I added a little bit to my comment above. They are asking people for administrator passwords and put them into forms in their computer system. Rule number one of computing is that you shouldn't ever tell anybody your passwords. Asking for it is ridiculous. Considering how casual they acted, I can only assume that quite a lot of people actually told them. That makes me really worried.
If you have full disk encryption enabled, the system won't boot if you don't give it the password. They write it down because you can't expect a tech to remember 16 digits of alphanumeric password for each client, as it looks bad when they have to phone up the client asking what their password is when they forget it.
Writing down passwords is bad because other people can find them. If they're kept safe, there's no issue.
How about asking to backup your data (which they ask anyway) and asking that the disk be wiped. There are no problems then.
Handing over your password means that there is practically no barrier for a technician to obtain all your data, all your private keys, etc. It only takes one guy with malicious intend to make your life miserable. Often, people also store their work related keys on their computers. So how about opening your company up for someone else?
The issue is that not all people are careful with that. And the code of conduct of Apple to just trust any technician 100% is completely wrong. Setting up a secure infrastructure means, you should assume that parts of it are already compromised. In that case, assume the technician is trying to obtain as much private data as possible, how can they still keep their customers safe?
If you do work related stuff on your computer, your work should be taking care of the computer. This is why most people get assigned a computer by their places of employment, and are not expected to use their own. The place of work has their own tech team who deal with these types of issues. It's a really bad idea to do work stuff on a home computer because it makes your device much more vulnerable to being snooped on and controlled (for example, your place of employment may gain the ability to remotely wipe your device), and generally if you are in such a pickle then you should just not give them your password.
Again, it could be a software issue. If I complain that my WiFi isn't working, and you take it in to have a look, and your diagnostics say that WiFi works, then without the password you can't do anything at all. If my problem is that Safari runs really slowly and you can't log in, you're not going to be able to fix that.
If your only fix is then to reinstall the operating system and hope for the best, then you've done a terrible job.
In any case, the tech has physical access to your computer, and in the presence of that you should not assume any security from your disk encryption. FDE is good for one loss of control; after that you should assume compromise.
They can still do some tests. It's not like wiping the hard drive helps solve software issues.
>FDE is good for one loss of control; after that you should assume compromise.
If the threat model is a malicious actor, yes. If the threat model is accidental plaintext password leaking, there is a huge difference between the scenarios. I could construct a similar argument against password hashing on servers...
>If the threat model is accidental plaintext password leaking, there is a huge difference between the scenarios.
That's just fear mongering.
Why would you not change your password before taking it in? You should be changing it regularly anyway, and you shouldn't be using that password in more than one place. The idea of it leaking from a technician's database is irrelevant because you would change it as soon as you get the machine back.
99.999% people in this world would much rather take the risk of an Apple tech having their password, then go through the trouble of wiping their drive and reinstalling. Perfect is the enemy of good. Apple has made it easy for people to encrypt their drive with FileVault, which is a huge step forward for privacy and security. As a result, I am okay with a single Apple tech having my password, which I assume gets purged once the computer is returned to me.
If you are that worried or tech savvy, just wipe it before you go in. You seriously expect them to ask every single customer to wipe their drive?
They can't boot it off a flash drive? I can understand asking for a password to do that, but the system should not be designed so that they need access to the current OS install to diagnose hardware problems.
Who said it's a hardware problem? When my logic board was replaced recently, I had horrendous issues for a few days, with Chrome unusable, high CPU usage, etc - something was funny with the drivers, and it took some command line mucking about to fix the issue.
Had I given them my password, I'd not have had the issue. I was able to do the fix, but not everyone would be able to.
Was this done through an Apple Store?
The Apple Store staff have asked me for my password too. I've always asked if a Guest account was enough and it's never been a problem.
I've always found the "Geniuses" to be fairly helpful and they always explain what they were going to do to my gear.
It works with a Guest account, if you don't encrypt your hard drive. If you use FileVault, they specifically need your administrator password. So what are they actually doing there?
That rule #1 doesn't quite apply in this situation.
That you should never need to give out passwords is mostly a safeguard for social engineering and phishing scams for accounts stored on a server over the internet. Only a malicious third party would ever ask for these types of account passwords, because those with legitimate needs to access it (you and the service operator) already have it (hopefully just the hash in the case of the latter).
The password you're referring to here is an encryption key for a local hard drive that nobody else has access to. If they do in fact need access to the encrypted OS partitions stored on your hard drive in order to diagnose your problem, then they have no choice but to ask you for your encryption key. That's cryptography working as intended.
I disagree. Not even someone who's there to help you should know your passwords. Consider that many people use the same password for a lot of accounts. On top of that, they already have your email address. By asking their customers for their passwords, they don't just ask them to hand over all the data on their computers, but they also make them vulnerable with regards to their internet accounts.
If I have a hardware problem with my display, I don't want them to read my hard drive. Apparently they still try to do so, which I think is a severe violation of privacy.
I'd have completely understood if they'd asked me to wipe my hard drive because of some data crawling Apple hardware test with an uplink to HQ. So they do have a choice "Can you make a backup and wipe your hard drive?" But asking me for my encryption password means they fail to understand why people encrypt and they don't care for the integrity of your computing.
Apple techs have access to external drives with multiple versions of OSX installed. If they need to boot your device to test the hardware itself, they will use one of these. If those tests indicate no hardware issue, their only next step is to check out your OS. That would require administrator access to your machine if you're using whole drive encryption.
I mean, I get what you're saying... they should have verified those things up front before asking for access, but I'm pretty sure they work on the concept of getting you the fastest service they can, balanced with the amount of customers they need to help simultaneously. My guess is that the admin password is a default question because they know they _generally_ will need it, so it's best get it up front rather than waiting hours or days for the customer to get back to them.
Personally, when I had to take my Macbook in, I just zero'd out the sensitive data, changed my admin pw to something temporary, and let them have it. I know this will be a TOTAL surprise, but the multibillion dollar corporation didn't use this as a chance to hack my life. What a novel thought.
But they did not use any backdoor. Etchalon is right - if they had to access file system how should they do that if it was encrypted? And you were in control of the situation - next time change the password to temporary one before handing it over. And if you are really paranoid decrypt and encrypt the drive afterwards to have new encryption keys ;-)
