Notefile: on the Mac App Store, iCloud, and more Now available on the Mac App Store Dashboard is great for simple widgets like Notefile…
Apple Repairs and Your Admin Password
This weekend my new 13" MacBook Pro started making a noise so horrible that it woke up my fiancée. (It didn’t stir me the slightest, but not much does.) The sound was awful enough that the first thing I sleepily Googled for was “MacBook Pro death rattle”. Once I was awake and listened a bit more it was clear the fan needed to be replaced. I made an appointment at the local Apple Store as soon as possible.
I did some reading online and it sounded like most people were able to get this problem fixed the same day—often while they waited, in as little as half an hour. I cleaned up a few things I didn’t want them poking around in but I didn’t bother to spend too much time on it. The problem was apparent immediately after powering on so they probably wouldn’t even need to log in, right? I’ve been using Macs for 26 years, and I’ve never had to take one in for repairs though, so I didn’t really know what to expect.
When I got to the Genius Bar, the place was packed, so it didn’t surprise me too much that they would need to keep it overnight after all. The best the Genius could tell me was that it may take 7 to 10 days, though she strongly implied that it would not take anywhere near that long. The next question did surprise me though: she asked me to tell her the admin password on my computer.
It caught me off guard because I truly did not expect it. I figured if they needed it they’d just ask me to enter it. It does make some sense though—they just want to make sure they’re able to do whatever is necessary to fix the computer, which could include updating the system software or logging in to reproduce it the problem. So I reluctantly gave it to her. It made me uncomfortable, but I needed this problem fixed, and they thought they needed this information to fix it. It didn’t occur to me to ask if I could change it, or create another account for them—like I said it just caught me off guard and I didn’t know how to react. She put me on the spot and she didn’t present any alternatives. The only alternative that came to mind was taking my computer home, wiping it, and coming back—but after hearing 7 to 10 days, I didn’t want to wait.
Shortly after that I had to sign a paper saying they were not at fault if my data was compromised in any way. I hesitated again, but I’d already given them my password, so I kinda figured it was too late, I couldn’t exactly ask for it back, and I just signed it. Later I realized they’d actually printed my password on there—one copy for me, and one for them.
After we left I realized they I hadn’t just given them access to my files (which I’m not super worried about) but also my keychain and all my saved passwords. Which probably isn’t quite enough to steal my identity or anything, but it’s certainly close, and enough to do a lot of damage.
Now, I’m not really too worried that anything bad is going to happen. The possibility is there, and it’s scary, I’ve had a kind of awful feeling over it since. But I think the odds are very low. What bothers me is how nonchalant they were about the whole thing, and how they clearly do this thousands of times a day, across the country and around the world, like it’s no big deal at all.
When you make an appointment they warn you up front to back up your data, but they don’t do anything to warn you about this. In the worst case scenario I think I’d honestly rather lose everything on my computer than have someone access and abuse all of my accounts. I can’t totally blame Apple because I clearly had the option to say no, but I do feel taken advantage of. They’re in a position of power—I desperately need that computer working!—and they’re being careless with that power.
The worst part is that there are so many easily solutions to this problem. I had to give them permission to wipe my hard drive if necessary, so that alone makes it possible to make any software changes they need to. I’m sure they’d prefer to avoid that if possible, but it still isn’t necessary to have access to my account. The proper solution to this seems really simple to me: instead of asking for my password, ask me to enter it, privately, while I’m sitting there. Then they could create a separate admin account for later use, and log out of my account. They could use a standard account name and password, so it would be easier for them and far safer for me. Sure, this would still give access to my files, but at least all of my online accounts and passwords would be safe. For someone that uses FileVault, even their files would be safe this way. Like they should be.
Until they get their act together, I have a strong suggestion for anyone taking a Mac in for repair: Open System Preferences and click Accounts. Click the lock icon at the bottom and then click the + to add an account just for Apple. You’ll also want to disable Automatic Login in the Login Options.
Update: One thing I meant to expand on, which is really the worst thing about this: Apple is telling people it’s okay to give out their passwords if someone trying to help them asks nicely. I fell for it and I should know better. But think of all the other people who don’t know better. Their experience with Apple goes great and then next week someone at PayPal needs their password. People’s willingness to do this is the reason phishing scams exist! Apple is telling people it’s okay to give out your password if someone really needs it, and I do not agree with that at all.
Our Mac software, Mountain Lion, and the Retina Display OS X Mountain Lion is now available, and the MacBook Pro with Retina Display has been out…
Junecloud and Lion compatibility The latest version of Mac OS X, Lion, is now available, and you may be wondering if our…
Introducing Notefile Notefile is a project I’ve had kicking around for a long time. It all started with…
Delivery Status for Mac 5.3 beta 4 Update: This beta is now closed, thanks for your help! New in this version: •…