My Macbook was stolen - do I need to change all my passwords?
June 4, 2014 8:56 AM

I had my Macbook stolen last week. I believe it was set to automatically log into my user and it logs into all sorts of websites (Paypal, Amazon) automatically. So I'm inclined to go change all my passwords, but immediately after the theft, I activated all of the timebombs in Apple's Find My Mac, and it hasn't popped up online. Can I assume that the thief can't use my login information, since he doesn't know my admin password and if he ever goes online and tries to use my auto-login stuff, the computer will lock down? Or can he migrate that data over to another computer and use it there?
posted by sdis to Computers & Internet (6 answers total) 1 user marked this as a favorite
It depends. If your disk isn't encrypted, it should be possible for someone to take it out and read the data off it, including Firefox's password cache. It's also theoretically possible to block all traffic except to Amazon. I would change the passwords.

This could be a good opportunity to start using KeePass, LastPass or any of the other password managers that mean you don't have to memorise them all.
posted by katrielalex at 8:59 AM on June 4, 2014


You are probably okay, but yes, you should change all your passwords and find the "logout other sessions" of things like facebook and gmail.
posted by bensherman at 8:59 AM on June 4, 2014


It's a big pain to change all your passwords, but it's also a good idea. I would change every password with access to spending and/or private data. Login to nytimes.com, whatever.
posted by theora55 at 9:00 AM on June 4, 2014


I think that you should change all your passwords on general principle. It's a maxim in computer security that, if someone has physical access to a computer, then they have access to everything.

In the case of someone else's laptop, it would be easy (I think) to boot into single user mode, create a new admin account, and then do whatever you want.
posted by thelonius at 9:02 AM on June 4, 2014


To put my answer in the form of a question: is whatever your reason for not wanting to change passwords worth the lost time and money that might occur if the thief poses as you to one of these accounts?
posted by JohnLewis at 9:09 AM on June 4, 2014


Physical access means that a determined hacker can get into your device. All those passwords are buying you is time, and you should use that time to change all of them before it's too late.

Maybe they don't care about getting into your email, but if they do care, they can ruin your life. I wouldn't take the chance.
posted by empath at 9:06 PM on June 4, 2014


« Older Bought new running insoles; horrible blister after...   |   Gardening Resources? Newer »
This thread is closed to new comments.