0 Replies Latest reply: Aug 25, 2011 2:46 AM by opodder
opodder Level 1 Level 1 (0 points)

Hello,

 

I'd like to use filevault in Lion. I understand that if I turn it on I will lose the ability have a guest acount, which is quite annoying.

To work around this, I am wondering whether to setup a non-admin user account (account 2) with a relatively weak password - so I can tell it to guests (and they will remember it) to enable them to use my mac when I am not around. My own user account password is very strong (account 1).

 

I understand giving out the password on the second account will compromise security of the drive encryption (e.g. a guest might write it down and accidently leave the note close to the computer), but will it compromise my user account data (which is all I really want to secure)? For example, if someone pulls out the the filevault protected hard drive and puts it into another computer (not necessarily another mac), will they be able to access my user account data (account 1) by knowing the password to account 2?

 

Any other security implications?

Does any one have any other workarounds?

 

I have already heard of the Safari-only mode that will probably appear when icloud is launched. That might be helpful but is not really a total solution to this particular problem since guests often want to use desktop apps such as Skype, Instant Messengers, and Office programs.

 

I know another option is to downgrade to Snow Leopard to get back user-account-only encryption. This is something I am considering but would really like to avoid as that would come at the cost of giving up a lot of nice new Lion features that I like very much.

 

Solutions to encrypt just certain critical folders within my user account (e.g using a tool like knox) are not very appealing to me because they lack convenience.

 

Thanks for reading. I look forward to any replies.


Macbook Pro 2009, Mac OS X (10.6.7)