Firmware password changes in the latest MacBook Air, MacBook Pro

Firmware password changes in the latest MacBook Air, MacBook Pro

Summary: Mac managers will want to check out a recent Apple support note that points out some important changes for recovering firmware passwords in the MacBook Air (Late 2010) and MacBook Pro (Early 2011).

SHARE:
TOPICS: Apple, Hardware, Software
4

Mac managers will want to check out a recent Apple support note that points out some important changes for recovering firmware passwords in the MacBook Air (Late 2010) and MacBook Pro (Early 2011).

According to MacBook Air (Late 2010) and MacBook Pro (Early 2011): Recovering a lost firmware password, only a technician at an Apple retail store or an authorized service provider can recover the password.

A number of theft recovery services ask users to set this firmware password, which for Intel-based Macs is based on the Extensible Firmware interface (EFI) and older PowerPC machines on the Apple Open Firmware. Either way, by locking the firmware, users can prevent the machine, notebook or desktop, from booting from an external hard drive, DVD, NetBoot server or even from another partition on the main startup drive. It also prevents starting up in various modes, such as Target Disk Mode (where your notebook works as an external disk to another system), Safe Boot, Single-user and Verbose modes.

A support note with a full list and instructions can be found here.

To set the the firmware password, you pull down the Firmware Password Utility from the Utilities menu on your startup disc then run it.

I appreciated a post by Jim Miller about the Firmware password in the Apple Support Discussions. He said if you're going to the trouble to set the firmware password, it might be advisable to disable automatic login in the Accounts Preferences Pane (this is a good idea anyway).

With these options running together, you gain some protection if your Mac is stolen:

1: Thief runs off with your machine. 2: Thief tries to start your machine, and gets the Mac OS login screen. 3: Thief gets a startup DVD that he can boot from and reset the user password. 4: Thief holds down the OPTION key on boot so he can select the DVD as the startup volume. 5: Oops: Thief gets the Firmware Password screen. Fail. 6: Thief restarts the machine, this time holding down the "C" key to force the boot sequence to start from the DVD. 7: The machine ignores the "C" key, and proceeds to the Mac OS login screen. Fail again. 8: Information safe!

Now, this combo doesn't provide complete protection by someone who really knows what they're doing. But will stop a casual thief from cracking into your machine.

Topics: Apple, Hardware, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • RE: Firmware password changes in the latest MacBook Air, MacBook Pro

    maybe if you encrypt the hard drive.. its not hard to take the hard drive out of the machine and plug it in to another and just read the data off...
    doh123
    • RE: Firmware password changes in the latest MacBook Air, MacBook Pro

      @doh123 Right. I totally agree. Firmware passwords and turning off auto login aren't about securing the system entirely. Rather, it's about making sure that someone can't just open the machine and download away. Or the less-technical thief.

      thanks for reading,

      david m.
      davidmorgenstern
  • RE: Firmware password changes in the latest MacBook Air, MacBook Pro

    This will prevent most thieves but will not stop the determined criminal. Firevault will encrypt the home folder on your drive which good enough for most people but some people and applications store information outside home folder so for more security is encrypt the whole drive and backup the contents to another drive so if lost the system you can restore the contents to another system.
    phatkat
  • RE: Firmware password changes in the latest MacBook Air, MacBook Pro

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com" title="seslichat">sesli chat</a> <a href="http://www.yuregininsesi.com" title="seslisohbet">sesli sohbet</a>
    birumut