.... If a malefactor steals your MacBook, MacBook Air, or MacBook Pro and can boot it from an external drive that puts them halfway home to stealing your data, and all the way home if all they want to steal is your laptop. Given the propensity for laptops to "grow legs" this seems a reasonable precaution, especially for business and/or government "road warriors" who often have extremely sensitive data on their laptops. if you think the threat is not real....
Since the feature can be switched off, it shouldn't present any significant obstacle to home users such as yourself. Given Apple's avowed intent to protect user's data from prying eyes this seems a reasonable and well thought out feature.
I don't question the reality of the threat as respects
any Mac, even my own homebound MBP; what I do question is both the feature's reasonableness and its well-thought-out-ness:
- It makes maintaining a clone on an external drive an IMMENSE nuisance, because its bootability - its ESSENCE - can't be verified without going through the cumbersome procedure of booting into Recovery, changing your pref, booting from the clone, booting back into Recovery, changing your pref back, and, finally, booting back into your boot volume...every time your clone updates. WHEW!
- The feature doesn't appear to be secure, because it requires only a password to toggle it off, and changing a password is an awfully easy task.
- And under any circumstances, a thief's ability to boot into an install disc or Recovery and change our admin passwords has always left our Macs vulnerable, and
- I don't see any indication that that functionality has been removed (nor would its removal be very widely appreciated).
- If there's any advantage to be gained from booting a Mac from an external over simply changing its password and booting it regularly, I'm missing it.
As far as I can see, this "feature" is no more than a half-baked, poorly thought out alternative to a
firmware password, perhaps envisioned with the thoughtful intention of saving people from the possibility of forgetting their passwords when they're not in close proximity to an Apple store, but security and stupidity are incompatible, and unless I've missed something, Apple's apparent(?) attempt to deal with them as a unit is, if not a failure, not particularly robust security either.