The Future of Deliveries Deliveries began as a hobby—it was first released as a Dashboard widget named “Apple…
Apple Repairs and Your Admin Password
This weekend my new 13" MacBook Pro started making a noise so horrible that it woke up my fiancée. (It didn’t stir me the slightest, but not much does.) The sound was awful enough that the first thing I sleepily Googled for was “MacBook Pro death rattle”. Once I was awake and listened a bit more it was clear the fan needed to be replaced. I made an appointment at the local Apple Store as soon as possible.
I did some reading online and it sounded like most people were able to get this problem fixed the same day—often while they waited, in as little as half an hour. I cleaned up a few things I didn’t want them poking around in but I didn’t bother to spend too much time on it. The problem was apparent immediately after powering on so they probably wouldn’t even need to log in, right? I’ve been using Macs for 26 years, and I’ve never had to take one in for repairs though, so I didn’t really know what to expect.
When I got to the Genius Bar, the place was packed, so it didn’t surprise me too much that they would need to keep it overnight after all. The best the Genius could tell me was that it may take 7 to 10 days, though she strongly implied that it would not take anywhere near that long. The next question did surprise me though: she asked me to tell her the admin password on my computer.
It caught me off guard because I truly did not expect it. I figured if they needed it they’d just ask me to enter it. It does make some sense though—they just want to make sure they’re able to do whatever is necessary to fix the computer, which could include updating the system software or logging in to reproduce it the problem. So I reluctantly gave it to her. It made me uncomfortable, but I needed this problem fixed, and they thought they needed this information to fix it. It didn’t occur to me to ask if I could change it, or create another account for them—like I said it just caught me off guard and I didn’t know how to react. She put me on the spot and she didn’t present any alternatives. The only alternative that came to mind was taking my computer home, wiping it, and coming back—but after hearing 7 to 10 days, I didn’t want to wait.
Shortly after that I had to sign a paper saying they were not at fault if my data was compromised in any way. I hesitated again, but I’d already given them my password, so I kinda figured it was too late, I couldn’t exactly ask for it back, and I just signed it. Later I realized they’d actually printed my password on there—one copy for me, and one for them.
After we left I realized they I hadn’t just given them access to my files (which I’m not super worried about) but also my keychain and all my saved passwords. Which probably isn’t quite enough to steal my identity or anything, but it’s certainly close, and enough to do a lot of damage.
Now, I’m not really too worried that anything bad is going to happen. The possibility is there, and it’s scary, I’ve had a kind of awful feeling over it since. But I think the odds are very low. What bothers me is how nonchalant they were about the whole thing, and how they clearly do this thousands of times a day, across the country and around the world, like it’s no big deal at all.
When you make an appointment they warn you up front to back up your data, but they don’t do anything to warn you about this. In the worst case scenario I think I’d honestly rather lose everything on my computer than have someone access and abuse all of my accounts. I can’t totally blame Apple because I clearly had the option to say no, but I do feel taken advantage of. They’re in a position of power—I desperately need that computer working!—and they’re being careless with that power.
The worst part is that there are so many easily solutions to this problem. I had to give them permission to wipe my hard drive if necessary, so that alone makes it possible to make any software changes they need to. I’m sure they’d prefer to avoid that if possible, but it still isn’t necessary to have access to my account. The proper solution to this seems really simple to me: instead of asking for my password, ask me to enter it, privately, while I’m sitting there. Then they could create a separate admin account for later use, and log out of my account. They could use a standard account name and password, so it would be easier for them and far safer for me. Sure, this would still give access to my files, but at least all of my online accounts and passwords would be safe. For someone that uses FileVault, even their files would be safe this way. Like they should be.
Until they get their act together, I have a strong suggestion for anyone taking a Mac in for repair: Open System Preferences and click Accounts. Click the lock icon at the bottom and then click the + to add an account just for Apple. You’ll also want to disable Automatic Login in the Login Options.
