Home Forums Peripherals & Multimedia iTunes, iPhone, iPod, iPad, Apple TV Taking into Repair and privacy

Any person or entity you have every had financial transactions with, UserIDs and Passwords for any financial institution or store, credit card numbers, addresses and phone numbers, AppleID and password, identities of friends and family, anything salacious, anything that could be used to scam you or someone else, any record of properties owned or sold.

To give an estimate like that among the items I would need to know

• Are they bonded?
• insured?
• Are criminal background checks required for employees?
• How long have they been in business?
• Does the place appear prosperous?
• What is the shop's reputation?
• Is it a chain store, a neighborhood shop, or a "mom and pop" operation?
• How mature are the staff?
• How busy are they?
• What are the statistics in Toronto?

Even if I knew all of that, the odds would still be a wild a** guess. I think the better question is what is your tolerance for risk? A question only you can answer. A few years ago I would have said, don't worry about it, but now I sometimes get four or five very sophisticated spam attack attempts a day! I know it is not the same thing, but the level of venality makes me more cautious.

Apple says (see previous links) that sharing/guest requires mobile device management (MDM), which is something that Apple must provide for educational or corporate users. The setup is such that information goes through the mega-user and not Apple, like it does for the rest of us. See the link provided if this leaves you wondering.

I found three ways of doing that.

1. One requires jailbreaking and installing a third party app.
2. The second requires
   
   Originally Posted by Apple

   ...a mobile device management (MDM) solution and Managed Apple IDs that are issued and owned by the organization. Users with a Managed Apple ID can then sign in to Shared iPad, which is owned by the organization. Devices must have at least 32 GB of storage and be supervised. Shared iPad is supported on:
   and it would be this case would require far more work and expense than the iPad in question is worth. It is debateable whether this is multiuser or not. Apple has stated and re-iterated that iOS and iPadOS are not multiuser.
3. The third only works in macOS, which is multiuser and multitasking.

And finally...I think, if kevs brings his iPad in without going through the erase rigamarole, and he isn't using 1 Password or a similar app, are his passwords available for his bookmarked banks, and other financial institutions even if he logs out of his Apple ID/iCloud?

If someone has the identification necessary to run any apps in the iPad they have access to all ithe data, passwords, etc. regardless of whether or not the iPad is logged into an iCloud account or not. Otherwise without an internet connection the pad or iPhone would only be useful as a paperweight. The purpose of an iCloud connection is sharing data between devices in the same account and each device on the account has its own local mirror of what is on the iCloud. There is an exception when the user has intentionally directed an app to store a file on iCloud, analogous to storing a file on an external drive. But, because iOS and iPadOS have no file structure, system data, like passwords and accounts, are stored in the OS’s sandbox essentially like part of the OS’ code. The only way to get rid of it is to delete the system or erase all of its data.

Joe you are saying once you give you password, to the ipad (or an iphone), then they have access to everything , even, icloud folders? That helps solidify a decision..

Hence, talking to my apprentice today, on this, he, was saying he'd trust Apple , but not a 3rd party shop. He let them fix a screen or insert a battery, but would not give his password to a 3rd party shop. (But he would Apple)

And normal mac minis or macbooks all this discussion is not needed in that you would just log out and in to a test user, correct? With test user... normal mac os, they are out of everything.?

Everything on the iPhone or iPad but the iCloud is not on the device and requires the Apple ID and Password to access.

I concur with your apprentice.

I would never say it is absolutely invulnerable to attack, but if your boot drive has Filevault turned ON, ie.is encrypted, the answer is YES. (Storage encryption is not optional for iPad and iPhone storage, it is mandatory and automatic.)

NOTE: Filevault is invisible and unnoticeable in operation but can take a few hours to finish the initial encryption. I recommend starting it at the end of the day and letting it run overnight.

Joe I understood only one of your 3 replies, the one that said, I concur.

Maybe that's all I need really since then I'll go with this- since it's the apprentice recommendation:

ipad/ phone, if can take to apple, don't worry, give pass done.
3rd party: only let them fix screen, insert battery, they get no password.

Mac Mini/ Macbook, give to anyone just log into a test user.

The other 2 quesitons, just for fun , but would nice to understand:

This was confusing:

"Everything on the iPhone or iPad but the iCloud is not on the device and requires the Apple ID and Password to access."

