An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 3 of 3 1 2 3
Re: Force eject sign always coming up
artie505 #62211 07/29/22 05:56 PM
Joined: Aug 2009
Likes: 7
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 7
Originally Posted by artie505
I hope someone can prove me wrong!

There's one loophole in your scheme, namely that if you bring your Mac in for service, there's no way to lock your keychain.

Keychain Access used to offer us an option to have different Admin and keychain passwords, but it disappeared, unannounced and leaving much confusion in the wake of its disappearance, lots of years ago.

In recent years, Keychain Access > File has offered us options to lock our "login" and "Local Items" keychains, but in my experience, they've invariably been greyed out.

Any ideas?

What loophole? confused The technician at the Apple Store will never ask for your account password, nor should you ever give it to them. This denies them access to your keychain, KeePass, or password-protected files or volumes. All you have to do is deactivate automatic login — it is already deactivated if the boot drive is encrypted — and either activate the guest account or create a temporary user account for their use.

The logon process is not on the boot volume (Macintosh HD), it is on the Preboot volume. So, even in the case where the boot drive is encrypted, the only password they need is the boot drive password. But unless that is the same as the account password, they still cannot access the user's keychain, KeePass, or password protected volumes. If the boot drive password is in your keychain, it unlocks automatically when you log on your account, and the log on only requires the account password (or the presence of your unlocked Apple Watch). You will need the boot volume password any time you boot to the Recovery drive. (note: YMMV on an Intel Mac)


"Sacred cows make the best hamburger"

- Mark Twain
Re: Force eject sign always coming up
joemikeb #62214 07/30/22 09:59 AM
Joined: Aug 2009
Likes: 5
Online

Joined: Aug 2009
Likes: 5
I very clearly remember being asked for my password, but it was a bunch of years ago, and I'm not certain whether it was at an Apple Store, 3rd party repair facility, or both.

Encryption or disabling/changing automatic login is, of course, the answer, and thinking about it, Apple is seriously remiss in not not making a point about protecting your passwords, same as they do about backing up your data, when you bring your Mac in for service. I wonder what percentage of Macs left for service are vulnerable to password theft? (I brought this subject up with an AppleCare tech once, and he didn't even think of the obvious answer.)

(Rhetorical) Why on Earth does Keychain Access show options to lock your keychains when, to the best of my knowledge, they've NEVER worked?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Force eject sign always coming up
artie505 #62217 07/30/22 07:22 PM
Joined: Aug 2009
Likes: 7
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 7
Originally Posted by artie505
I very clearly remember being asked for my password, but it was a bunch of years ago, and I'm not certain whether it was at an Apple Store, 3rd party repair facility, or both.

I can't vouch for your Apple store, but if memory serves I have been asked to enter my password while I was sitting at the Genius Bar, and I have been asked to create a temporary account before sending a MacBook to Austin for second or third level repairs, but I have never been asked for my password at any Apple Store in the Dallas/Fort Worth area. It should also be pointed out security has been significanty enhanced in Monterey and Ventura and apparently on Macs with Apple Silicon.

Originally Posted by artie505
Encryption or disabling/changing automatic login is, of course, the answer, and thinking about it, Apple is seriously remiss in not not making a point about protecting your passwords, same as they do about backing up your data, when you bring your Mac in for service. I wonder what percentage of Macs left for service are vulnerable to password theft? (I brought this subject up with an AppleCare tech once, and he didn't even think of the obvious answer.)

I was once called and asked if I had a good backup or did I want to pay an additional charge not covered by AppleCare because Apple was going to erase or replace my drive, but I was assured that the restoration would be a bit for bit copy (akin to the clone utility used in CCC?) so they would not actually open or read anything.

Originally Posted by artie505
(Rhetorical) Why on Earth does Keychain Access show options to lock your keychains when, to the best of my knowledge, they've NEVER worked?

I vaguely remember those from OS X and they made sense at the time, because of the way Keychain worked. But keychain functionality has changed significantly since then and If those options still exist in macOS 12.5 (Monterey) or macOS 13.0 (Ventura), I can't find them.


"Sacred cows make the best hamburger"

- Mark Twain
Re: Force eject sign always coming up
joemikeb #62224 08/01/22 08:41 AM
Joined: Aug 2009
Likes: 5
Online

Joined: Aug 2009
Likes: 5
It would be nice if it were the case, but I guess we can't expect every "Genius" in every Apple Store to be equally well educated and fastidious.

Originally Posted by artie505
I wonder what percentage of Macs left for service are vulnerable to password theft?
There really shouldn't be any, but...

Originally Posted by joemikeb
Originally Posted by artie505
(Rhetorical) Why on Earth does Keychain Access show options to lock your keychains when, to the best of my knowledge, they've NEVER worked?
I vaguely remember those from OS X and they made sense at the time, because of the way Keychain worked. But keychain functionality has changed significantly since then and If those options still exist in macOS 12.5 (Monterey) or macOS 13.0 (Ventura), I can't find them.
Here they are.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Page 3 of 3 1 2 3

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.25 Page Time: 0.018s Queries: 23 (0.013s) Memory: 0.5963 MB (Peak: 0.6734 MB) Data Comp: Zlib Server Time: 2022-08-12 14:57:10 UTC
Valid HTML 5 and Valid CSS