Buy or Renew
Buy or Renew
NOTICE: OpenDNS Service Currently Not Available To Users In Belgium. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
0
Helpful
15
Replies

OpenDNS can be over-ridden.

g_thomas
Level 1
Level 1

‎04-19-2015 08:04 PM

Having used OpenDNS for quite sometime I am a bit frustrated at the lack of front-end security. We use all MAC's from Snow Leopards to a new OS X Yosemite. My 15 year-old son is able to easily by-pass OpenDNS by simply clicking the "Forgot Password" link. Then he enters my email address and bingo, click the link in the email and change the password and he in. GREAT! Those familiar with MAC's know that passwords are stored in the KeyChain. I've removed the saved OpenDNS password key from the chain but that doesn't help either. Once he logs-in with the new password MAC's give you the option to save the password in the KeyChain. Or more clever still he can simply write down his new password and elect not to save it in KeyChain and nothing is changed. I've tried several work-arounds but he beats everyone of them. I still believe that OpenDNS is the best technology available but this is really frustrating. Maybe I should just lock-up all my computers. But then he's use his iPhone and hack it through there. Any suggestions? :-(

Labels:
0 Helpful
15 Replies 15

alexahar
Cisco Employee
Cisco Employee

‎04-22-2015 07:31 AM

"In OpenDNS' login page it states: "Forgot Your Password." All one has to do is click the link put in my email address and an e-mail will be sent with a link to change the password. Once that's done, bingo, you're in."

The forgot password system relies on the email address tied to your account not being accessible. In 99.9% of cases, the user trying to gain access will not have access to your account's email and therefore will not be able to gain access via the method you describe. I'd recommend using different Mac accounts and avoid having your email program authenticated to every user. Did you know that you can also store your personal passwords in a different keychain with a unique password?

As it's been mentioned, you should consider your email account access an alternative authentication method (via password resets, etc) to any service you sign up with that email from. With access to your email account, you should consider every single service you signed up for to be accessible to your entire family because you have granted access to your identity in the form of your email address. 

You will need to either use a private email address or lock out your email account to prevent your son from regaining access to your OpenDNS or other accounts that you are giving him permission to do by sharing your email account. 

0 Helpful
Customers Also Viewed These Support Documents