I’ll share a story about how macOS passwords can be easily reset, so we should set firmware passwords as a countermeasure.

Background: Mac Passwords Can Be Easily Reset...

I heard the scary story that “if a Mac is stolen, passwords can be easily reset,” so I’ll introduce password reset methods and countermeasures.

Password Reset Method: resetpassword from Terminal

If you can't log in with the new password after restarting your Mac, follow these additional steps:

1. Restart again, then immediately press and hold Command-R or other macOS Recovery key combinations until you see the Apple logo or spinning globe, then release.
2. When the "macOS Utilities" window appears, choose Utilities > Terminal from the menu bar.
3. In the Terminal window, type "resetpassword" and press Return to open the "Reset Password" assistant shown above.
4. Select "Password doesn't work when logging in" and click Next, then follow the onscreen instructions for your user account.

Source: Change or reset the password of a macOS user account - Apple Support (macOS ユーザアカウントのパスワードを変更またはリセットする - Apple サポート)

Countermeasure: Set Firmware Password

• Set a firmware password on your Mac - Apple Support (Mac でファームウェアパスワードを設定する - Apple サポート)

That’s all from the Gemba on wanting to take countermeasures so that resetpassword cannot be used if a Mac is stolen.