so the first link is to a thing about bookmarking your email with gmail and the message: protocol.

    And the second is how to reset the FileVault Master Password when there are no accounts encrypted with it. Deleting the files referenced isn’t the unlock FileVault free card you make it out to be.

    So neither of them really help your argument that FileVault is flawed (which it is, I’m not arguing on that point).

    • Agreed. Kloptops.

      Neither of the links presented show flaws in the FileVault system that will allow a hacker to get into your encrypted data without knowing your password.

  • And how FileVault flawed if provided link says “Note that if you do this while an account is still encrypted (ie. with filevault enabled), that account will not be accessible with the new master password.”?

    So yes, you can set new master password, but no, you cannot access encrypted data.

    By the way TrueCrypt does not support encrypting system partitions on a Mac. Part of article about “password to boot a computer” just plain wrong.

  • Pretty sure you can get past firmware password by shutting off the Mac and removing, adding or changing around the RAM. Given how easy that is to do on a lot of the last/current generation Macs that doesn’t really provide protection from the Single User Mode workaround.

Show more comments

Log in to comment on this story!