By default encryption on Apple

Topic

New Reply

[Susan Bradley]

From – https://twitter.com/uk_daniel_card/status/1704114858461962714?s=43&t=KuONIw82G4a5IlI_mSrZrg

See the twitter thread – so how is by default encryption on the Apple platform any less confusing that automatic bitlocker to a Microsoft account?

For those of you without twitter accounts try this link/thread

https://nitter.net/uk_daniel_card/status/1704114858461962714?s=43&t=KuONIw82G4a5IlI_mSrZrg

(the post is demonstrating that one can lock oneself out of a device if your secondary device can’t authenticate)

Susan Bradley Patch Lady/Prudent patcher

• This topic was modified 1 week, 4 days ago by Susan Bradley.

1 user thanked author for this post.

Alex5723

Reply | Quote

Replies

What has our demo user done wrong? Can you guess?

Is it a riddle? What’s he selling?

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

2 users thanked author for this post.

Myst, Microfix

Reply | Quote

He’s a security researcher.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Selling cyber consulting services according to the URL in his Twitter profile.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

To extremely large companies, not us consumers.  You are still missing the point.  If Apple does what Bitlocker does, how does their base not get locked out and stories of missing recovery keys?

How is the process different?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Susan Bradley wrote:

If Apple does what Bitlocker does, how does their base not get locked out and stories of missing recovery keys?

I think you mean FileVileVault and not apple

No problem can be solved from the same level of consciousness that created IT- AE

1 user thanked author for this post.

Myst

Reply | Quote

The old Twitter logo.  Seems nostalgic even though it hasn’t been gone that long.

 

Are you suggesting turning encryption off?

Reply | Quote

I’m just saying as much as we bash Bitlocker and OEM, Apple does a similar with it’s encryption where it backs up to an online account.

I’m suggesting that anyone someone has encryption turned on we need to know EXACTLY where the recovery keys are and be prepared to use them.

 

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Susan Bradley wrote:

(the post is demonstrating that one can lock oneself out of a device if your secondary device can’t authenticate)

Monty Python sketch in the making..
Brilliant! even better if one hasn’t got a secondary device..how secure is that!

No problem can be solved from the same level of consciousness that created IT- AE

1 user thanked author for this post.

Myst

Reply | Quote

I didn’t see any thread attached to the post. I suppose it is only available to those who are signed in.

Bitlocker is one thing I haven’t bashed Microsoft for. If either MS or Apple transmits the key to “the cloud” without asking, I’d have a problem with that. As long as I can tell it ‘no,’ I am good. But then, I can’t see what anyone is actually saying.

Susan Bradley wrote:

I’m suggesting that anyone someone has encryption turned on we need to know EXACTLY where the recovery keys are and be prepared to use them.

(Imagine me grinning and tapping my temple with my finger a couple of times)

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11 for maintenance)

1 user thanked author for this post.

Myst

Reply | Quote

https://nitter.net/uk_daniel_card/status/1704114858461962714?s=43&t=KuONIw82G4a5IlI_mSrZrg

Try that link

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

This is a good thing to know.
I have a bunch of Macs, the latest being an iMac4K (Intel Kaby Lake i7), 2020 M1MacMini, and a 2023 M2Max MacBook Pro. I have never found FileVault on by default nor have I ever implemented it. I do have the Firewall ON. But, where I have an Apple ID common to all my Macs, is not an iCloud.com account, and I do not back up to iCloud. My experience with Macs has been with Apple IDs but not iCloud IDs, and the only Apple Silicon Macs I have set up so far have been mine

My experience with encryption has been with default encryption on Windows computers. The Users are ordinary consumers, who have sketchy knowledge of computers at best, and no knowledge of what encryption is. Consequently, I have made it a point to turn it off.

In the next few days, I am due to set up new M2 MacMini for a friend who also has an fairly recent iPhone, an older iPad (iOS 15 last version of updates), an older MacMini (2014 or 2015 maybe, Monterey is the last version of MacOS on it), and an iCloud.com ID.

Seems I will have more to deal with than I originally thought.

1 user thanked author for this post.

Myst

Reply | Quote

Do you start the set up with a local account?  I’m guessing that this occurs if you start with an Apple ID from the getgo. I’ll have to find more details/do some testing.

IDrive is a third party service, not connected/related to Apple.  https://www.idrive.com/

https://support.apple.com/en-us/HT204230

One doesn’t have to have an icloud email address in order to use icloud.

 

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

My mistake. iCloud Drive. I do not back up to it. See #2588388.

Reply | Quote

Now Apple can’t hand iCloud data to authorities after court order.

Reply | Quote

PKCano wrote:

Apple IDs but not iCloud IDs

AppleID = iCloudID that’s the only way to sync and backup.

Reply | Quote

No, you are wrong.

I do NOT use iDrive. I backup only keychain, calender, contacts, FindMy to iCloud (not iDrive). I have an Apple ID that is not @icloud.com. And none of my devices are encrypted. AppleID does not have to be iCloud ID.

Correction: ICloud Drive

Reply | Quote

There is no such Apple service as iDrive.
iCloud ID/password (and Apple Store) are the same as AppleID other wise you can’t auto/manual backup/restore to/from iCloud or manage your devices…on iCloud.com

Reply | Quote

My miatake in nomenclature. iCloud Drive
That is not my case. Period

Reply | Quote

” I backup only keychain, calender, contacts, FindMy to iCloud”

But you then still have an icloud drive.  It’s not “file storage” in the manner  you would describe it, but you are still backing up these items to the cloud.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I set up my MacBook last year, using my Apple ID and turning FileVault on in setup, and it gave me the FileVault recovery key on the screen to copy down as part of the process. Maybe things have changed since then, but that was my experience.

Reply | Quote

So then it’s backed up in the cloud to your icloud account similar to how Microsoft does the process.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I don’t believe so. According to my memory, and according to Apple:

When you turn on FileVault, you choose how you want to unlock your startup disk if you ever forget your password:

iCloud account and password

Recovery key

So you get a choice.

To double check, I’ve had a look in my iCloud and FileVault settings, both on my Mac and on other devices, and there is no mention anywhere of the two being linked.

Reply | Quote

Note: If you have an iMac Pro or another Mac with an Apple T2 Security Chip, the data on your drive is already encrypted automatically.  However, turning on FileVault provides further protection by requiring your login password to decrypt your data.

 

Encrypt Mac data with FileVault – Apple Support

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote