Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

pavel r.

macrumors newbie
Original poster
Aug 8, 2018
4
0
Hello,

I can't log into my second account on macbook (standard account) just after turning-on my macbook pro late 2013. I always have to log with password into my admin account, then log out and log into my second account with another password. Is it normal? If not, how to repair it?

Thanks
 

pavel r.

macrumors newbie
Original poster
Aug 8, 2018
4
0
I found out how to do it! In settings you have to go to FileVault menu and then allow to other accounts unlocking of disk. Unfortunatelly that means that others have possibility to get data on your main account (isn't it?) so for me it is not solution and I have to keep putting my admin password first.
 

chabig

macrumors G4
Sep 6, 2002
11,460
9,326
Unfortunatelly that means that others have possibility to get data on your main account (isn't it?)
No. Other people will not be able to get into your account. They will be able to use the encrypted disk, but account passwords are still required to get into the accounts.
 

pavel r.

macrumors newbie
Original poster
Aug 8, 2018
4
0
No. Other people will not be able to get into your account. They will be able to use the encrypted disk, but account passwords are still required to get into the accounts.
I thought that after unlocking encrypted disk, it is possible (not in common user's way) to somehow get my data saved through my main account. Similary to windows when you without password can't open user profile but with OS on flash disk you still can access data on disk commonly accessible only through user profile. So you say on mac you can't get these data (because I thought the FileVault exist because of mentioned situation).
 

chabig

macrumors G4
Sep 6, 2002
11,460
9,326
There are two levels of data security:

1. Security from other users — MacOS has a security system based on privileges that ensure users don’t see or have access to each other’s data. User A can’t see the files of user B and vice versa. Only through extreme methods could one user see another’s data. Sharing a computer requires a certain amount of trust. If your data requires absolute protection from other users, you shouldn’t be sharing the machine with them.

2. Security from the evil world at large — The reason FileVault exists (and all other full disk encryption methods on other operating systems) is to provide data protection in case your computer physically falls into the wrong hands. If a bad actor is able to get to the data on your drive, all they will see is gibberish.

So if you are going to share the machine, yet want the protection of full disk encryption (FileVault), you grant every user on the machine the ability to decrypt the drive. The user accounts still remain secure from each other through the normal operating system mechanism.
 

NoBoMac

Moderator
Staff member
Jul 1, 2014
6,302
5,022
So if you are going to share the machine, yet want the protection of full disk encryption (FileVault), you grant every user on the machine the ability to decrypt the drive. The user accounts still remain secure from each other through the normal operating system mechanism.

Minor quibble: don't have to give every user ability to unlock the drive, can setup like OP had, where say just the admin account can unlock the drive, sign out of their account, and then leave running with the standard login screen and list of users.

But, yes, it a family type situation, you would most likely allow everyone to unlock the drive.
 

chabig

macrumors G4
Sep 6, 2002
11,460
9,326
Minor quibble: don't have to give every user ability to unlock the drive, can setup like OP had, where say just the admin account can unlock the drive, sign out of their account, and then leave running with the standard login screen and list of users.

But, yes, it a family type situation, you would most likely allow everyone to unlock the drive.
I agree.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.