If you like to use long random passwords for things like encrypted disk images (created in Disk Utility) you may have noticed Apple make this rather difficult. Simply put, Apple decided to block the pasting of passwords when creating disk images. Some people suggest this was to make brute force attacks on these encrypted files more difficult, but in reality that doesn’t stand up to reason. Using the command line passwords can be pasted, and it is much easier to launch a brute force attack at the command line level than through a GUI. But I digress.

Typing out long random passwords manually is a pain. This encourages people to use short passwords that are easier to remember and/or type. So the effect of Apple’s move is that it may encourage people to use less secure passwords, all for zero gain. Here’s how to resolve this.

You’ll need to fire up AppleScript Editor. Paste in the following script:

You can remove the second to last line if you don’t want the password dialog to be submitted automatically. The script is designed to handle setting the password when creating a disk image (which requires entering it twice), and the submission of the password when opening the disk image (which only requires entering it once).

Save the script. Next you need to set up a way to trigger and run it easily.

UPDATE: A much better script

UPDATE [March 19, 2015]: Below is an improved script I have pieced together. It has the following features:

  • It will detect and not run if the SecurityAgent isn’t actually running (i.e. you’re not being asked to enter a password by the SecurityAgent).
  • It will actually do the copying of the password from 1Password 5. If you use another password manager, you will need to make the necessary changes to the variable passManager. You may also need to edit the menu commands your password manager uses for copying the password from the current item. See the comments in the script.
  • It will check if you are creating a new password and, if you are, it will let you specify if you wish to save that password to your keychain.
  • … and it has a few other minor bells and whistles that old script didn’t have.

The simpler script I posted on March 8th, 2015 is below. It’s without all the tricks of the March 15th script, but may suit your needs better if you don’t want so much automation.

If you would like to ensure the “Remember password in my keychain” is never ticked, the last TELL statement (tell application “system events”) in the above March 8th script can be changed to this:

Shortcut to the script

You will also need to tick “Enable access for assistive devices” in the System Preferences. There’s an option for that in Accessibility preferences:



You should now be able to copy and paste complex passwords from whatever you use to generate and store your passwords. I use, and highly recommend, a great app called 1Password.

Update for Mavericks and Yosemite

Accessibility options have changed in recent versions of OS X (starting with Mavericks, as far as I can determine). You will need to specifically add your preferred shortcut app to the Accessibility preferences. For instance, you may need to add Alfred, or add Automator. This will depend on which you decide to utilise.


Further Yosemite automation issues:

Further testing on my system indicates Yosemite treats an unsigned script as changed (and therefore as a potential security risk) each time you run it. This makes things complicated for those who wish to through a few scripts in here and there. Because every time you run it you will need to grant it Accessibility permissions.

I know of a few options to work around this. One is to save my script using Script Editor (formally AppleScript Editor) as an application, and you will need to sign it when you do that. That means generating a Certificate Authority in Keychain, and use that to sign your applet. Alternatively, you can follow the information provided by Apple here. That’s the way I recommend going about it. UPDATE: Turns out that info is for Mavericks, and the PLIST file it links to does not exist. I will have to post a solution later. I’ve run out of time on this.

The script provided here on macosxautomation.com might also be useful.

Using an Automator service to run the “paste password” script

You can use Automator to create a system service that will run the script. Once you save that new service, you’ll be able to assign a keyboard shortcut to it using the System Preferences in OS X.

  1. Run Automator.app
  2. Create a new Service
  3. Set the service to receive no input. You’ll find this at the top of the actions pane, “Service receives…”
  4. Add a “Run AppleScript” action
  5. Paste your script into the action (keeping the “on run” and “end run” lines at the beginning and end)
  6. Save the service
  7. Open the System Preferences, and bring up the Keyboard Preferences
  8. Select the Keyboard Shortcuts pane
  9. Select Services in the list on the left.
  10. You should find your new service near the bottom of the list of available services, in the General section. Make sure it is ticked, and add a keyboard shortcut to it (using a key combination that is not likely to be already in use).
You may need to restart your system to get the shortcut to activate.

Using Alfred to run the script

If you have Alfred (with the Powerpack) you can use it to run the above script.

  1. Create a new blank workflow in Alfred
  2. Add in the Trigger called “Hotkey
  3. Assign a hotkey shortcut (something that’s not already in use)
  4. Add in the ActionRun Script
  5. Select script language, “/usr/bin/osascript”
  6. Paste the script (from above) into the script area.
That’s it. Make sure you added Alfred to the Privacy system preferences under Accessibility (see above). You can now use Alfred to paste your password into OS X password fields.

Using Quicksilver

A free alternative to Alfred is Quicksilver. You can use it to run a script also.

Simply create a new Trigger in Quicksilver. Tell it to run the script you created above (you’ll need to locate the script in the folder you saved it to).

Edit the Trigger and set a hotkey.

Make sure you added Quicksilver to the Privacy system preferences under Accessibility (see above).

Using Fastscripts

Another great way to run scripts, via shortcuts, is the app called FastScripts. For loading in up to ten shortcuts it is free. It’s around $10 if you need more.

Using the command line instead of a script

You can also use the command line (via Terminal.app) to mount your disk image. Here’s the command to use:

If the image file has a long path, you can simply type in hdiutil attach and then drag the file from finder into the Terminal. Then add -stdinpass and hit Return.

You can also use the command line for creating an encrypted disk image, and doing it this way will allow you to paste your password in.

Use these commands:

You’ll need to replace “thesize” and “thename”. The size is the maximum size of the sparsebundle. It won’t take up this amount of space until you actually add that amount of data into the image, but this will determine the maximum amount of space it is allowed to take. The name is just the name of the image file. The actual volume inside the image you can name from within Finder, once you’ve mounted the image.

When doing the cd command, if the path is a long one, remember you can drag the folder from Finder into the terminal, and the path will automagically appear.