Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Nuclear Launch Codes - how do you secure sensitive data on your new MacBook Pro

Depends how important the data is. If it's really top secret, then destroy the computer in the event of a hardware fault and restore from backup to your replacement machine. If this sounds drastic then your data really isn't that important, so just proceed with a wipe & restore like any normal person would do. Time Machine is more than good enough for most users.
 
  • Like
Reactions: KGB7
If it's about hardware issues, the genius don't need your login. I have had my Mac serviced without them even asking me my login info. The genius will boot off their external network drive anyway to access the hardware information.
For safest method, best way is to do a full backup, then wipe out the machine (if it's possible) before giving it to 3rd parties.
 
This is a real pet peeve of mine, and I suggest anyone else who finds this system broken give feedback to:
www.apple.com/feedback

It is absurd that the Apple Store demands an administrator account to do repairs. At first I was blow away that they wanted to log in at all (they did diagnostics from a netboot volume just fine). Then when I created a separate account for them to use, they insisted it had to be an admin account.

I wiped the drive clean with Disk Utility in the store. When the "Genius" looked at me like I was crazy, I pointed out that's what backups are for. And no, verbal assurances that "nobody will look at my data" don't appease me.
 
Many thanks, everyone. Lots of smart people here with lots of good advice.

1Password, disk images, FileVault and guest accounts -- I'm confident now that I can reach an acceptable level of security with a MacBook Pro. Of course, all are dependent on the quality of the password I use and how serious someone is about breaking in.

At first I saw little value in FileVault with newer machines. In the past, someone could bypass your OS login by pulling your hard drive and connecting it to another computer to read your unencrypted data. FileVault solved that by encrypting the data itself. Nice. But that's not much of an issue these days now that the SSD is soldered to the motherboard. But then I did some homework and saw that FileVault allows me to remotely secure the hard drive if the computer is stolen and the bad guy puts it on the Internet. It won't help much if the bad guy just wants my bank account passwords and never puts the machine online, but it's a nice feature if someone steals my computer to sell it on craigslist.

Cheers.
 
A small correction, Remote Lock is a separate component from FileVault. It is, for instance, possible to have a machine that is remote locked but not FV encrypted.

Also remote wipe works in tandem with FV to erase the machine by shredding the FV encryption keys when asked.
 
Interestingly, I stopped by the Apple store today and the kid said they insist on knowing your login password if they keep your machine for repairs. He said diagnostics was done at the bench in front of you, but if they keep the computer they want your password. All the more reason for a Guest account, I guess.
 
Dave410 said:
Interestingly, I stopped by the Apple store today and the kid said they insist on knowing your login password if they keep your machine for repairs. He said diagnostics was done at the bench in front of you, but if they keep the computer they want your password. All the more reason for a Guest account, I guess.
Click to expand...

All repair centres do this, it's how they can verify the repair is completed. Apple recommend, if you were concerned, making a full backup and resetting the machine before sending it in for repair.

Same deal with iOS stuff https://support.apple.com/en-gb/HT201557
 
Makes sense.

I got to thinking about encrypted disc images and I remembered why I stopped using them. The backups took forever since it was a single 50 GB file and the entire file changed every time I changed one document inside it.
 
Dave410 said:
Makes sense.

I got to thinking about encrypted disc images and I remembered why I stopped using them. The backups took forever since it was a single 50 GB file and the entire file changed every time I changed one document inside it.
Click to expand...

Use Sparse Bundle Disks.
 
  • Like
Reactions: Weaselboy
Dave410 said:
Hi Guys,

I'm still struggling with this question -- how do you secure sensitive data on your new MacBook Pro if the hard drive isn't replaceable? The Genius can't hand you your old SSD when he takes your machine in back to replace the motherboard or when Apple replaces the whole computer for some reason. File Vault won't help because the tech would need your login password to troubleshoot, right? So how do you protect your bank passwords and business data from both grab-and-run thieves and the techies at Apple? Is third-party encryption software that only encrypts certain files the answer?

Cheers,
Dave
Click to expand...

If the data is that important to you, then you shouldn't be storing it on there.

There are lots of steps that can be taken to ensure the security of data. From doing absolutely nothing at all (less secure), to doing things that involve not storing the data on portable devices, or any electronic devices, at all (more secure.) Generally, the more secure the step, the less convenient it is for the user to access the data. It's up to you to decide the appropriate compromise between security and convenience.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back