File Vault access query

Discussion in 'OS X El Capitan (10.11)' started by inscrewtable, Nov 24, 2015.

  1. inscrewtable macrumors 65816

    inscrewtable

    Joined:
    Oct 9, 2010
    Location:
    Australia
    #1
    I have used filevault to encrypt my HD. I have also set up a separate account to be used only for troubleshooting. If I were send my MBP in for servicing and it is unlocked using the troubleshooting account and say for example the computer or HD was replaced. Is the data in my main account secure or is it now insecure because the HD was accessed with the troubleshooting account.

    Hope that made sense.
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    FileVault 2 is an entire drive encryption solution, so if the other troubleshooting account is used, then the drive is essentially unlocked.

    My recommendation is to back up the computer, wipe it, then send it in, and have Apple fix/replace it.
     
  3. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #3
    I would wipe the drive and do a fresh OS install and setup a temp account to send it in. Like maflynn said, if you give them access to a test account, it is very easy to access files in the other real account from the test account.
     
  4. inscrewtable thread starter macrumors 65816

    inscrewtable

    Joined:
    Oct 9, 2010
    Location:
    Australia
    #4
    OK that is what I have been doing in the past, backing up twice to two bootable clones and then wiping and cloning back. However I was wondering about a situation where the computer just packs up and I am unable to wipe it.

    If I was working on it at the time, so that the drive was unlocked does that mean in the above situation that no data could be accessed? Just want to check this.
     
  5. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #5
    If the computer dies, you would want to remove the drive, place it in an external case, and try to get the data off that way. If the drive itself has died, and you can no longer access the drive, then, filevault or not, no one else is likely to access your data, it's just gone (outside of the big bucks for a commercial data recovery service.
    Then, you have the drive replaced, and use whatever prior backup you have to restore your data.
     
  6. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #6
    No, the drive is still encrypted when that happens. There is a difference between encrypting and unlocking a disk (which is what you do when you enter your key/password). When you enable disk encryption, your computer will encrypt the entire disk once and everything else in realtime. Assuming that this process is completed, a hardware failure will still protect your data even when it was unlocked at the time. I am not sure what happens when your computer dies while it is encrypting a file. I assume that this could theoretically be retrieved with forensic software, depending on the state it is in.
     

Share This Page