Update: One thing I meant to expand on, which is really the worst thing about this: Apple is telling people it’s okay to give out their passwords if someone trying to help them asks nicely. I fell for it and I should know better. But think of all the other people who don’t know better. Their experience with Apple goes great and then next week someone at PayPal needs their password. People’s willingness to do this is the reason phishing scams exist! Apple is telling people it’s okay to give out your password if someone really needs it, and I do not agree with that at all.
View more
Mac
An update on our apps It’s been a while since we shared an update on everything we’re working on. With iOS 15…
Upcoming changes to Deliveries Deliveries 9.2 will be available soon, and we wanted to let you know about some changes…
Deliveries 9 will arrive September 30 Deliveries 9 will be available this Wednesday, September 30, for iPhone, iPad, Apple…
Comments
This entry has 13 comments.
posco2k8 wrote on July 28, 2009:
I’ve taken in my white 13” MacBook to replace the cracking plastic around the keyboard. They did it right there in an hour and never powered it on. So, I am also surprised that they asked for your admin password.
It would be really bad in my situation too. They would have access to my GPG private key. Also, all the private RSA keys I use for SSH (and a list of the SSH servers I visit in my config files). Those are all pass phrase protected as well, but it is still an unsettling thought.
I think you have a good solution. I would probably be paranoid enough to just copy my hard drive to an external and then just wipe the drive as well as possible with dd or something and then reinstall OS X.
Apple should be making some sort of effort to guarantee that your data is safe. Or, they should remove your hard drive from the unit, hand it to you, and just use a test one during the repair process. That would be the best solution for everyone. If it was a software issue, they should attempt to troubleshoot it with you present.
Greg Smith wrote on July 28, 2009:
My user account is in a filevault. When ever I need to take my computer in for repairs, I will make a special admin account for Apple (with a username “apple”). I have made it right in the store. They have never had a problem with this.
I also always make a back up before taking it in.
Pat wrote on July 28, 2009:
I’m actually waiting for Fedex to come pick up my first gen 17” MacBook Pro for repair (getting everything repaired that i can before the Applecare is up next week) and when i called in to set up the repair they asked for my password over the phone. I told the nice woman at Apple support that there will be no password on the machine because I will be doing a clean install before sending it out.
I know they need the pasword to get into the machine, but access to my keychain & personal documents? No thanks. I’ll be formatting my white MacBook as well, when I send it in to have the bottom case repaired (it’s one of the ones with the defective plastic casing).
bill wrote on July 28, 2009:
This is just common sense. Before you hand your computer over to [company] you make a disk image. You create an admin account as a courtesy to the technician who will work on the machine. If you have sensitive data (keychain, pgp keys, naked pictures of your SO) that you don’t want to take the chance of someone else seeing, you wipe your account. When you get your machine back, you can restore the image and know that you’ll be in the same state as when you started.
Don’t point any fingers at Apple on this one.
Alan wrote on July 28, 2009:
Apple is telling you they need access to an administrator account to correctly perform your repair. You chose to provide them with an administrator account that also contains your personal information in it. There’s no requirement to do so. Apple will be just as happy to use an administrator account that has no personal information in it. Furthermore, they’re just as happy to work on a machine that has no personal data on it at all. You could have backed it up, and wiped your data before bringing it in.
Comparing Apple’s legitimate business need for an administrator password on a machine to a shady phishing attempt is quite a stretch. I think you may be feeling a bit unhappy with yourself in that you gave out sensitive information without questioning it, but pointing the blame towards Apple is unfair.
The Genius you worked with is a professional and also a human, and would understand and happily assist you in making sure you’re comfortable with what information you’re giving up, wether that be by making a second administrator account or removing sensitive data prior to checkin. All you had to do is speak up and I’m sure someone would have listened.
Mike Piontek wrote on July 28, 2009:
I’m aware of what I could and should have done. I learned from my mistake—I posted this so others can learn from it too.
Everyone told me it’d be a quick repair while I waited, so I wasn’t prepared for them to keep it. The fan noise was very bad, I was worried about something breaking off and causing more damage, so I didn’t want to use it longer than necessary. My original plan was to go home and swap out the drive if they needed to keep it for a while.
