An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 1 of 2 1 2 >
Topic Options
#37545 - 12/02/15 11:40 AM second password
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
OS 10.6.8 I have a password to access my computer and I have a special folder which I would like to protect with another password. Is this possible? jaybass

Top
#37546 - 12/02/15 12:00 PM Re: second password [Re: jaybass]
artie505 Online


Registered: 08/04/09
There may be a 3rd party app that does what you're looking for, but the "built-in" way is to use /Applications/Utilities/Disk Utility to create an encrypted, i.e. password protected, disk image in which you'd store your folder. (Set a custom disk size of 10 MB to get the smallest possible disk image if that's what you need, and use "No partition map".)

I think the procedure is pretty straightforward, but I'll be happy to walk you through it if you need assistance.

Edit: IMPORTANT... If you forget your password you're SOL; there's no way to recover it!!!


Edited by artie505 (12/02/15 11:54 PM)
Edit Reason: More +
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#37564 - 12/03/15 05:18 AM Re: second password [Re: jaybass]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
I personally go with encrypted disk images. You can create them in Disk Utility. You can then add the .DMG file to your login items to have it try to open at login. You can either have it save the password in your keychain, or have to enter it every time. If it's in your keychain, it's secured by your computer's login password, and someone resetting that password will not have access to the contents of your keychain.

I use this solution both here at work and at home. I also have symlinked my ssh keys to the disk image, because I make extensive use of remote access via terminal. It amazes me that apple has not rolled the ssh key folder into the keychain somehow yet.

If you haven't used them before, they work just like a flash drive. It's a fixed-capacity folder you can put folder, files, and other things into. Use is completely transparent once it's mounted up on your desktop, by double clicking the DMG and providing the password if necessary.
_________________________
I work for the Department of Redundancy Department

Top
#37566 - 12/03/15 06:15 AM Re: second password [Re: artie505]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
artie, I have created a dmg of 40Mb, (the smallest I could get) and it is 128-bit AES encryption and "No partition map" as you advised. On my desktop there is 2 icons...a private folder dmg and Disk Image. I have inserted a password in my keychain which I have set up precautions against forgetting it. How do I see if this works? Thank you for your reply. jaybass

Top
#37567 - 12/03/15 06:16 AM Re: second password [Re: Virtual1]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
Virtual 1, Thank you for your assistance. jaybass

Top
#37570 - 12/03/15 08:56 AM Re: second password [Re: jaybass]
Ira L Online


Registered: 08/13/09
Loc: California
Originally Posted By: jaybass
artie, I have created a dmg of 40Mb, (the smallest I could get) and it is 128-bit AES encryption and "No partition map" as you advised. On my desktop there is 2 icons...a private folder dmg and Disk Image. I have inserted a password in my keychain which I have set up precautions against forgetting it. How do I see if this works? Thank you for your reply. jaybass


In your Utilities Folder is an application called "Keychain Access". Open this to get into your Keychain. It will require your computer password to see any passwords in Keychain.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#37578 - 12/03/15 12:34 PM Re: second password [Re: jaybass]
artie505 Online


Registered: 08/04/09
If you want to make your dmg the minimum size you need to look all the way down to the bottom of the "Size" drop-down, click on "Custom", and change 100 MB to 10 MB in the pop-up; you should then see another pop-up that tells you that 10.5 MB is the minimum size. Click on "OK", and you're good to go. (Edit: You can, of course, specify any custom size in between.)

If you eject the disk image (Edit: Control-click on it to see the option, or click on the "Eject" icon in a Finder window.) and then double-click on the dmg, Keychain Access should enter your password and auto-open it, which will cause the disk image to reappear, and you can drag your private folder into it.

Bear in mind, though, that storing your password in KA (may) negate(s) your having password-protected the folder in the first place, because anybody with access to your Mac may be able to/can double-click on the dmg and open it.

Against that possibility I've got two dmgs with passwords stored in MY memory only.

Note: There's another option you can use if you expect your private file to grow continuously; post back if you'd like to go that route.


Edited by artie505 (12/03/15 02:48 PM)
Edit Reason: Clarify +
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#37583 - 12/03/15 03:01 PM Re: second password [Re: artie505]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
I have the Disk image on my desk top with the folder inside. When I click the Disk image, It does not ask for my password and I can open the folder. How do I change that? My new password was accepted ok so I guess it's something quite simple, I hope! BTW, nobody has access to my computer. jaybass

Top
#37585 - 12/03/15 03:20 PM Re: second password [Re: jaybass]
artie505 Online


Registered: 08/04/09
Originally Posted By: jaybass
I have the Disk image on my desk top with the folder inside. When I click the Disk image, It does not ask for my password and I can open the folder. How do I change that?

