Never surrender your password

Never surrender your password

22 Nov 2022
privacy, encryption

In a study that Ars Technica reported on, researchers found that an alarming number of computer repair technicians snooped through clients' devices—and female clients were way more likely to have their data accessed. Yikes!

I once had to take my laptop to get some repairs done. The TAB key on my 2016 MacBook Pro had started glitching, and that wasn't going to fly when I was working on code and needed my tab completions and app switching to be seamless. I took my laptop to the Apple-authorized repair service at my school. The surly technician confirmed my warranty and asked me to fill out an intake form for my computer.

One of the fields on that form was for the root password to my computer. I noted that this form wasn't going to be encrypted, and so I declined to give the password to decrypt my hard drive. (To be honest, even if I could have somehow verified that the form were going to be stored securely, I wouldn't have given up the password.) The technician got a little huffy and said that they needed to be able to run diagnostics to make sure everything was done correctly, etc. This was hard to believe, since it was a hardware problem that could be handled without any software intervention. I refused again; I told them (and wrote in the notes field of the form for any other support technicians) that I worked nearby and could come enter my password if needed within two minutes of getting a call.

The technician didn't like that, but I was insistent. Eventually they relented. I didn't have to give up my password and the repairs were completed without any problems. I was never called to input my password. I doubt something nefarious would have happened at that campus repair shop, but you never know.

There's too much on your hard drive that cannot leak: information about your bank, access to your email, saved passwords, photos, journal entries, etc. Never surrender your password. There may be times when there is a legitimate need for the master password to run some diagnostics, but you should if at all possible be present to put that password in yourself and monitor closely what is done with your hardware. Go out of your way to find reputable repair shops. It will be worth the privacy.

Mastodon