I know they would have worked with me if I refused, but as I said it caught me completely off guard. I was just flustered. She didn’t as for “an admin password”, she asked for “the admin password”—there was no hint at an alternative. They put me on the spot and I made a bad decision. The only alternative that I could think of was taking it home to clear it off, and come back the next day. That seemed like a waste of time if I could have it fixed and returned by the next day.
Like I said, I’m not putting all the blame on Apple. They asked for my password and I gave it to them. But I really do feel strongly that they should not ask people for their passwords in the first place. The solution I described is a better solution—for everyone!—and only takes a few extra seconds. I don’t think it’s Apple’s responsibility to protect people’s data, but if they can take some simple steps to help I don’t see why they wouldn’t.
Alan: I’m not saying that what Apple is doing is anything at all like a phishing scam. They are telling their customers it’s okay to give their password to a person of authority, if they have a good reason. It’s that sort of attitude that makes things easier for people that are doing phishing scams.
teinby wrote on August 9, 2009:
thank you! I really liked this post!
jyuichi wrote on August 12, 2009:
You actually run your daily activities on an admin account?
I use a standard for all day-to-day personal stuff and an admin account and password for admin things. (You don’t even need to log out, just give the other username when OSX prompts for verification). I guess this means I have a personal data-free admin account ready if this situation ever arises.
Jon wrote on August 13, 2009:
I work in IT support at a liberal arts college, so we tend to ask for not only local account information, but domain account information as well, depending on the problem. Now, the important thing is the following: everyone in the office has signed an agreement and has an understanding of FERPA. The Wiki doesn’t really do it justice, but if anyone in the office does anything with the information found on a student’s computer, we get canned. I’m sure Apple has similar policies in place, although I agree that they may want to work on making all the options available so people don’t get flustered.
David wrote on August 24, 2009:
I just took my MacBook Air into an Apple Store to get the hinge replaced. I too was taken offguard when the Genius asked me for my password (otherwise the experience was fast and comfortable). In preparation for this possible eventuality, and people poking around on the hard drive, I already rm’ed my ssh key, etc. They could still image the hard drive, but it discourages casually unscrupulous employees. The Genius handed me his business card and a pen and asked me to write down the password. I was about to, but every instinct screamed against writing down my carefully protected password out in the open. So I hesitated and asked him if they could perform the hardware repair without the password and that I am uncomfortable with giving it out. He gave an easy sure and on the form I was asked to sign later the password field said “preferred not to give”.
So if anyone else gets into this situation, just say no when they ask for the password. You don’t have to reschedule an appointment or create an account right there for them or anything if the issue is entirely hardware.
I just wish they would give this option upfront to people. It’s weird that they don’t.
Jonah wrote on August 31, 2009:
This is a very interesting thread, and leads me to a question that’s been troubling me.
I recently picked up a new Mac, and when I turned it on for the first time it asked me to create an Administrator account and enter a password. No problem. It then said it was communicating with Apple (Inc.) over the Internet.
What the…?
So apple now knows the machine is in service, warrantee activated, etc. But do they have access to the admin password?? I hope the answer is no, but given the options for remote access that exist in OS X/Leopard, and the fact that you might be doing some cloud computing, I can imagine situations in which people would _want_ to be able to get at things remotely (or have Apple read/restore their Admin account). I’m just not one of them.
Why would the machine connect with Apple automatically *at all*, and why only once I’d entered a password? My former system did no such thing, ever, and it’s making me a bit paranoid in light of this whole thread.
Mike Piontek wrote on September 1, 2009:
Your password is not sent to Apple when you set up your Mac, no need to worry about that! Two of the screens during setup are registering your Mac, and when you’ve finished with the setup it will send that registration info to Apple. Registration is optional, you can skip it if you like.
Nate wrote on September 16, 2009:
I usually remove the password before I take it in, and use a different password manager for my sensitive passwords. I prefer stronger encryption on those passwords anyway.