The old TV and movie cliché of someone sitting down at a keyboard and rapidly trying out a series of passwords to “hack the mainframe” never really worked. But the protections Apple built into macOS with the introduction of a secure enclave on its computers have taken that cliché from imaginary and futile to completely absurd.
It’s true that many computing systems, whether through terminals or direct physical contact, don’t have any kind of speed limiter or protection against so-called “brute-force” attacks. You could sit down and type in an infinite number of potential passwords or, more likely, find a way to run software that would simulate super-fast password entry. (Some companies have sold or still sell tools designed to automate password cracking on iPhones and iPads, especially numeric PINs and common passwords, but Apple continues to develop techniques to deter them.)
On Intel Macs with the T2 security chip and all Apple Silicon M-series Macs, the Secure Enclave enforces Apple’s limits on the number of times you fail to enter the correct password for an account. You’re generally unlikely to forget the password for a Mac that you’re actively using. You may notice that even if you use Touch ID or an Apple Watch to unlock your Mac, you’re still prompted for the account password. This is designed to help you remember it. If you restart your Mac, you’ll also be asked for a password for an account that has permission to start it. (If you have FileVault turned on, which I recommend, the account should be set to allow FileVault connections after startup or restart.)
However, sometimes your password ends up being memorized by your fingers. I’m sure this has happened to you. I recently had to reset an iPhone I had kept for beta testing and an iPad mini because I had completely forgotten the six-digit PINs for each, even though I had been entering them for years. I stumbled while entering the PIN once and realized that I had entered the PINs so automatically that I couldn’t recall them to my conscious memory. I had to reset both devices and used a secure password manager to store their PINs. Of course, this requires me to remember the password manager’s unlock password, but I sometimes enter it multiple times a day and I also entrust it to my spouse.
You can turn off the lock on your Mac, but be aware that you may lose track of its password if you don’t have to enter it for long periods of time.
You can turn off the lock on your Mac, but be aware that you may lose track of its password if you don’t have to enter it for long periods of time.
Foundry
You can turn off the lock on your Mac, but be aware that you may lose track of its password if you don’t have to enter it for long periods of time.
Foundry
Foundry
You may also have Macs that you rarely use or leave logged in without requiring a password to unlock them, and among the many passwords you’ve used in your life, the Mac account password has now eluded you. (You can turn off two types of auto-lock by setting System settings > Lock Screenn > “Require password after screen saver starts or display turns off” for Never.)
The first three times you enter a macOS account password incorrectly, you are reprimanded but not delayed. Then the delays begin: after the fourth time, you have to wait 1 minute, after the fifth, 5 minutes. This time increases to 15 minutes, 1 hour, 3 hours, and then 8 hours after the ninth time. After the 10th time, you have to turn to macOS recovery, where you have 10 more attempts with the same increasing delays. If you exhaust them, you can try using the FileVault recovery key process (if FileVault is enabled) and iCloud-based account password reset. If you work in a company that has a “FileVault institutional key,” you have 10 more attempts.
After entering an incorrect account password, macOS begins offering help before informing you of a timeout before the next entry.
After entering an incorrect account password, macOS begins offering help before informing you of a timeout before the next entry.
Apple
After entering an incorrect account password, macOS begins offering help before informing you of a timeout before the next entry.
Apple
Apple
Rebooting during this process resets the current timer. So if you have waited four of the eight hours of a timeout and reboot, you then have to wait another eight hours. Once all of the above 10 attempts are exhausted, the drive is unrecoverable even if you figure out what the correct account password should be.
Once you log in, those timeouts disappear, which Apple says is intended to prevent malware that might be running in an actively logged in session from intentionally disabling your device through failed login attempts.
This Mac 911 article is a response to a question submitted by igamesnews reader Real.
Ask Mac 911
We’ve compiled a list of our most frequently asked questions, along with answers and links to topics: read our awesome FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email us at [email protected] , including screenshots if necessary and whether you’d like your full name to be used. Not all questions will be answered, we don’t respond to emails, and we can’t provide direct troubleshooting advice.