It doesn't ask for your password because you've stored it in /Applications/Utilities/Keychain Access, so it's entered automatically. The only way to change that is to launch KA and delete the entry for the disk image, BUT that means that the only record of the password will be in your head.

It's a catch-22 for people who don't trust their memory.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#37589 - 12/03/15 04:59 PM Re: second password [Re: artie505]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Actually the password can be stored in KeyChain as a "secure note" rather than as a password and it won't automatically open the secure disk image. I store a lot of stuff I want to keep secure in the Keychain besides passwords, for example my neighbor lists me to be notified if their alarm system goes off so I keep his password, the location of the house key, and the security code for his alarm system in Keychain.
_________________________
joemikeb • moderator

Top
#37591 - 12/03/15 05:04 PM Re: second password [Re: joemikeb]
artie505 Online


Registered: 08/04/09
I thought of that and tossed the idea, because it makes the note's contents no more secure than jaybass's login or other KA password (which in and of itself would need to be remembered)...another catch-22. frown
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#37593 - 12/03/15 06:39 PM Re: second password [Re: artie505]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
You still have to know the keychain password which does not have be the same as the account password or you can have a second keychain with its own password.
_________________________
joemikeb • moderator

Top
#37594 - 12/03/15 06:56 PM Re: second password [Re: joemikeb]
artie505 Online


Registered: 08/04/09
Originally Posted By: joemikeb
You still have to know the keychain password which does not have be the same as the account password or you can have a second keychain with its own password.

jaybass's login and keychain passwords are apparently the same, so either alternative (I already mentioned a unique keychain password.) creates the need for another password that must be remembered.

I mean, yeah, you can create a situation in which you need a less secure password to access a more secure one, but that-all's self-defeating.

As far as I can see, jaybass is totally catch-22d if memory isn't a viable alternative.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#37605 - 12/04/15 06:15 AM Re: second password [Re: artie505]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Passwords stored in your keychain are accessible only while the keychain is unlocked, and only to the apps that have been authorized to access them. Your keychain is unlocked automatically when you login, using your login password. If that password is different than your login password for some reason, (such as having force reset your password using a boot disk) then your keychain will not unlock at login, and things like encrypted disk images will not be able to be opened by simply double clicking them.

It's also possible to have additional keychains. I've seen users that have a collection of encrypted disk images, that use different passwords. But all of these passwords are stored in an auxiliary keychain. So when the user double clicks on any of them, the KEYCHAIN will prompt for its password to unlock it, to gain access to the key. Once unlocked, all passwords in the keychain are available. So the user can select 10 disk images and open them one at a time, but only the first one will prompt for the password to the keychain, and all the rest will immediately open. Auxiliary keychains like that automatically re-lock themselves after 15 minutes iirc. This also allows you to create disk image passwords of arbitrary (military? FIPS?) complexity without having to memorize them. If someone happens to steal the DMG file, they have no way of knowing the password is stored in some auxiliary keychain somewhere that has what might be a much easier to break password. Or maybe you run a secure data hosting business and each customer's records are in a different disk image with different big random passwords, all kept in your aux keychain. If a judge subpoenas the data on one customer's DMG, you only have to give him the DMG password out of the keychain, and that restricts his access to only the data from the one customer. It's a good way to compartmentalize security without sacrificing convenience.

TL;DR: encrypted disk images whose passwords are stored in your login keychain remain secure from someone that resets your login password. However, if they get on your computer while you're logged in, and the screensaver isn't asking for your password, they WILL have access to DMGs with their password in your keychain.
_________________________
I work for the Department of Redundancy Department

Top
#37607 - 12/04/15 06:32 AM Re: second password [Re: jaybass]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
oh and here let me scare you all a little bit.

I once had access to a fun little application for the mac that would dump the user's keychain. As in, you'd sit down at a computer that was logged in whose login keychain was unlocked and screensaver wasn't running. Pop in the flash drive and run this little app. It would DUMP the keychain. INCLUDING the items that were restricted access to specific applications or processes. Without prompting for the logged in user's password.

This is an example of "it doesn't need the password, it wants the password". This app contains a copy of the security framework that's inside mac os x, but with the password "wants" edited out or disabled.

