Glenn Fleishman reports for Macworld, “Don Kerns asks, in light of the removal of Secure Empty Trash for SSDs in El Capitan, about a repair operation he needs for his brand spanking new Mac: ‘My concern is providing the laptop to the service center with admin password or temp admin privileges as this appears to give them full access to my FileVault encrypted drive.'”
“Don started in absolutely the right way, which is to use FileVault from the beginning with an SSD,” Fleishman reports. “Because of the way an SSD’s management software distributes wear evenly to prevent premature failure of parts of the drive, you can’t be sure that none of your data is recoverable by a determined-enough party.”
The solution is in the full article here.
MacDailyNews Take: Yes, the solution is likely what you think it is. It’s really not that bad (and it guarantees you have a backup, too)!
Isn’t it best to make an ‘In for repair’ user account that doesn’t have privileges to access the the main user?
No, that’s not really going to help. If you want security, you’ll want to turn on File Vault from the beginning. You don’t need to give them an account because they’ll boot off a network drive (or an attached drive).
If you didn’t use File Vault, regardless of whether or not you gave them an account, they could still boot off another drive and access all of your data.
For security, turn on File Vault. For data protection, turn on Time Machine and maintain multiple backups (at least one off-site).
The simple solution is to (a) use FileVault and (b) refuse to give anyone (including Apple) your login credentials. 😉