Password Hints Can Be a Good Thing

As a general rule, I don’t like password hints. If the hint is any good, it would give an attacker additional info to crack your password.

However, I had that sinking feel of dread the other day after I rebuilt a MacBook Pro, attached the TimeMachine backup drive and was prompted for the password.

image macos-encrypted-drive-password-prompt

On the previous build of the computer, I must have entered the password, saved it to the keychain and forgot about it. But luckily, I use pass so I just called up the relevant password, typed it in…and it failed. I tried several others, nada. I was at the point where I was going to just wipe the drive and start over, resigned to losing some data. On a whim, I hit the password hint button:

image macos-encrypted-drive-password-prompt-with-hint

Behold! I was using the wrong password store “key” and the hint gave me what I needed. I doesn’t give an attacker much info except how I organize passwords. Of course, if they have access to my computer, my RSA keys and my passphrase, they could then access the encrypted drive. But honestly, at that point, it’s pretty much game over anyway.

So, from now on, I’m always going to include the lookup “key” as the hint for macOS encrypted drives and volumes. It’s a data saver!

About Andrew Hoog
I like to tinker in mobile forensics, security, tools development and nodejs. I’m an author, inventor, expert witness and co-founder of NowSecure.