Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

FileVault - Yes or No

jaclu

jaclu

macrumors newbie
Jan 12, 2021
3
0
hobowankenobi said:
One easy way to make it harder is simply creating a second admin account, with a different PW, so no tech can easily log in to your primary account. That would deny any snooping, and one could only access your data with some fairly serious work to change permissions. More than a snooper would do...only a serious hack/theft would attempt.
Click to expand...
I beg to differ, its pretty trivial when you have admin access. Any admin account can sudo into any other account, and that would leave no trace, as long as you clear the history of that activity, or even simpler, the admin account can just rsync the entire disk/home dir to another device, in order to not have to worry about potentially leaving traces and having the full data for later analysis. Admin users can also change other users pw in the System Preferences, thus getting full access without even having to use the terminal, however, you would notice if they have changed your pw :)
Probably not a likely risk factor when using Apple stores, but if you use a third-party repair shop, you have to take into account that they might not have the same ethical standards.

As long as you have a backup routine, wiping the disk before sending it to repair should be the obvious choice if you have any ambition for data privacy. The likelihood of a random repair shop dude even bothering to run data recovery on a device he is asked to repair is probably fairly low, but ok it could happen. If you're really want to be sure of blocking unintended access, just do the slower multi write reformat, then you have raised the bar for retrieving data from that disk to such a high degree, that the cost of attempting to access the unallocated data would be so high, that the dude in the repair shop wouldn't be able to access it even if he tried.
 
Last edited:
satcomer

satcomer

Suspended
Feb 19, 2008
9,115
1,977
The Finger Lakes Region
SRQrws said:
I'm curious as to how many people use FileVault and if it's really necessary on Macs with SSDs, T2 chips and auto-login disabled. I guess my question is, if you are set up to always require a password for login and you don't have a platter HDD that could be removed if stolen and accessed, is FileVault really necessary? I do encrypt my Time Machine backups on external drives and clearly understand the reason for doing so. But with the T2 chip, if someone stole the Mac and removed the SSD, could they get data from it? This may be a trivial question for the experts here, but I appreciate anyone's thoughts.
Click to expand...

your better of file encryption that’s built in! Just highlight the file/files and command button+i (Get Info key combination) and password protect those files!
 
H

hobowankenobi

macrumors 68020
Aug 27, 2015
2,125
935
on the land line mr. smith.
jaclu said:
I beg to differ, its pretty trivial when you have admin access. Any admin account can sudo into any other account, and that would leave no trace, as long as you clear the history of that activity, or even simpler, the admin account can just rsync the entire disk/home dir to another device, in order to not have to worry about potentially leaving traces and having the full data for later analysis. Admin users can also change other users pw in the System Preferences, thus getting full access without even having to use the terminal, however, you would notice if they have changed your pw :)
Probably not a likely risk factor when using Apple stores, but if you use a third-party repair shop, you have to take into account that they might not have the same ethical standards.

As long as you have a backup routine, wiping the disk before sending it to repair should be the obvious choice if you have any ambition for data privacy. The likelihood of a random repair shop dude even bothering to run data recovery on a device he is asked to repair is probably fairly low, but ok it could happen. If you're really want to be sure of blocking unintended access, just do the slower multi write reformat, then you have raised the bar for retrieving data from that disk to such a high degree, that the cost of attempting to access the unallocated data would be so high, that the dude in the repair shop wouldn't be able to access it even if he tried.
Click to expand...

Yes, all true. But you are referring to active intrusion and theft...

I was talking about snooping. Having worked years at an Apple service center, I am talking about giving out the single (admin) account credentials, and the tech logging in and diagnosing/working in that account, where everything is staring the tech in the face. And yes, I can tell horror stories of inappropriate files in the plain site, that could not NOT have been seen.

Using a secondary admin account is about the same as the notion of not leaving tempting items in plain view in a parked car. If a crook is willing to break into a car just to poke around, moving valuables to the trunk is only a very minor speed bump. But it does reduce the obvious temptation...it does lower one's risk of inviting a break-in.

As the saying goes, locks keep honest people out. Same with passwords. As a tech, I don't want to see anybody's data, email, or any other dirty laundry. So please...use a different admin account.
 
  • Like
Reactions: cool11 and Apple_Robert
cool11

cool11

macrumors 68000
Sep 3, 2006
1,823
223
Is there any need, to give any account, admin/whatever, when you bring your mac to an apple repair service?
I don't think they need it. And they can access the machine entirely.

Usually, all my sensitive data are kept in an encrypted dmg.
A hacker possibly can break it, but I think I am safe from any random access to my mac without knowing it.
 
Spudlicious

Spudlicious

macrumors 6502a
Nov 21, 2015
936
818
Bedfordshire, England
On every Mac I've said no to FileVault. I tell myself it's an added complication that could go horribly wrong, I have too many times had trouble accessing files because I've lost track of the password, I once lost the keys to my gun cabinet by hiding them and not being able to recall where. When it becomes non-optional I'll use it.
 
  • Like
Reactions: mwidjaya
M

Mike Boreham

macrumors 68040
Aug 10, 2006
3,917
1,904
UK
satcomer said:
your better of file encryption that’s built in! Just highlight the file/files and command button+i (Get Info key combination) and password protect those files!
Click to expand...

I would use this, but don't see any option to password protect a file or folder after cmd+i
 
M

Mike Boreham

macrumors 68040
Aug 10, 2006
3,917
1,904
UK
satcomer said:
when pop-up comes up you have to click the small arrow down then you password protest files, folders”. Just look right in from of the pop-up!
Click to expand...
I have clicked all the drop down arrows and don't see any mention. I have also googled and only found what I already do, encrypted disk image method.

Can you post a screenshot or link about this please.
 
Last edited:
  • Like
Reactions: hobowankenobi
Leon1das

Leon1das

macrumors 6502
Dec 26, 2020
285
214
Am I correct the assume that with FileVaule oFF (on M1 Mac) - I can open Recovery without the password - and via Disk Utility access all my disks content? (I tried - and it seems to me that is the case)

If so - I prefer to keep FileVault ON.

The only reason I hate FileVault on M1 - is inability to change login wallpaper...
 
  • Like
Reactions: BigMcGuire and hobowankenobi
Brian33

Brian33

macrumors 65816
Apr 30, 2008
1,472
372
USA (Virginia)
Leon1das said:
Am I correct the assume that with FileVaule oFF (on M1 Mac) - I can open Recovery without the password - and via Disk Utility access all my disks content?
Click to expand...
Yes, you would have access to all of the files — you could inspect or copy any of them with Terminal commands. The only way to prevent that (other than enabling Filevault) would be to set a firmware password. Then, I believe, one would need to know the fw password in order to boot into recovery mode. (Someone correct me if I’m wrong!)
 
Fred Zed

Fred Zed

macrumors 603
Aug 15, 2019
5,831
6,521
Upstate NY . Was FL.
Brian33 said:
Yes, you would have access to all of the files — you could inspect or copy any of them with Terminal commands. The only way to prevent that (other than enabling Filevault) would be to set a firmware password. Then, I believe, one would need to know the fw password in order to boot into recovery mode. (Someone correct me if I’m wrong!)
Click to expand...
Beautiful explanation. So firmware password is a good alternative it would appear.
 
Leon1das

Leon1das

macrumors 6502
Dec 26, 2020
285
214
chabig said:
Firmware passwords are only an Intel thing. M1 Macs don’t use firmware Passwords. They go through a different startup procedure.

Set a firmware password on your Mac - Apple Support

When you set a firmware password, users who don't have the password can't start up from any disk other than the designated startup disk.
support.apple.com support.apple.com
Click to expand...
You are right - I just checked.
There is no option to set firmware password on M1 Mac.

So this means: On M1 Mac - with FileVault OFF - your data are available to anyone who physically overtakes (steals) your M1 Mac. Enough to boot to Recovery and take them...no password is required to enter Recovery and there is no encryption on your data.

This pretty much summarizes it - Yes, turn the FileVault ON.
 
Last edited:
C

chabig

macrumors G4
Sep 6, 2002
11,450
9,321
The original post asked "if someone stole the Mac and removed the SSD, could they get data from it?" The answer to that question is no, because the data is encrypted on the SSD and the encryption key is held in the Secure Enclave in the M1.
 
