Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How secure is a standard account when FileVault enabled?

Joseph C

Joseph C

macrumors 65816
Original poster
Feb 5, 2009
1,397
2,584
Tomorrow I have agreed to lend my machine to someone and multiple others may use it in the day. I have set it up with a Standard Account because I noticed that since I have FileVault enabled, the Guest Account is a Safari-only account which runs off the recovery partition.

Now, while I do trust the person I'm lending my machine to, I also want to maximise the security of my files whilst allowing them to use more than just Safari (E.g. Pages if they need to).

How vulnerable is my data to access, if a Standard (non-admin) account is logged in on a FileVault enabled Mac? It's a shame the individual accounts are not individually encrypted, but the whole disk at once (unless I am wrong).

Is there anything I can do (beyond having FileVault and a Firmware password enabled) to increase this security, just as a precaution?

Thanks.
 
xraydoc

xraydoc

Contributor
Oct 9, 2005
10,835
5,305
192.168.1.1
Joseph H said:
Tomorrow I have agreed to lend my machine to someone and multiple others may use it in the day. I have set it up with a Standard Account because I noticed that since I have FileVault enabled, the Guest Account is a Safari-only account which runs off the recovery partition.

Now, while I do trust the person I'm lending my machine to, I also want to maximise the security of my files whilst allowing them to use more than just Safari (E.g. Pages if they need to).

How vulnerable is my data to access, if a Standard (non-admin) account is logged in on a FileVault enabled Mac? It's a shame the individual accounts are not individually encrypted, but the whole disk at once (unless I am wrong).

Is there anything I can do (beyond having FileVault and a Firmware password enabled) to increase this security, just as a precaution?

Thanks.
Click to expand...
The combo of File Vault and firmware password should together be pretty good to secure the machine as long as the account for your friend is a standard (non-admin) account or a parental-controlled account (lock out access to disk util, etc).
 
FreakinEurekan

FreakinEurekan

macrumors 603
Sep 8, 2011
5,760
2,778
You could partition the disk and install a second instance of macOS, and only allow access to the new instance. You could even grant Admin access that way, let them do as they will - when you get it back, just toast the whole partition & re-expand your own.
 
K

KALLT

macrumors 603
Sep 23, 2008
5,361
3,378
Nope. You can only rely on firmware restrictions (firmware password) and encryption, otherwise the security is completely dependent upon file permissions and access-control lists. Other user accounts should not be able to access anything in your user directory, aside from the public folder. Standard accounts will have limited access to other directories outside of their own user directory.

I recommend that you change the permissions of any other top-level file and directory in your user directory so that only you have read and write access.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom