0

My MacBook Pro was stolen recently. I had it encrypted using Filevault and it required my password for login after woken from sleep.

My password however is just a word of three letters, not abc, def or klm but more like tfj, ksa, ale, etc...

My question is this can they still access my files in any way? Via the guest access maybe or by breaking the password?

Greatly appreciate your answers.

Alejandro
  • 1
  • allow me a provocative question: why enable filevault2 in the first place? with such a weak password you take all the disadvantages (lower disk speed, configuration effort, potential loss of data) without gaining any benefit... – n1000 Dec 10 '14 at 20:06

2 Answers2

1

yes brute force will get your password in no time.

user3613886
  • 141
  • 1
    According to the article, a 6-letter password gets you 5.6 hours; if that's true, a 3-letter password should take 2 minutes and 18 seconds. Ouch – 0942v8653 Dec 04 '14 at 13:12
  • 1
    In some cases, after a few wrong attempted passwords, there is a (longer and longer) delay before the next attempt is allowed. Is this not true for FileVault? – GEdgar Dec 04 '14 at 18:43
  • @GEdgar: This applies to a scenario when you try to enter the password manually. A skilled hacker would however remove the disk and try keys from a different host system. – n1000 Dec 10 '14 at 20:02
1

It is possible to brute force a password or recover the recovery key from memory if someone is determined enough. The guest account by default is a Safari only account. It would be to your advantage for them to log in to the Guest account as it activates "Find my Mac" if they jump on to an internet connection. From the guest account they will have no access to the machines files.

In the future, best practice would be to set a firmware password. Without a firmware password set they can still have access to the machine. To be the most secure you should set both filevault 2 and a firmware password.

tron_jones
  • 3,830
  • 2
  • 19
  • 23