With the information gathered from iTunes, its Retail Stores, Apps, and iCloud, Apple knows more about you than you might think. They know your taste in music, the last video you rented, and how many pages you have left in your favorite iBook. They know the last Apple Store you visited, how long you stayed, what you bought, and what you brought in for repair. If you use iCloud Apple has access to your documents. They may not read them, but Apple knows which apps created them because they sold you those applications in the first place. Your Calendar, Contacts, and Email can all be stored on Apple’s servers giving them access to everyone you know, when you see them, and what you say to them in email, iMessage, and Ping. Even the harmless diagnostic information Apple collects from your devices gives them some idea where you travel, but don’t worry about going home. Apple already knows where you live. They have your billing information on file. In short, Apple knows a lot about you from the data you share and the purchases you make, but that doesn’t mean you have to give them access to everything.
Starting in Mac OS X 10.7 Lion Apple allowed users to log into their Macs, and reset their passwords using their Apple IDs. This option is checked by default, and makes Apple the master gatekeeper for any Mac with it enabled. What sounds like a great option for forgetful users who frequent the Genius Bar to reset their passwords, is a bad decision for experienced computer users like you or me. The last thing we want is someone else logging into our Macs, and gaining access to our digital lives. Make your Mac personal again. Keep your login credentials to yourself. Apple doesn’t need to know.
But what about encryption, I thought FileVault 2 was supposed to make everything safe? Not if you allowed Apple to reset your Mac’s login password with your Apple ID. Your Apple ID can cut through FileVault 2’s defences just as long as your computer is logged in with an active internet connection. Do yourself a favor and keep your Apple ID out of your encryption key.
Even worse, if you enrolled your Mac or iOS device in Apple’s iCloud location service an intruder with knowledge of your Apple ID could wipe said devices right out from under you by simply visiting the iCloud.com website. There is no need to tie this kind or power to a publicly accessible website when local encryption can keep would be intruders off of your Macs and lost to your location. Apple doesn’t need to know where you are going or the power to remotely wipe your Mac if it is safely encrypted.
The easiest solution to this problem is to remove your Apple ID from your Mac’s user account, and uncheck the option that allows you to reset your password using your Apple ID.
- Open System Preferences.
- Go to Users & Groups Preference Pane.
- Select your Account.
- In the Apple ID section, click on the “Change…” button.
- In the window that appears, select your Apple ID account.
- Click the minus (-) button to remove it.
- Click the “Done” button to confirm.
- Uncheck “Allow user to reset password using Apple ID”
After making this change the EncryptedRoot.plist.wipekey on the Recovery HD is regenerated restoring security to your FileVault encrypted Mac. Be sure to visit iCloud.com and disable Find my Mac and Find my phone for all of the devices you do not want Apple to keep tabs on, or have the power to remotely wipe. Remember your passwords, secure your data with encryption, and keep track of your device. Apple doesn’t need to know.