Jonathan Grynspan
I want to use FileVault 2, but I don't want to allow someone to reset my password with my Apple ID. I want that separate. Help!
-
@mjtsai It says that in the FV2 prefs, of course. But during login there's still the option to reset your PW with an Apple ID. Which is bad.
Michael Tsai
@grynspan So the only way to check whether Apple has your recovery key is to fail a login and see whether it offers to reset for you?
-
-
@mjtsai I can confirm I was able to log into an account on an FV2-protected disk with a password I didn't know using the Apple ID password. - View other replies
-
@grynspan Is there anywhere in the UI that shows, after setup, whether your login password can be changed via Apple ID? - View other replies
-
@mjtsai Physical access screws with a lot of security, but this defeats the purpose of FV2: prevent data access if physical access occurs. -
@grynspan This sounds like the worst Mac security bug I’ve ever heard of. You’re basically basically that Apple has a backdoor to FileVault. - View other replies
-
@mjtsai It's worth noting that the machine must have already been booted past the grey FV2 login screen. But once it's running, hole ahoy! -
@grynspan OK, so the workaround is to shutdown when you’re not physically at the computer. -
@mjtsai Pretty much. Every time you take a poop or grab a coffee, reboot that fucker.
-
-
@mjtsai Basically, if you've logged in once, attacker can use login screen 2 change your account PW w/Apple ID if they know the Apple ID PW. -
@mjtsai This is distinct from the "send key to Apple" option. This is login password, not decryption password.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.