2nd Is there a mistake in this, you mean to say everything is on the device except icloud? I have not tested it yet, ie logged out of apple ID, but if I did they would be able to get to Mail, Contacts, but not the I cloud folders?

3rd And file vault, don't get that at all, I pay zero attention to file vault, Never looked at it once. Buy hoping not to get into a tangent about File Vault which never looked at...Still: I log into test user: Apple or 3rd part, for laptop, can't see, or access anything right? I have not tested this, but assume the test user can't see the icloud folders in the kevs icloud follder either.

YES

NOT RECOMMENDED - they would have no means of testing to assure the repairs/replacements worked.

ONLY IF FILEVAULT IS TURNED ON

They could get to passwords, contacts, appointments, mail that has already been downloaded to your iPad, enough information to enable them to access your email accounts on their computer or device (if the email provider doesn't require two factor authentication), and any other data on your iPad, and make purchases using Apple Wallet. They would not be able to download or send new iCloud mail or data stored only on iCloud or install new apps from the App store, or add new cards to Apple Wallet.

The risk is when someone has physical access to your Mac they can copy the HD to their computer where they can work on it at will and potentially access any data that is not encrypted.

Look at Filevault again. Have you ever noticed it on your iPad? It is there and active. It is a painless addition to macOS and dramatically increases security. Filevault encrypts the entire drive in addition to any encrypted files such as your keychain, and arguably places the Mac on a security level equivalent to that of the iPhone and iPad.

Joe thanks,

"NOT RECOMMENDED - they would have no means of testing to assure the repairs/replacements worked."
But I can , when pickup the unit, then turn it on enter my password, and see if it's working! No? Same could be with broken glass too...


"ONLY IF FILEVAULT IS TURNED ON"
Still don't understand, what file vault have to do with that? You are logged into Test User.


"They could get to passwords, contacts,"
You saying even if you log out of icloud.. too dangerous since just having acces to Mail is enough! agreed. If someone can answer your emails, you are toast! They can request new passwords, hence only leave any of devices with Apple no one else. Period.....Right? Unless cracked glass or something cosmetic.


copy the HD to their computer" that a stomach turner, now wont even leave anything with Apple authorized, just apple (even that concerns me a bit...) but ok..... Most of my stuff is on externals, but even Mac HD on laptop and icloud and mail etc, enough stuff.


Look at Filevault again. Have you ever noticed it on your iPad? It is there and active. It is a painless
We are going a bit in circles on that.... if I'm logged into test user and hand over the laptop (to Apple hopefully), then they never see mail, icloud, contact, ,nothing because the test user has nothing. so nood need for filevault, no? Hence handing over laptop with test user is way more secure handing over than handing over you iphone whifh has no test user...

And remembrt to not send anything vis UPS, or Fedex, messenger.. just hand everything over in person...


ok Ps

"Mac they can copy the HD to their computer where they can work on it at will and potentially again.. so saying even with Test user, someone can if determined get info from the user they don't know how to log into or hae password for? That would super super hard no? My password, unlike the ios just 6 numbers, is really long good one.

Personally I would run a full set of diagnostics, just because the lights turn on and the device boots does not mean there are other things that have been damaged. You can get the diagnostics by becoming an Apple Certified repair center.

See my comment about what can happen if a malefactor has physical access to your Mac.

I am saying logging out of iCloud only protects your data that only exists on iCloud but everything you are trying to protect is physically located on your iPad as well as iCloud.

This is precisely why I suggest turning on Filevault


See my previous comments on what can happen if someone has physical possession of your device.

1. Once your data is on a different drive and/or attached to a different computer, the user access privileges can be bypassed or changed.
2. Your iPad data is encrypted, your Mac data is not encrypted unless you activate Filevault
3. When Filevault was first introduced, I was reluctant to try it, concerned about data loss, password loss, etc. After a few years, I gave in and gave it a try on a drive I use for the database where I manage everything. Filevault has evolved since that time, becoming virtually invisible and unnoticeable. I have extended its use to all the drives attached to my system and my reluctance has turned into a strong recommendation to use it.

Good! Now set a reminder to change it every six months. (picky, picky, never satisfied

Thanks Joe, well if you were taking in your laptop to apple would you be comfortable if file vault was not turned on -- being Apple?



For ipad, I think battery replacement, I check when pickup up would suffice. I cannot bring this to apple since it's is out of date. If we turn it on, and the screen looks fine, then it's 99% fine, they put in a new battery ok, right?


Have not changed my laptop/ imac pass in years, since it's long complicated one I memorized. If I start changing then it wont be memorized ... I do that for a Bank, and I cannot memorize the bank one anymore, they force a change every few years. Will home computers no one is forcing that so same great long crazy password, memorized, for 10 years.

Yes okay, but Apple would probably feel more comfortable if it were encrypted as it reduces the risk of their having a breach.

In the end it is your choice and the odds are that nothing untoward will have happened, but any guarantees on the work would likely be null and void when you walk out the door.

I hear you. I have found that a string of memorable items such as the year of key family events such as birth years or degrees earned separated by random characters or symbols and maybe a key word or number thrown in is both memorable and strong. I only have to remember four of my 667 passwords...

• Mac logon password
• Apple password
• passcode for iPhone, iPad, & Apple watch (only one of these is essential as they can unlock one another in iOS 17.4)
• encryption key to my password manager (but that is useless without a unique photo that is hashed with the encryption key)

My other 663 passwords, possibly the majority of which are very difficult to type accurately even if you could remember them, are available in the password manager which warns me when any one of them is involved in a data breach and reminds me when one is due for updating, even suggesting new strong passwords.

Joe thanks.

For ipad, I 'll probably just do that. Get battery and I check see looks ok ( warranty voided ok), only $130 or maybe $150 job. But you would go to the 3rd party place (no choice, oblelete) and you would probably go through rigormorale and do the full erase etc, my guess.

Ah thanks on passwords, I use for 20 year still for the other 400 not memorized, an excel file.. first few digits are memorized code, and then add on few others not memorized. Fastmail who handles my mail, guy there, brilliant, says / recommends, I think password 1, still I'd be bit nervous about using it, your opinion,, go with at some point/ trust an app like that or just keep to manual excel I've been doing...

I think artie recommends 1Password too and I used it for a couple of years, but because of an increase in the annual cost, I switched to the open source KeePass that has multiple different "front ends" giving you the opportunity to choose the user interface of your choice. I settled on Strongbox Pro (Lifetime edition). The advantage of these products over your spreadsheet is they interface with apps like Safari the same way Keychain does and are more flexible than Keychain and infinitely more so than your spreadsheet. I not only store userids and passwords, but also data, even actual images of credit cards, membership cards, licenses, account numbers, software licenses, recovery keys, insurance cards and policies, and more in one very secure KeePass database I can access on any of my devices. HIGHLY RECOMMENDED

Thanks, but Joe. Isn't the Excel sheet infinitely safer?

If a burglar came to my house, he's be able to log onto place and passwords would just all work.

With old excel method, even found that excel file, he would not be able to do anything as, I've coded (by memory) the first four to six numbers.

NO way I can have my desktop and laptop on a shut off in 5 seconds, as just be too tedious to do that all day. (but, someone was mentioning there is a thumbprint, keyboard now?
At your place you deskop/ laptop are they on all day continuously like mine or are they on and off by a password as IOS devices generally are? Thats the key thing right in using these password app right? The assumption everything is like iphone/ pad off when/ if in sight of a thief?

The safety is arguable. In my case, the password manager is encrypted using a password hashed with a photograph, and there are thousands of photographs on my system. So a thief could spend months just finding the photograph and centuries breaking the password. Once the password manager is open, all it takes is a fingerprint on the Mac, or my looking at the screen on the iPhone OR iPad to access the data.

A five second lock would drive me crazy and make the system unusable. Yes there are keyboards with and without number pads, available from Apple that are capable of thumbprint recognition.

Note: WITH and WITHOUT are links to the Apple Store.

At my place...

• after 5 minutes of inactivity screen saver hides screen contents
• after 15 minutes of inactivity screen goes blank
• after 1 hour of inactivity screen is locked and authentication (active Apple Watch, fingerprint, or password) is required to unlock.
• system may, or may not, "sleep" automatically or manually but that independently of lock screen status
• boot or reboot requires password authentication

As with the iPhone and iPad, Siri is still available to perform certain functions when the screen is locked, but will not do anything that would reveal any information. For example give the latest weather report, turn on the lights, even call 911, but not read or send email or print data files.

Thanks Joe, this is interesting:

"password hashed with a photograph,"

all new to me, Chrome, it's just boom, you are on a website and your are in pass is saved, but also save for the burglar............... you need to find a photo to then use get into..? And how find this photo, how long does that take.

BTW most stuff is internet right what 95 internet sites?

Ok if I go password app, then should replace my magic keyboard.. not cheap, I have 2 and those are... so 2 for $380.00 But I could afford it..

"boot or reboot requires password authentication"

But all those other scenarios above, don't also require password? 5 min, 10 min, but quick if you have that keyboard?

I would be thumbing all day, so that in itself bit tedious... Now I go on 2 computers through every day on all time, no print to get in, such convenience, but if thief came and took these away, he could get to lot stuff.. ..... your opinion? So nice to have them on all day no expensive keyboard and thumbing in... but burglar would be happy. Trade off right? That said never had a burglar yet take computers since having a computers since mid 90's.....

Whew! This thread has pretty much gotten beyond me. I think it's actually swallowed is tail, shat it out, and re-swallowed the trailing end, but what I have gotten from it is that since I've got nothing of importance on my MBP that would put me at any sort of risk were an intruder to access it, I don't have to worry about FileVault, i.e., logging in to a test user account should I ever have to bring it in to Apple will suffice, and the same goes for not having to erase my iPhone.

I think, though, that the subject of 1Password needs to be finally put to rest.

I do not use 1Password, nor do I use anything of its ilk, and you and I have addressed my approach to password security in the past but never really reached a meeting of the minds, so let's try again:

Any of my accounts that has access to financial resources has got a long, complicated password that's burned into my brain and archived, along with credit card and other account numbers, in an encrypted disk image with an even longer, more complicated password. (I really should give that second password to my daughter, because if I ever forget any of the disk image's contents it's not very likely that I'll remember its password.)

ALL of my other accounts use the exact same password, because even if someone is able to hack that password and figure out which of eight user IDs is associated with it as respects a given account, even if someone accesses my MBP and avails themselves of Safari & AutoFill, there's pretty much no damage that can be done with the info.

Sure, someone could embarrass me on eBay by buying stuff and not paying for it, but other than that, the worst they could do is fill up shopping carts and not complete the transactions (which I even do on my own, and with no repercussions, on occasion).

You've disdained my approach in the past, but for the benefit of people with perhaps hundreds of accounts and assorted methodologies for protecting them, such as kevs and his Excel spreadsheet, I think its finally time to go beyond the paranoia induced by accepted Internet security concepts and quantify - in detail - any risk that my scheme presents.

If you can poke any holes in my scheme, I'd love to know where I'm at risk.

The hashed photograph blew my mind when I first heard of it, but then I realized that on the computer everything is binary so other than being infinitely more complex and the equivalent of thousands of digits in length it is no different than any password. It only takes me a few seconds to locate the photograph, because I know which one it is and where it is located. Once the keePass database has been opened all that is needed to access it is fingerprint or facial recognition.

Because I have the Data in KeePass I can give you exact numbers of the categories of information mine contains

• Application Specific passwords - 7
• Banking related passwords and account numbers - 18
• Device passwords - 20
• IDs - 4
• Children's and grandchildrens passwords - 5
• lSite logon passwords - 339
• Health related site passwords - 35
• Network passwords - 6
• Other passwords - 139
• Software keys - 36
• Personal website related - 17

Convenience can get is expensive. I was getting an extended keyboard anyway, so the added expense for thumbprint recognition was reasonable. I bought the keyboard for the number pad, but I use the fingerprint key far more often than the keypad. I got along for many years without fingerprint identification, but after having it, I really would not want to be without it unless I had facial recognition available.

Any situation that requires a password, passcode, etc. is covered with a password manager and you only have to remember one password because that gives access to all of the others, even that could become a PITA were it not for fingerprint or facial recognition.

This brings us back to a question only you can answer. WHAT IS YOUR TOLERANCE OF RISK? to put it another way, "How much are you willing to gamble" not just in money, but in time and inconvenience. I have never been hacked, but I watched my son deal with a data breach that resulted in $40,000 USD in fraudulent charges to his credit card account. It took months to claw the money back from merchants who had honored the credit card information without the physical card or proper identification, and he still ended up losing a few thousand bucks. To this day, he refuses to own a credit card -- talk about inconvenient! Picture not having a credit card in a society that is more and more cashless.

Based on my workflow, a password manager is not a convenience, it is an essential. For you, it may be just another annoying piece of software you have to learn to use.

1. Everyone's situation is unique
2. Differences of opinion are inevitable among thinking individuals
3. A meeting of minds is not essential to intelligent discourse
4. Tolerance of other opinions is essential to civilized society
5. Tolerance for risk is personal

1. In truth, your financial passwords are more likely to get onto the "dark web" from a data breach at your financial institution. A feature of 1Password, Strongbox and other password managers is monitoring data breaches where your password is involved and notifying you to change the password. (I elected to simply close the account.)
2. Yes, we both should give our most critical passwords to our daughters and thank you very much for the reminder.

If it works for you, your approach is fine. It gives me the hives, but the difference is I conduct virtually all of my business on the internet.

It is your opinion and your choice, and probably similar to the approach taken by the majority of users. It is not an approach I could live with (notice my 600+ passwords) or, in good conscience, recommend. Keychain, that is built into macOS, iOS, and iPadOS does most of what 1Password or Strongbox does, but to me it is more cumbersome to use and less flexible.

Thanks, Joe photo hash, could not find a video on it, but just 20 photos pop up on screen and you choose right one? or, you have to find this photo in your hard drive?

Keyboard: So you use it every time to enter desktop, what do before, just on all day? That's the burglar entering the house scare, taking about desktop/ laptop correct?
Like now an iphone/ ipad in that respect.

But those on you list basically internet bookmarks? still 90%?

You talked me into getting magic thin keyboard, thanks! used it and yes way better than old keys thick.. still with thumbprint was not double price oh well!

Risk you mean of someone taking the laptop or desktop from house, and I was not using print many times a day to get in, computer just on all day or risk of not having password manager,, or both? But latter, my excel is as good no? password manager1, but it's more tedious perhaps. I have to go to the excel file, which itself is tedious, and look at each password, with password 1 it's fast but have to get my head around finding that picture/ image, and thumbing into computer many times a day, so maybe it's a wash in time/ tedium? Seems password manager 1.. log into computer with magic keyboard, find a photo, and it inserts password, is probably faster than opening excel file, looking at password ,and manually typing that in, or close in time?

PS Joe, reading response to Artie, 1password, vs keychain. I actually do save 80% of passwords on website to keychain, Generally not that important or critical. Do not save the few bank ones I have to keychain.

What does 1 password do that Apples keychain does not? It ask for this photo ... and that the huge deal correct? ANd, if I went to 1 password, and got the thumbprint, then it could even handle the bank stuff.

bTW when travel on trips with laptop I do change the screen to go over quickly.... So this is for travel, but more importantly, home use. Have long run of great luck, with theft but who knows when that runs out right!

Quite honestly It has been a few years since I have used 1Password, as I mentioned previously, I didn't like the price increase for the ability to synchronize between my devices and switched to the open source KeePass and after try out a few user interfaces, settled on Strongbox Pro. Both Strongbox Pro and 1Password have evolved over the years so I do not believe I am qualified to comment on 1Password. However I can compare Strongbox Pro to Keychain:

• First off, both are excellent and highly functional tools
• In terms of security they are roughly equal, but the KeePass database offers alternative encryption algorithms which arguably give it an edge.
• Keychain is the more utilitarian of the two, Strongbox/Keepass more of a multitool
• Both can store different kinds or information, but the overall configurability makes Strongbox more adaptable to different kinds of things you want to store in your secure database. I keep some secure data in the form of scanned PDF files or PNG images. I even have a excutable passkey in Strongbox (not for security, but because it is a very important file and I remember where it is in Strongbox and find it when needed.
• Items in Strongbox/KeePass may be specified as hidden or visible, making it convenient to use for storing more than passwords.
• Keychain has few if any configuration options where Strongbox offers url=https://i.imgur.com/jo0dpUz.png]a wealth of configuration options[/url] ranging from encryption options to audit options.
• Both will generate secure passwords but Strongbox password generation is almost infinitely tailorable from character strings to secure phrases.
• In use either will happily insert passwords where needed with a touch of a fingerprint or facial recognition but when it becomes necessary to view a password, I find Keychain far more cumbersome to use but the difference is difficult to explain.
• Keychain definitely has the edge in multi-device synchronization, (that was the feature making 1Password more costly) but I have a convenient free work-around using iCloud that worked quite well.

I'd love to know what Apple was thinking when they eliminated the option to not have Keychain Access open automatically at login.