Can't disable "reset password with apple ID" backdoor through FileVault 2

Discussion in 'OS X Mountain Lion (10.8)' started by SoldOnApple, Oct 10, 2012.

  1. macrumors member

    Joined:
    Jul 20, 2011
    Messages:
    87
    #1
    So I decided to enable FileVault 2, but then I found out that anyone who has discovered my Apple ID can just slip right past it with the "Allow user to reset password using Apple ID" option that was selected in the Suer & Groups preferences pane.

    So I unencrypt, reset the machine, and go to that pane to untick that option, but as soon as I enable the lock changes thing, or change tab or do anything else, it ticks itself again. I cannot seem to disable this backdoor at all. I've tried searching for how to untick this box but I cannot find a solution.

    It is the Admin account, so it's not that. What's the point of FileVault if anyone can access my Mac with my Apple ID, either my seeing my password (which I enter multiple times per day), or just by calling Apple and pretending to be me.

    All I want to do is permanently disable that option so I can turn FileVault on again.

    I'm running retina MBP 10.8.2
     
  2. SoldOnApple, Oct 11, 2012
    Last edited by a moderator: Oct 11, 2012

    macrumors member

    Joined:
    Jul 20, 2011
    Messages:
    87
    #2
    I'm sorry about the rant, I was just frustrated after doing research into FileVault and seeing all the extra steps to keep it secure. It's been pretty concerning hearing about people being able to get your Apple ID just by calling Apple. This is the option I'm referring to, no matter what I do it reticks itself. [​IMG]
     
  3. macrumors 6502a

    dcorban

    Joined:
    Oct 29, 2007
    Messages:
    888
    #3
    It may be a conscious design decision to prevent the average user from unwittingly locking themselves out of their computer.
     
  4. macrumors demi-god

    Weaselboy

    Joined:
    Jan 23, 2005
    Messages:
    17,605
    #4
    Here is mine with FV2 on. I never put an AppleID in that field to begin with (before encrypting) and I wonder if that is your problem. Can you unencrypt then remove the AppleID from there altogether then encrypt again?

    [​IMG]
     
  5. macrumors member

    Joined:
    Jul 20, 2011
    Messages:
    87
    #5
    The option disappears with FileVault 2 turned on, so once it's on there is no way to check what that option is set to once encryption is already on. The only way to tell is to unencrypt, restart, and then check. But if you didn't have an Apple ID set to begin with, does that mean that option is automatically disabled?

    So the solution is to remove my Apple ID, then turn FileVault 2 on, then add the Apple ID again? Is there any way to be sure that the option hasn't automatically been ticked again after I add the Apple ID once FileVault 2 is on (as the ability to see what that option is set to disappears once FileVault 2 is on)?
     
  6. macrumors member

    Joined:
    Jul 20, 2011
    Messages:
    87
    #6
    Oh, the option is toggled off now. It may have just been a quirk. I'll restart again and see if it stays off.
     
  7. macrumors demi-god

    Weaselboy

    Joined:
    Jan 23, 2005
    Messages:
    17,605
    #7
    If you are not using the AppleID for password recovery there is no need to add your AppleID there at all that I can see.
     

Share This Page