I recently set up a new to me iMac. Left it a while and promptly forgot the login password. So I reset it in line with:

https://support.apple.com/en-us/102633

What surprised me was how easy to was to do. Also, and I think I've got this right, it also resets the password for the Password app. I assume this because I recently created a new login password on my main Mac Mini, and that became the new Password, er, password.

So if somebody stole the iMac (or any Mac), they could have ready access to
the the machine content, and all the stored passwords, even though it's login and app password protected?
--
Cheers, Rob, Sheffield UK

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

RJH <[email protected]> wrote:

I recently set up a new to me iMac. Left it a while and promptly forgot the login password. So I reset it in line with:

https://support.apple.com/en-us/102633

What surprised me was how easy to was to do. Also, and I think I've got this right, it also resets the password for the Password app. I assume this because
I recently created a new login password on my main Mac Mini, and that became the new Password, er, password.

So if somebody stole the iMac (or any Mac), they could have ready access to the the machine content, and all the stored passwords, even though it's login and app password protected?

Was FileVault enabled?

<https://www.reddit.com/r/MacOS/comments/1acwjhj/resetting_macbook_pros_password_was_unexpectedly/>

--
Cheers, Alan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Alan B <[email protected]d> wrote:

RJH <[email protected]> wrote:

I recently set up a new to me iMac. Left it a while and promptly forgot the >> login password. So I reset it in line with:

https://support.apple.com/en-us/102633

What surprised me was how easy to was to do. Also, and I think I've got this >> right, it also resets the password for the Password app. I assume this because
I recently created a new login password on my main Mac Mini, and that became >> the new Password, er, password.

So if somebody stole the iMac (or any Mac), they could have ready access to >> the the machine content, and all the stored passwords, even though it's login
and app password protected?

Was FileVault enabled?

<https://www.reddit.com/r/MacOS/comments/1acwjhj/resetting_macbook_pros_password_was_unexpectedly/>

The Passwords app should not be storing the FileVault key!

<https://support.apple.com/en-gb/guide/mac-help/mh11785/mac>

--
Cheers, Alan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 30 Mar 2025 at 09:08:33 BST, Alan B wrote:

Alan B <[email protected]d> wrote:

RJH <[email protected]> wrote:

I recently set up a new to me iMac. Left it a while and promptly forgot the >>> login password. So I reset it in line with:

https://support.apple.com/en-us/102633

What surprised me was how easy to was to do. Also, and I think I've got this
right, it also resets the password for the Password app. I assume this because
I recently created a new login password on my main Mac Mini, and that became
the new Password, er, password.

So if somebody stole the iMac (or any Mac), they could have ready access to >>> the the machine content, and all the stored passwords, even though it's login
and app password protected?

Was FileVault enabled?

<https://www.reddit.com/r/MacOS/comments/1acwjhj/resetting_macbook_pros_password_was_unexpectedly/>

No.

The Passwords app should not be storing the FileVault key!

<https://support.apple.com/en-gb/guide/mac-help/mh11785/mac>

Indeed - but should it be using the login key? Because that's what's happened here . . .

--
Cheers, Rob, Sheffield UK

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 30 Mar 2025 at 07:16:59 BST, "RJH" <[email protected]> wrote:

I recently set up a new to me iMac. Left it a while and promptly forgot the login password. So I reset it in line with:

https://support.apple.com/en-us/102633

What surprised me was how easy to was to do. Also, and I think I've got this right, it also resets the password for the Password app.

It shouldn't affect the Keychain password, no. By default the keychain
password is updated to match when you do a valid "Old pw, new pw, new
pw" login password reset, but *not* a recovery process password. This
leaves the keychain locked with the password you (or an attacker) didn't
know.

I assume this because
I recently created a new login password on my main Mac Mini, and that became the new Password, er, password.

That's as expected, since it was a legit password update not a reset.

Cheers - Jaimie

--
Imagine there were no hypothetical situations.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 30/03/2025 07:16, RJH wrote:

I recently set up a new to me iMac. Left it a while and promptly forgot the login password. So I reset it in line with:

https://support.apple.com/en-us/102633

What surprised me was how easy to was to do. Also, and I think I've got this right, it also resets the password for the Password app. I assume this because
I recently created a new login password on my main Mac Mini, and that became the new Password, er, password.

So if somebody stole the iMac (or any Mac), they could have ready access to the the machine content, and all the stored passwords, even though it's login and app password protected?

No, because those instructions require you to enter at least one
password or recovery key. A thief who didn't know either of those things
could only reset the Mac - and resetting it doesn't give access to
previous content.

Secondly, and independently, if the drive was not encrypted, i.e. did
not have FileVault enabled, then a thief could in theory move the drive
into another machine (or boot from USB) and try to examine the data and
files on the drive. However Keychain/Password information is always
encrypted even if the disk isn't, so they still wouldn't be able to
access your passwords.

Regards,
--
Bruce Horrocks
Hampshire, England

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)