security question about remote erase

Discussion in 'OS X El Capitan (10.11)' started by bryan.cfii, Jun 28, 2016.

  1. bryan.cfii macrumors member

    Joined:
    May 13, 2011
    Location:
    Iowa City, IA
    #1
    So I have an old macbook air that I have dedicated to bill paying and quickbooks. Passwords are: Firmware, OS/User, and Quickbooks app.

    For online I use Multifactor Authentication and I have FIND MY MAC for the remote erase option if needed.

    However, how is Apple supposed to find this computer to erase it unless it just so happens to be turned on, some one figure out the user account password and hop onto a network? Even if it just sits at the log in screen, I don't think it will just hop onto open networks by itself.

    Also, it seems to me that someone could just go around all of this by opening the MBA up and replacing the hard drive on this model, or at least view the /User folders (although they should be behind a password themselves from what I understand).

    I'm wondering if the whole remote wipe thing is something that I can't really count on as one of my options. Can anyone verify or straighten me out on this if I'm not seeing things properly?
     
  2. Weaselboy, Jun 28, 2016
    Last edited: Jun 28, 2016

    Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    You should turn on OS X FileVault to encrypt the main drive. That way no thief can access your data or reset the admin password. What this also does is create a Safari only "guest" account. The hope is the thief will login to the guest account, and that will allow the Mac to connect to the Internet and that in turn will apply the remote lockdown and erase command you issued over FMM.

    https://support.apple.com/en-us/HT204837

    By enabling the firmware password like you have (smart move) you have prevented anybody from using another drive. If they install another drive, they will not be able to boot to it, since you have locked the boot drive to the existing disk with the firmware password.

    So with FileVault and a firmware password on, if somebody steals your Mac, they pretty much have a boat anchor.
     
  3. bryan.cfii thread starter macrumors member

    Joined:
    May 13, 2011
    Location:
    Iowa City, IA
    #3
    Wow! Thanks for reminding me about FileVault! Duh! I have never used it so I guess I just glazed right over that as an option. This is exactly why I thought I'd ask this question. Thank You.

    I didn't know exactly that the firmware password did what you explained. I guess I saw it as more of a thing to prevent admin changes or hardware settings changes on the machine.

    From past experience with helping a friend who was being followed and tracked by her ex-husband, Her Windows Vista computer started out with a key logger. I removed that and changed her user password and put a firmware password on it, and that frustrated him but...
    he then went to her apartment, took the drive out, went through the files and put another keylogger onto it. She knows this because he emailed what were new pictures to her and told her that no matter what she did, she couldn't hide anything.
    A real nut, but anyway the point is he seemed to just go around the firmware password in that case so I always saw it as more of a low level measure than what you described. Granted, that was a Windows Vista machine and I don't know if there are big differences or not.

    I really appreciate your help Weaselboy!
     

Share This Page