[giberson]

Forgive the off the cuff suggestion here, it's the quickest and simplest thing I can think of though not an optimum way to use your laptop and you're probably hoping for a more elegant solution.

What if you install virtual box w/ some free OS (like ubuntu). Store all your personal information within the virtual machine which is configured with a secure login. Then you can leave the laptop unsecured so you can use your other apps to dictate the password to the ubuntu OS for login.

[escapologybb]

You know, I hadn't actually considered that! That certainly could solve quite a lot of the security problems, but as you say it adds a layer of complexity to an already complex method of using my computer. Excellent idea though :-)

[ultimoo]

If you think OS X offers better dictation/accessibility support than Ubuntu does you can also virtualize OS X on OS X using VMWare Fusion. I'm sure there are other ways of doing this but I know that VMWare Fusion supports this [1]. I don't believe that you will even have to pay for licensing OS X since it is already on an Apple manufactured hardware.

[1] http://kb.vmware.com/selfservice/microsites/search.do?cmd=di...

[mapgrep]

You are correct, the OS X EULA since 10.7 Lion has allowed two additional instances to be run within virtualization at no additional charge. Here is the EULA for 10.8, search for "virtual": http://www.apple.com/legal/sla/docs/OSX1082.pdf

("...you are granted a limited, non-transferable, non-exclusive license... (iii) to install, use and run up to two (2) additional copies or instances of the Apple Software within virtual operating system environments on each Mac Computer you own or control that is already running the Apple Software, for purposes of: (a) software development; (b) testing during software development; (c) using OS X Server; or (d) personal, non-commercial use...")

[moheeb]

I use this exact method to get around VPN restrictions. Works great running a VM Windows 8 within another instance of Windows 8. On an SSD the VM seems to be as fast as the actual machine.

[Simucal]

How does that get you around VPN restrictions? Do you then forward your traffic through some proxy?

[hobs]

I think the virtual machine is vpned and the external machine is not. Then you can get all the traffic you need passed through the inner vm while still getting outside traffic on your main.

[superuser2]

The Ubuntu VM's virtual hard disk is right there for the taking, though.

[s_q_b]

Adversary profile precludes this vector.

[samstave]

I would like this as a bumper sticker/answering machine message.

>Ring....

>Ring...

[pickup]

>"Adversary profile precludes this vector"

[/hangup]

[escapologybb]

I use than SIP provider for all my telephone stuff, which gives me the ability to have menus etc.

I've now got one for "press one if you're calling me about an unbelievable sales opportunity" that gives the exact response. I have no idea if anybody has called it yet, but it's kept me laughing for the past three days!

[deegles]

Could you provide some details on how you set that up? It sounds interesting!

[escapologybb]

No problem, I first signed up for an account with SIP Centric[1], then once you've bought a phone number, you click on IVR menus in the sidebar and then it is point-and-click from there on; it really is surprisingly easy!

[1]: http://pbx.sipcentric.com/

[s_q_b]

I can't tell you how happy that makes me.

[ansible]

An encrypted home directory will help some with that.

[superuser2]

Assuming you shut it down every time you walk away. AFAIK VirtualBox doesn't encrypt snapshots (which include RAM contents and therefore the encryption key).

OP could get at least get screensaver-lock functionality, but actual security in this situation is hard.

[ghswa]

That won't work since escapologybb can't type a password at the OS X lock screen.

[sequoia]

encrypted home dir on the guest OS, not host.

[ghswa]

At least the Ubuntu VM can be password protected and encrypted, unlike OS X in this scenario, or am I missing some other issue?

Using a VM as the "real" machine seems to be at least as effective as any other suggestion made here and far less brittle.

[mcgwiz]

You could use something like TrueCrypt to encrypt the vhd/vmdk(s). How aggressively you mount/unmount the volume depends on the circumstances.

[TylerE]

That's just punting. How does he login to the secure VM?

[mbreese]

You're jumping the gun a bit... the main problem is that they can't secure their main computer, since they require dictation to work in order to enter passwords. For the main login screen, the dictation software isn't loaded yet.

If they can password-less auto-login to the main computer, then use their dictation software to load up a VM, that VM could be considered secure.

As a side note, can't you also run Mac OS X as a VM guest from a Mac OS X host? I thought that Apple made that license change a while back. If that's the case, they could keep it all Mac, if they'd like.

[ghswa]

This certainly seems to be allowed: http://stackoverflow.com/a/39247

[almost]

He can type things using dictation and that would presumably let him log into the VM, his problem is that the dictation won't work for the OSX lock screen.

The idea probably has some other practical problems though.

[TylerE]

I don't see how that would make it harder. Audio surfing is easier than should surfing. Wonder if he could somehow get his one-button clicker to translate morse code into ascii. Then he really could log in in a fairly secure way.

[wtallis]

Audio eavesdropping could be pretty easily defeated with a challenge/response system. And if the speech recognition system is powerful enough, the response to the challenge could simply be to repeat the challenge in your own voice - which would be really user friendly.

[cube13]

I don't think he's trying to make it more secure, just trying to get a minimum level of security where he can open the laptop and input a password. Right now, the OP is unable to do that due to OSX not allowing any applications to run at the login screen.

[hackmiester]

If I had to guess, he would "use [his] other apps to dictate the password to the ubuntu OS for login".