Remove User Names from Login Window for Added Security in OS X

Jul 17, 2014 - 7 Comments

Usernames hidden from login screen in Mac OS X

The login screen of OS X defaults to showing the account pictures and user names of all accounts on the given Mac. This is undoubtedly convenient for most users as it makes logging into accounts much faster, but for situations where a Mac requires higher security, users may wish to hide user account names from the login window, thereby requiring a complete authentication of both a username and password.


The reason this is more secure is fairly simple: not only would an unscrupulous individual have to know or guess the password for a user account, but now they would also have to know or guess the username for the account too. By hiding the user accounts from the login screens, there are no hints offered as to what user accounts are on the Mac, and a proper username must be known in addition to the appropriate password, offering a layer of privacy and obscurity to help protect the Mac.

How to Hide User Names from Mac Login Windows

Requiring the full user authentication at any Mac login screen in OS X is easy, here’s how to enable this feature:

  1. Open System Preferences from the  Apple menu and choose “Users & Groups”
  2. Click on “Login Options” in the lower left corner, then click the lock icon to authenticate with an admin user to be able to make adjustments
  3. If it hasn’t be done already, set “Automatic Login” to OFF*
  4. Set “Display login window as:” to ‘Name and password’
  5. Display login name as password and username field in Mac OS X

  6. Close out of System Preferences

You can now log out, reboot, or lock the Macs screen to test the change yourself. The login window will appear as usual, but there will no longer be a list of users and accounts shown, instead a basic prompt for a complete username and password is necessary to login to the Mac.

Complete login required in Mac OS X

All user accounts on the Mac will continue to work as usual, including a guest account, but the proper username for each account must be entered properly. Note that full user names or short usernames work for this purpose.

Of course, this is no replacement for using a secure password and securing a Mac in general with things like FileVault and boot passwords, but it’s an added security trick that can help to add another level of security to Macs. This can be particularly important in public computers and work machines, though it would obviously still have security benefits for more typical portable and home situations too.

* You’ll need Automatic Login turned off for this to work, otherwise a Mac that has been rebooted, locked, or logged back in will simply boot into the desktop without prompting for a user login anyway.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: Paul Horowitz in Mac OS X, Security, Tips & Tricks

7 Comments

» Comments RSS Feed

  1. eric says:

    Paul:

    Great article but there is one other caveat you did not mention.

    To get the Name and Password fields to show up for login you must also turn off “FileVault”! For some reason, beginning with Mt. Lion when you turn on FileVault, Apple also decided to disable choice of “Display login window as” choice. No matter what you pick now you are stuck with the “List of…” choice.

    Sad to say when FileVault is a way to keep your machines data secure!

    • Toby says:

      Sorry Eric, but this simply isn’t true. I’m running Mt. Lion with FileVault enabled and this works for me. Check your machine for a bug.

      • eric says:

        Toby:

        I don’t mean to question you but… You are saying when you REBOOT your machine and you have your System Pefs>Users & Groups>Login Options… > “Name and password” option selected you get the two fields? and your are sure you have FileVault turned on?!

        I know it works if I just logout the machine but if I reboot I always get the “list”. I (and others) have been looking for a solution to this one for a long time so I am very surprised that you are getting it!

        From this discussion it seems to have been determined that this is the way FileVault 2 was built to work. See

        If you have it working (IMHO) the way it should work, I would love to look at your machine and it’s com.apple.loginwindow.xxxx files! Maybe it’s something you did that locked them into the proper style of login.

        Thanks Toby

        • Toby says:

          No. On reboot w/ FileVault, the authentication prompt loads prior to the OS. Upon logout and subsequent login, the name and login option will load like this hint describes. Sorry for any confusion.

          Maybe adding a second Admin account will remove the autofill of a user name at boot? FileVault is nice for security (I travel for work) but adds a few annoyances too, so I guess it’s a trade.

          • eric says:

            RE: Maybe adding a second Admin account will remove the autofill of a user name at boot?

            I WISH! :-)

            When a user uses FileVault… upon reboot, the user will be presented with a list of users. :-(

            Maybe with FileVault 3 they will fix this issue… but with Apple these days I wouldn’t hold my breath.

            Thanks Toby

  2. Brian from Boston says:

    Is there any way to have the system erase itself after ten consecutive wrong password attempts?
    I like the way iOS does this and would like to do the same with my mac.

    • eric says:

      While iOS has that feature built in there is no way to do it with the current Mac OS.

      However, you might want look at a free service from Meraki (now owned by Cisco) called the MDM (Mobile Device Manager). To use it you create a “dashboard” account then get a cert from apple then install the MDM on any device you like. Computers, Phones even pads of any make, you can then locate, lock or wipe them from anywhere. Just follow the instruction on the site.

      It’s very cool and I use it on most of my clients machines because if their device is lost or stolen I can brick them with a single click! Even better on a computer I can send it command line, so just think of the stuff one can do with that…

      If you want to check it out go to: https://meraki.cisco.com/products/systems-manager.

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates