Here’s the scenario: I nuked and paved my wife’s iMac, as it was acting a bit odd. Prior to doing so I used Time Machine to back up everything, including the user accounts. We both have separate admin logins, so I did the backup from mine (which pulls in all other users.) The backup was placed on an external drive.
I restarted the computer more than once, wiping the disk via terminal a couple times for good luck, and only upon the first cycle had to enter an admin password. Then I reinstalled macOS via Recovery.
After the installation I was presented with the option to restore from the Time Machine backup, which I plugged in the drive and did. My wife was the only user I selected to restore, as I didn’t want my account on there this time. Here’s where the security question comes in to play: It had me choose a new password for her—now the only admin/user on the machine—without verifying any of her information: Not the old computer password, not her iCloud, no device authorization code, nothing. After I did so it did the restoration and took us to her desktop, complete with all of her info. (Files on the desktop, etc.) It prompted me for her iCloud password at this point, but I otherwise had access to her account.
Does this scenario seem odd to anyone? Couldn’t anyone have taken that external drive and restored her account (and mine probably, which again I didn’t select) without knowing any personal information? The last authorization of any kind in this process was when I initially booted into Recovery and had to enter my password (since at the time I was an admin), but since that time the disk was wiped, the machine was restarted and macOS was installed. This particular instance wasn’t a big deal since it’s my wife, but it did get me thinking so I wanted to ask.
I restarted the computer more than once, wiping the disk via terminal a couple times for good luck, and only upon the first cycle had to enter an admin password. Then I reinstalled macOS via Recovery.
After the installation I was presented with the option to restore from the Time Machine backup, which I plugged in the drive and did. My wife was the only user I selected to restore, as I didn’t want my account on there this time. Here’s where the security question comes in to play: It had me choose a new password for her—now the only admin/user on the machine—without verifying any of her information: Not the old computer password, not her iCloud, no device authorization code, nothing. After I did so it did the restoration and took us to her desktop, complete with all of her info. (Files on the desktop, etc.) It prompted me for her iCloud password at this point, but I otherwise had access to her account.
Does this scenario seem odd to anyone? Couldn’t anyone have taken that external drive and restored her account (and mine probably, which again I didn’t select) without knowing any personal information? The last authorization of any kind in this process was when I initially booted into Recovery and had to enter my password (since at the time I was an admin), but since that time the disk was wiped, the machine was restarted and macOS was installed. This particular instance wasn’t a big deal since it’s my wife, but it did get me thinking so I wanted to ask.
