Why is someone who is not you logged in using your account with the ability to click that button in the first place?
Layering security on the user account after login tends to annoy the hell out of people. Ask any users you know what they think of Windows 7/Vista's UAC.
I agree with your first sentence. I sort of agree with the people saying this behaviour is by design and is not a serious security flaw.
> Layering security on the user account after login tends to annoy the hell out of people. Ask any users you know what they think of Windows 7/Vista's UAC.
But this isn't another OS. This is OS X, which is built on BSD, and BSD is a secure OS. Another question to ask would be "Ask any users you know what they think of sudo".
I like the article. It's not sensationalist. It's not dramatic. It's just saying "Hey, do this! Surprised? This is why you need to be careful with your account and your password."
That seems reasonable to me. Many people Using OS X are not from a Unix background. They have never used a BSD before. They don't really have the security stuff ingrained.
Gentle reminders from time to time are a good thing.
Your login Keychain is usually unlocked - it's encrypted with a key derived from your password that's held in memory from when you log in.
You can lock your login Keychain (or any other) from Keychain Acccess (/Applications/Utilities) or from the security menu bar item (if you have it added) and you'll be asked for the password rather than asked to "allow" it.