So that is a reminder to all, if the computer needs the password to operate, but is still asking you for it, it doesn't NEED it, it already has access to it, it's just being stubborn. A computer that has auto-login turned on for example, the keychain unlocks when the user logs in. But it will still ask you for your admin password all the time for stuff. It doesn't NEED the password, it has it already, and if it has it and can use it, that means someone else can too. Never forget that.
_________________________
I work for the Department of Redundancy Department

Top
#37613 - 12/04/15 09:55 AM Re: second password [Re: artie505]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
I trashed the dmg and the disk image and started again but I wound up in the same position i.e. the folder in the disk image but not asking for a password. How about you explaining that last option in your post and see if I can manage that. BTW I cannot forget my password. jaybass

Top
#37615 - 12/04/15 12:28 PM Re: second password [Re: jaybass]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
It may have recorded the password in your keychain. You can open Keychain Access, it's in the Utilities folder. Once that's open, go into its preferences and you can check to show keychain access in the menubar. Look for a black padlock with useful options. I like to turn that on with my computers.

There's no need to create a new disk image. You can look through or search keychain access for the entries for your disk images. Delete any you don't want to be there. It will ask for them next time you open a disk image that needs one. There's usually a "remember password in keychain' option in those dialogs, make sure you don't check it when entering your password if you want to keep your passwords out of the keychain.
_________________________
I work for the Department of Redundancy Department

Top
#37616 - 12/04/15 01:03 PM Re: second password [Re: jaybass]
artie505 Online


Registered: 08/04/09
V1 should have you covered, but here's what it looks like, the last shot being the entry in your keychain.

If you want to either create a minimum sized disk image or explore my last option, let me know and I'll get back to you.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#37617 - 12/04/15 02:10 PM Re: second password [Re: artie505]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
I would like to explore your last option. I did exactly what you posted in your screen shot but I'm missing something. jaybass

Top
#37622 - 12/05/15 12:42 AM Re: second password [Re: jaybass]
artie505 Online


Registered: 08/04/09
Originally Posted By: jaybass
I would like to explore your last option. I did exactly what you posted in your screen shot but I'm missing something. jaybass

What you likely did was left the circled box checked, and that resulted in a keychain entry like the one in my screenshot. Deletion of that entry would accomplish your purpose.

At any rate, you're about to create a sparse disk image.

1. To create a stock sized image, use this format.

2. To create a custom sized image, use this format.

3. Final step.

Note that I created a minimum sized image in step 2 just as an example; yours can be any stock or custom size between 10.5 MB and 500MB, as you see fit.

I think this will finally set you straight.

Edit: At this point you've probably got a bunch of passwords in your keychain that can be trashed...for disk images that have been trashed.


Edited by artie505 (12/05/15 11:07 AM)
Edit Reason: Correction
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#37628 - 12/05/15 09:31 AM Re: second password [Re: artie505]
Ira L Online


Registered: 08/13/09
Loc: California
Nicely done, Artie, but what is the item red-circled in image 2c?
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#37629 - 12/05/15 10:43 AM Re: second password [Re: Ira L]
artie505 Online


Registered: 08/04/09
Originally Posted By: Ira L
Nicely done, Artie, but what is the item red-circled in image 2c?

Thanks, Ira.

The extraneous item is an error correction...a covered up, duplicate "2b".
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#37632 - 12/05/15 12:42 PM Re: second password [Re: Virtual1]
artie505 Online


Registered: 08/04/09
Originally Posted By: V1
Auxiliary keychains like that automatically re-lock themselves after 15 minutes iirc. This also allows you to create disk image passwords of arbitrary (military? FIPS?) complexity without having to memorize them. If someone happens to steal the DMG file, they have no way of knowing the password is stored in some auxiliary keychain somewhere that has what might be a much easier to break password.

But if someone gains access to your computer, all of those super-strong passwords go by the boards in favor of the possibly weaker keychain password.

Bottom line is that there must be one password that is both super-strong and unforgettable at the same time.

Catch-22 again?
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#37648 - 12/06/15 02:24 PM Re: second password [Re: artie505]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
I think I have the answer to my password problem. I must have created several dmgs before realising that I had to trash the disk image after giving my password otherwise anyone could just open it up and read the contents. I only keep the confidential file dmg and if I want to open it, the password creates a disk image in which is my goodies. Have I got that right? Anyway it works for me. Thanks for the considerable time you took trying to explain just how really easy it is...once you know how. I have noticed that my confidential file does not appear in KA. jaybass

Top
#37650 - 12/07/15 12:38 AM Re: second password [Re: jaybass]
artie505 Online


Registered: 08/04/09
I'm happy to hear that you've finally got it working ( cool ), but I don't think your reasoning is on the mark.

Your "I cannot forget my password" has (too late in the game) gotten me thinking that after you created your first disk image and stored its password in your keychain you likely created all of your subsequent images with the same name and password, so regardless of whether you checked the "Remember..." box or not, they got opened by that original entry; you've apparently deleted the offending item from your keychain, though, and thereby solved your problem.

It's been quite a trip, but all's well...
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
Page 1 of 2 1 2 >

Moderator:  alternaut, dianne, dkmarsh