Currently Being ModeratedFeb 10, 2014 2:40 PM (in response to imac-since-late2013)
Protecting sensitive data is going to be an ongoing discussion, with ideas stemming from whether full disk encryption or perhaps avoiding your hard drive and storing files on external media is best.
Any additional encryption or protective measure you take for a file will have an impact on the system; however, in most cases this impact will be negligable.
If files you use are sensitive, then be sure to fully password-protect your system (use strong passwords), and ensure FileVault is enabled. In addition, ensure any external drive you use is fully encrypted, which can be done by formatting it to "Mac OS X Extended (Journaled) encrypted" in Disk Utility. When done, ensure the system has a sleep/screensaver password enabled, and you should be well-off to having your data secured with minimal impact on the system.
Apple's full-disk encryption rides above the storage device hardware, and below the operating system, so the type of storage you use should not matter one bit, and the encryption should be transparent to the operating system and programs you use. In the event of theft, however, without the proper password then all data on the drive will be garbled.
Currently Being ModeratedFeb 10, 2014 2:41 PM (in response to imac-since-late2013)
I suppose you are aware that Apple does not support secure erasure of Solid State Drives for many good reasons including the fact they cannot be truly erased. My suggestion would be when the time comes to pass your iMac along to another user you pop open the enclosure, yank out the SSD and place it in an external enclosure for use on the iMac's replacement. As for the old iMac, either replace the drive with a new blank drive or sell it as is without a drive.
Currently Being ModeratedFeb 10, 2014 2:44 PM (in response to imac-since-late2013)
- Use Disk Utility to encrypt your sensitive files or folders. This is very secure. How to create a password-protected (encrypted) disk image
- Before you sell your Mac, use disk utility to securely erase your HD. Securely wipe your hard drive | Macworld
Currently Being ModeratedFeb 16, 2014 2:35 PM (in response to Joe Bailey)
@Joe Bailey and arthur
As mentioned in the thread opening message all this is about iMac late 2013.
That means, drive replacement conducted by user is not possible.
As mentioned there as well it is about ssd, the only drive in this iMac, the boot drive.
A nice thank-you for all your hints.
It helped me little bit to make progress in deciding.
Yes, the FV2 seems to be good enough as for our requirements.
It shows few impacts, however these are rather minors.
The overall costs of any nature seem to be acceptable as well.
Strong passwords, encrypting on the whole chain, screenshots with pwds all these
are right points. My intention however was to narrow the discussion here to
topics and use-cases described at start.
Currently Being ModeratedFeb 16, 2014 3:25 PM (in response to imac-since-late2013)
If the new iMac is physically safe during your use, for example it is in a location where others do not have access to the physical computer then you may not need FDE (Full Disk Encryption) with File Vault. In this case before the iMac was sold I would simply remove the drive and replace with a new one before selling. The cost of a new drive is relativly small and in 1 to 2 years will be even less expensive. Not selling the drive is the only way to ensure you will not have any data leakage due to sector sparing by the drives internal firmware (the drive will disable access to certain locations if read errors are identified and you will not be able to erase them in the future). I concur with Joe just pull the drive before selling.
Currently Being ModeratedFeb 16, 2014 3:40 PM (in response to bostonpops)
…before the iMac was sold I would simply remove the drive and replace with a new one before selling.
There's no simple way to open up a new iMac. Thus, removing and raplacing the SSD/HD is beyond the average user's ability.27" i7 iMac mid '11 SL, MLion, OS X Mavericks (10.9.1), G4 450 MP w/Leopard, 9.2.2
Currently Being ModeratedFeb 16, 2014 3:49 PM (in response to baltwo)
Baltwo, I completely agree with you about the iMac's are not easily serviceable. However my point is if security is paramount, spending $150 to have a technician replace the drive is the safest option to security of any drive. If this is to much then security is not the most important issue.
Currently Being ModeratedFeb 16, 2014 5:41 PM (in response to bostonpops)
I only balked about your use of the word simple. Additionally, using DU's Security Options and choosing to write over the data once, 7 times, or 35 times should do the job wanted.27" i7 iMac mid '11 SL, MLion, OS X Mavericks (10.9.1), G4 450 MP w/Leopard, 9.2.2
Currently Being ModeratedFeb 25, 2014 11:49 AM (in response to Topher Kessler)
Actually, all additional measures to protect sensitive data from unauthorized access within the whole chain of data storage are out of focus here. In focus just two use cases mentioned in initial question.
This is due to switching from hdd and a user serviceable solution to sdd-only and repairable only by professionals mac.
So that switch results in degradation of data security.
The goal here is just to get back the same grade of data security - despite the fact how inperfect it is.
All additional measures will be met not until the decision is made - this data needs more security within whole chain. Currently for the environment here the highest data leakage risks are even two described use cases, natural cataclysm.