Last edited:
M

Mike Boreham

macrumors 68040
Aug 10, 2006
3,917
1,904
UK
Leon1das said:
So this means: On M1 Mac - with FileVault OFF - your data are available to anyone who physically overtakes (steals) your M1 Mac. Enough to boot to Recovery and take them...no password is required to enter Recovery and there is no encryption on your data.
Click to expand...
I don't believe this is correct. If it was correct it would be an unbelievably crass blunder by Apple, which would have hit the headlines long ago.

My M1 MacBook Air does NOT have Filevault enabled.

When I boot up to Recovery I get to this screen before I can do anything at all, including Disk Utility or Terminal:

Does anyone else in this thread actually have an M1 Mac? Is yours different?

Screenshot 2021-02-07 at 23.52.08.png
 
Last edited:
  • Like
Reactions: chabig and Apple_Robert
Apple_Robert

Apple_Robert

Contributor
Sep 21, 2012
35,666
52,480
In a van down by the river
Mike Boreham said:
I don't believe this is correct. If it was correct it would be an unbelievably crass blunder by Apple, which would have hit the headlines long ago.

My M1 MacBook Air does NOT have Filevault enabled.

When I boot up to Recovery I get to this screen before I can do anything at all, including Disk Utility or Terminal:

Does anyone else in this thread actually have an M1 Mac? Is yours different?

View attachment 1726772
Click to expand...
I turned off FV on my M1 and booted into Recovery, and my M1 shows the same screen.
 
Leon1das

Leon1das

macrumors 6502
Dec 26, 2020
285
214
Damn, I dont have this... how is this possible...

I will try to record a video and upload it

No video - I tried it again and can confirm.
FileVault OFF - no Recovery password required...
FileVault ON - Recovery password required...

M1 MBP, BigSur 11.1
 
Last edited:
Leon1das

Leon1das

macrumors 6502
Dec 26, 2020
285
214
Apple_Robert said:
You should unless there is something very wrong with your machine setup.
Click to expand...
I confirm my machine is M1 MBP, BS 11.1, with FileVault OFF - I boot into Recovery without password
Only in case of FileVault ON I get to the screen like yours.. identical

Can anyone else try and confirm?
 
Leon1das

Leon1das

macrumors 6502
Dec 26, 2020
285
214
Mike Boreham said:
I don't believe this is correct. If it was correct it would be an unbelievably crass blunder by Apple, which would have hit the headlines long ago.

My M1 MacBook Air does NOT have Filevault enabled.

When I boot up to Recovery I get to this screen before I can do anything at all, including Disk Utility or Terminal:

Does anyone else in this thread actually have an M1 Mac? Is yours different?

View attachment 1726772
Click to expand...

In my case M1 MBP, BS 11.1 - with no FileVault - I can boot into Recovery without password.
If I enable FileVault - I get the screen like yours
 
Apple_Robert

Apple_Robert

Contributor
Sep 21, 2012
35,666
52,480
In a van down by the river
Leon1das said:
In my case M1 MBP, BS 11.1 - with no FileVault - I can boot into Recovery without password.
If I enable FileVault - I get the screen like yours
Click to expand...
Even with FV off, it still says a password is required to access data. Granted, that is primarily referring to the regular boot process but, it also applies to entering Recovery mode, as far as I am aware. Does your screen show the same? After holding down the power button until you get the loading options cog wheel and clicking continue, you should see picture 2 in Recovery Console. Those two pictures were taken just now.
 

Attachments

  • CCE4781B-63E2-4952-B426-AEB3A660D46F.jpeg
    CCE4781B-63E2-4952-B426-AEB3A660D46F.jpeg
    405.4 KB · Views: 104
  • 7775A9AE-23AF-424A-916F-C9E123E5F5B0.jpeg
    7775A9AE-23AF-424A-916F-C9E123E5F5B0.jpeg
    406.7 KB · Views: 93
Last edited:
Leon1das

Leon1das

macrumors 6502
Dec 26, 2020
285
214
Apple_Robert said:
Even with FV off, it still says a password is required to access data.
Click to expand...
Same explanation here:

1612746333581.png


But still - when I reboot into Recovery with FV off - it asks no password from me.
Video is on the way I am uploading soon...

BTW, my setup is regular. Clean install of 11.1, with restoring some apps from TimeMachine, nothing else touched.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom