|
|
|
|
|
|
by graderjs
1341 days ago
|
|
|
After some searching around it seems that a second Admin account can definitely access the FileVault encrypted files of the first Admin account. AFAICT this is because FV is full disk encryption, and any user who can login when FV is on, must therefore necessarily be able to unencrypt the disk. User protections then depend on OS privileges, which don't stop an admin user. This makes me think that: 1) using FV to secure your data, and then 2) setting up a second admin account on the mac for the repair people is not enough to protect any ssh keys / proprietary code / financial data on the first admin account from anyone who can access the second admin account. FV is useful but I think you need to combine a dedicated encrypted partition, or encrypted folder (with another tool I guess that can do this) if you want to protect from a second admin account. |
|
|