3/30/13
7:02 am

Forum Question: How To Secure Data and Passwords While MacBook Being Serviced?

I have a MacBook Pro needing service. The power icon shows “service battery”. I will take the MBP to an authorized service center, though I live overseas and this is not an “Apple Store”. I have some concern that the technicians conducting the inspection and repair will use the opportunity to poke around in files. I have no business-related documents on my MBP but do have passwords for Safari and other files with personal information I prefer to keep private. Is there a simple way to keep this information private? I have an option of copying many folders and files onto a MacBook Air. I do this now, copying files from one to the other. Do you have advice on a way to prevent unauthorized access to files and Safari stored passwords?
—–
Mike Wheless

Comments: 16 Responses to “How To Secure Data and Passwords While MacBook Being Serviced?”

    3/30/13 @ 7:11 am

    Interesting problem .I have never thought of this before.
    Probably the only way to keep your data completely safe would be to remove the hard drive. But that is difficult, so then maybe backing up and cloning the drive (no less than 2 copies then) and then wiping it. But that is a huge amount of work with lots of potential for problems to arise.
    How about this:
    Definitely set your account with a password. But you do that already, right? Then create a new admin account that has nothing in it. Let them have access only to that new empty admin account.
    But they could still access the drive directly and grab files from the real account. So you would need to use File Vault on the real account. If you already do that, then you are set. If not, it may take some time to encrypt the real account, so let it run overnight at least. And backup before you turn on File Vault too, just to be safe. You’d do that anyway before taking it in for service.
    That should do it, as all of that data you are worried about would be in the files contained inside the user account. Without the password to that account, they can’t get into it or decrypt it. But the second empty admin account gives them all they need to test the machine once they replace the battery.
    If that is too much, then you may need to settle for just doing the second account and logging out of your main. Then when you get the machine back — or even just before you take it in if you have a second machine available — change your passwords everywhere. Probably a good exercise to do this every once in a while too. Your email passwords are the most important, as they an be used to gain access to other accounts through “password reset” functions in those accounts.
    Actually, to be thorough, you may want to change your passwords in your accounts after/during this anyway. Why not?

      Joseph Allen
      3/30/13 @ 7:51 pm

      “service battery” … ??? I would NOT take my iMac to a technician for such a routine problem. I would remove the old battery and go to Radio Shack and buy a new battery and then install it … . Am I missing something here … ???

      PS: I realize everyone’s comments are useful when a REAL PROBLEM is encountered and a serious technician is required.

        3/30/13 @ 9:13 pm

        Not so easy to do on today’s MacBooks. Not easy to get to those batteries. Have you tried it?

    dave
    3/30/13 @ 6:28 pm

    If they’re nefarious – they’ll get your info. Period. Take all the precautions you want, Bytes are bytes. Computers are nice to have. TRUST between someone whom you’ve just encountered in whaterkindofstore that you are going to hand your machine over to.. YOUR call. I vote for trust. What’s the worst scenario? – your backpack-nuclear-bomb secrets get disseminated?

      Mike w
      3/30/13 @ 7:28 pm

      Thanks.The question is based upon a real experience here: technicians managed to get a virus into a brand new PC hard drive whilst they loaded porn and illegal music copying from my machine to their external drive. Good suggestions and I’ll be making password changes to some critical websites. I don’t really worry much if they see a term paper of my daughter or family photos. I am unfamiliar with deleting passwords from the keychain, but will try it on older unused websites first.

    Arthur Carter
    3/30/13 @ 7:26 pm

    One additional thought… buy 1Password (if you don’t have it) and put all your passwords in its secure database stored in a Dropbox account. Then, turn off the password storage preference in all of your browsers and delete the browser cache files.

    Michael Wheless
    3/31/13 @ 1:29 am

    Gary, The simpler, direct solution you suggested seems to be the best. I realize access to the files is possible, but my real concern is passwords and access to various email and online services. I used your advice to change passwords with critical email accounts. It worked. Simple and effective. I did go through a few steps to delete the older passwords. However, for Mac Mail, it was a piece of cake.

    Michael Wheless
    4/2/13 @ 1:44 am

    I have another possible work around which I will experiment with. I use a Time Capsule with Time Machine. I can delete files I want to protect prior to having the MBP serviced. After that, empty the trash. Then, after the MBP is returned from the technicians, I can use Time Machine to restore the files/folders.

      4/2/13 @ 5:12 am

      I would create at least one other backup of those files. Put them on a USB flash drive or something. If these are your most critical files, I would not have only one copy of them in existence. And then make sure you do a secure empty of the trash, not a regular empty.

        Mike w
        4/2/13 @ 3:30 pm

        Gary, when I bought my MBP I used many of your videos for advice to begin to use it properly. Thanks to your repeated advice to back up and demonstrations of how to do that, I have multiple back ups….a time machine backup, a clone copy once a week or so, some are in Dropbox, copies are sent to my MBA by Airdrop and I copy my music and photos to a separate external drive once a week or so. Thanks for the advice about the secure empty of the trash.

          Michael Wheless
          4/13/13 @ 9:31 pm

          Prior to giving the MBP to the technician, I created two user accounts. One was standard and I gave the password to the technician. I also created a second admin account in case they contacted me and said they needed to access an admin account. If so, I would have given them the password. I changed my password at my mail accounts and dropbox so any new mail or dropbox files could not be accessed. I deleted a few files, but essentially assume there will be no attempt to get past these steps.

    Byron
    4/3/13 @ 6:53 pm

    Hi Mike, If you have a CD install disk available you could boot from that. Then use disk utility to make multiple image backups to separate external drives.
    Once done, erase, the drive and re install the OS.
    When you get it back, restore disk utility backup or perhaps try the time machine restore option.

    Backing up will take 1 or 2 hours and restoring about half that time, a lot of work, but maybe worth it?
    A Note: disk utility will tell you the backup needs to be scanned for restore.

    Anthony Burokas
    4/4/13 @ 12:55 pm

    I’ve been pondering something similar. When I go on vacation, I put my laptop in a safe. But a big iMac don’t fit.

    Web and Mail seem to be the most critical “personal security” things. Portable Apps store all the apps info in the same place as the app- like a USB stick. But PortableApps for Mac are very outdated. Is there a way to use Safari/Firefox/Mail in a way that they work seamlessly on the computer, but all the data is on the USB stick? Pull the stick and the computer is clean?

      4/4/13 @ 1:40 pm

      There’s no way I can think of to force them to store data externally. But each of these has a cleaning mechanism that I would use instead. In Safari, use Safari, Reset Safari and choose the appropriate options. In Chrome, use Chrome, Clear Browsing Data.

        Anthony Burokas
        4/12/13 @ 2:57 pm

        What about putting the user folder on the USB-3 stick? If the apps properly store user data in the user folder, and an alias is used to point that data to the external stick, The removal of the stick would be the fastest & most secure way of keeping private data private.

          4/12/13 @ 5:03 pm

          But apps will store things in the Library folder. Documents in the User folder, settings in the Library folder.

Comments Closed.