Length of password for encrypted disks, firmware, etc.

danco
danco
Volunteer Moderator
edited February 2014 in Lounge

I am thinking of adding to the security of my Mac(s) by setting a firmware password and also using FileVault.

I am wondering what length you recommend for these passwords. These would only become important if my Mac and external drives got stolen, of course.

Comments

  • khad
    khad
    1Password Alumni

    I'll ping @jpgoldberg‌ on this, but I think Diceware — our recommended technique for Master Passwords — is useful for any password you must remember/type.

  • danco
    danco
    Volunteer Moderator

    After learning more about File Vault, I realised that in normal use the protection is only as good as the user account password.

    I had never really considered how secure an account password should be. The admin password does need to be entered fairly often (adding or removing items from the Applications folder, opening some System Preferences, etc) so one does not want it to be too complicated, but it should not be too simple either.

    I am not worried abou people having access to my computer and being able to guess my password by knowing me. My main concern is for protection if my machine was casually stolen.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Hi @danco‌,

    You do need a password that you can easily type for your OS X login. As you know, you will be typing it frequently.

    As @Khad said, the technique we recommend for Master Passwords will work here. Alternatively, you could use a "pronounceable" passwords generated by the 1Password Strong Password Generator.

    The firmware password is something that you will only have to type infrequently, but it will be at a time when you don't have access to 1Password running on your computer. For mine, I've used pronounceable, but do not memorize these because I always have my 1Password data at hand on some other device.

    If you keep the original box and paperwork for your Mac around, you may wish to keep a printout of the firmware password with that. (Depending on what sorts of threats you are worried about.) This will ensure that when you go to sell or give away your used Mac, you will be able to clear the firmware password or pass it on.

    One great advantage of setting a firmware password on Macs is that it turns off Direct Memory Access for Firewire/PCIe/Thunderbolt, which will protect your running Mac against DMA attacks.

This discussion has been closed.