I forgot the password for my new m1 MacBook Pro using If you can't reset your Mac login password - Apple Support . Specifically the directions under “Use the Reset Password assistant”.
I was able to select a new password and log on. Is it really this easy? What is the point in having a password if someone can just reset it like this?
Before getting to the Reset Password Assistant, you had to go through some extra steps to verify your identity, including two-factor authentication. You did set up two-factor authentication, didn’t you?
Of course, what you should really do is set up a separate administrative account with superuser privileges that installs all software and system configurations, and a normal user account that does not have such access because it is actually trivially easy to do any number of things with root/admin access. Then you could log into the admin account and reset your user password as necessary instead of relying on Apple and their two-factor authentication scheme which can also be broken with some modest effort.
Stranger
Note that doing this DOES NOT recover any passwords stored in the Keychain, so most times, this is not what the user wants to do.
Besides, if one is not using File Vault, it isn’t even necessary to have any password to get access to any user’s files…
No, I did not. I guess that was the step that I was missing.
In general, if you have physical access to a machine and nothing is encrypted, you can break security. File vault and keychain encrypt their contents. No password to these and you are not getting far. Otherwise it is just speed bumps on the way in, and no roadblocks.
MacOS follows the more modern tactic of disabling root login and enabling sudo aka administrator access on selected accounts to allow for system management tasks. Those of us from a bygone era still miss root access as a way of working. (One can still put a password on the root account if wanted.)
But once one has physical access, the machine is yours. Encryption protects the data only.
In the modern world it is best to regard the physical computer as a cache for your data and as a device to perform computation. Have a local encryption protected copy of your digital life on the computer, but the master copy in a secure system that is not subject to theft, disaster or malfeasance. It should be possible to lose the computer and be able to restore your world onto a brand new computer with only minor upset. Apple do an OK, but imperfect implementation of this.