File Vault access query

[inscrewtable]

I have used filevault to encrypt my HD. I have also set up a separate account to be used only for troubleshooting. If I were send my MBP in for servicing and it is unlocked using the troubleshooting account and say for example the computer or HD was replaced. Is the data in my main account secure or is it now insecure because the HD was accessed with the troubleshooting account.

Hope that made sense.

 

[maflynn]

FileVault 2 is an entire drive encryption solution, so if the other troubleshooting account is used, then the drive is essentially unlocked.

My recommendation is to back up the computer, wipe it, then send it in, and have Apple fix/replace it.

 

[Weaselboy]

Is the data in my main account secure or is it now insecure because the HD was accessed with the troubleshooting account.

I would wipe the drive and do a fresh OS install and setup a temp account to send it in. Like maflynn said, if you give them access to a test account, it is very easy to access files in the other real account from the test account.

 

[inscrewtable]

OK that is what I have been doing in the past, backing up twice to two bootable clones and then wiping and cloning back. However I was wondering about a situation where the computer just packs up and I am unable to wipe it.

If I was working on it at the time, so that the drive was unlocked does that mean in the above situation that no data could be accessed? Just want to check this.

 

[DeltaMac]

If the computer dies, you would want to remove the drive, place it in an external case, and try to get the data off that way. If the drive itself has died, and you can no longer access the drive, then, filevault or not, no one else is likely to access your data, it's just gone (outside of the big bucks for a commercial data recovery service.
Then, you have the drive replaced, and use whatever prior backup you have to restore your data.

 

[KALLT]

OK that is what I have been doing in the past, backing up twice to two bootable clones and then wiping and cloning back. However I was wondering about a situation where the computer just packs up and I am unable to wipe it.

If I was working on it at the time, so that the drive was unlocked does that mean in the above situation that no data could be accessed? Just want to check this.

No, the drive is still encrypted when that happens. There is a difference between encrypting and unlocking a disk (which is what you do when you enter your key/password). When you enable disk encryption, your computer will encrypt the entire disk once and everything else in realtime. Assuming that this process is completed, a hardware failure will still protect your data even when it was unlocked at the time. I am not sure what happens when your computer dies while it is encrypting a file. I assume that this could theoretically be retrieved with forensic software, depending on the state it is in.