OS X Lion May Show Passwords In Sleep Mode [Warnings From Password Recovery Services Say That Lion Has A Flaw In Which Passwords Can Be Revealed]

Posted on TFTS by Steve Anderson on Wednesday, 27. July 2011 under: Computers & Computing, PCs, Notebooks, Netbooks & Tablets

If you’re one of the many folks out there that picked up their new copy of OS X Lion when it finally emerged just recently, then you may well want to know about a potential problem with OS X Lion that might just end up giving away some of your passwords.

Sounds sensationalist, I know, but as it turns out, a key feature of OS X Lion may well be a big problem for those who aren’t keeping an eye on things. And if you’ve got OS X Snow Leopard, you’ll also want to look into this as you’re not off the hook either.

The item at issue here is the automatic login setting. Password recovery software vendor Passware, who offers a line of high-priced password recovery software geared toward law enforcement, says that those using their software with a Mac with automatic login enabled will be able pick up not only login passwords, but also those passwords in the Mac keychain, which includes a huge array of possible sites you’d never want anyone to have password access to. Getting into said passwords requires a connection to the Mac’s FireWire port, which in turn allows direct memory access.

Admittedly, that doesn’t seem like much of a problem (Passware’s software retails for $995, so who would actually buy it besides law enforcement?), but what’s even better is that, apparently, there’s a simple solution to keep folks out of your Mac keychain. The method in question is to just disable the automatic login setting. Doing that, and then turning off your Mac, means that no passwords will actually be saved in memory, and there will be nothing to steal.

But if that doesn’t sound palatable, there’s another option that won’t have you memorizing passwords: disabling the FireWire port has the same effect, according to Passware.

It’s another good reminder to not use password storage on your main hardware, no matter whether it’s Mac or Windows based.

So what do you guys think here? Anyone use automatic login settings? Thinking about disabiling those settings in light of this new information? Or do you think that Passware is jumping at shadows in a bid to drive up sales? Whatever you think about the subject, we always like hearing from you, so head on down to the comments section and tell us what you think!