1 2 Previous Next 18 Replies Latest reply: Apr 9, 2012 8:03 PM by PauloRebelo Go to original post
  • 15. Re: What's the point if anyone can log into Recovery HD?
    Linc Davis Level 10 Level 10 (118,495 points)

    Is there any other option besides using FirmwarePassword + Filevault at the same time?

     

    Any option for what? What are you trying to do? If you think there's some way to stop people from destroying your data, forget it. Anyone who can put hands on the computer can destroy the data. The remedy for that is make multiple backups and store at least one of them off-site.

  • 16. Re: What's the point if anyone can log into Recovery HD?
    Topher Kessler Level 6 Level 6 (9,340 points)

    The firmware password will prevent:

     

    Resetting the PRAM/SMC

    Booting to another partition

    Taking any boot arguments (Safe Mode, Single User mode, etc.)

     

    If you couple this with FileVault, then you will have your desired setup of full password protection, in addition to the inability to recover your data by removing the hard drive. However, regardless of what you do, someone will ALWAYS be able to format your drive. There is no getting around this. Even a firmware password can be reset by altering the hardware configuration (removing or adding RAM, for instance), and the hard drive can always be removed from the system.

  • 17. Re: What's the point if anyone can log into Recovery HD?
    thomas_r. Level 7 Level 7 (27,985 points)

    You're manufacturing your own problems out of non-issues.

     

    If you are interested in preventing theft of data, you need encryption.  If you want to prevent loss of data, you need backups.  Without those two things, anyone who gets physical access to your computer can easily steal or destroy your data.

     

    Don't fool yourself - you can have all the firmware passwords in the world on your computer, and all I've got to do to steal unencrypted data is take the hard drive out, put it in an enclosure and read the data off of it.  This is just as true of Windows as it is of Macs.  And destruction of your data is even more trivial.

     

    If you have encryption and backups, nobody can steal or destroy your data.  No need for firmware passwords.

  • 18. Re: What's the point if anyone can log into Recovery HD?
    PauloRebelo Level 1 Level 1 (0 points)

    Thank you once again for all the help, guys. I have three encrypted backups (one of them server-side) and I keep them synchronized constantly. As I said earlier, I'm not worried about data being deleted, I just get creepy about someone stealing the macbook and getting the disk out of it. I've avoided using Filevault due to performance and diskspace issues. I wish there would be an option for Filevault to encrypt only the /user folder instead of the entire Macintosh HD. Is it possible?

1 2 Previous Next