About Me

Aside from the occasional initiation into the Dark Brotherhood, I spend my time telling people how to fix their Macs. Not that they are broken, but hey, every step closer to Linux is a positive one. Security and stability, brothers.

Monday, August 30, 2010

Don't display usernames or password hints at log-in

By default, Mac OS X's log
-in window displays a list of all users on a Mac (or all users who can access a Mac in a network). This makes it easier for anyone who has physical access to a Mac to gain access to it, since they need only guess a password. Disabling the display of users adds another layer of security because it requires that a malicious user know the username associated with an account.
Another simple act to help secure an account is to disable password hints (which Mac OS X will normally display to help you remember your password after three failed log-in attempts). This significantly undermines the security of using a password and should always be disabled.
Both of these options can be configured in the same Accounts pane where you disabled automatic log-in. To disable password hints, simply uncheck the box next to "Show password hints." To choose not to display usernames in the log-in window, select the "Name and password" radio button next to "Display log-in window as," which means users will have to type both a username and its password to log in.

No comments:

Post a Comment