Security Issue After Shop Repair ?

G

Gebo

Joined
Sep 18, 2002
Messages
6,056
Location
VA
I might be slightly tainted so please don't laugh. Here's the scenario. Wife's 2010 iMac finally died last night. Repair shop looked at it today and said
he could patch it for $400, really fix it for $500, sell me a used iMac for $900 or I could buy a new iMac if I could find one ($1500). With those
choices and the fact several of her "work" apps can't be upgraded on the 2010 model, we decided to purchase a new iMac. I called around
and found a blue one in NC. Got it and took it to the Repair shop at 5:40 pm for them to transfer data from the old HD to the new iMac.
He said it would be no issue for him as he already had access to the hard drive. He asked for my password when I dropped it off as he would need it during the repair.

Here is my dilemma. He will have access to all our passwords, right? What do I need to do to protect our info? Do I just go and change the financial
passwords? I will get the old HD and do some drilling through it before I trash it. With Paypal I have that 2 factor ID or whatever you call it where I get
a text on my phone so Paypal should be protected, right?
 
Do you have a password list, unencrypted, on your hard drive, or access to a password manager that will show in your browser history?

I suppose the paranoid approach is the best one.
 
I'd imagine the password is ONLY for the admin account of the OS, to gain access to protected files to copy them.

This does not give further access to anything else, unless you have reused the same password for your computer OS account, for other accounts as well, or if you have some password list among the files on your computer that is conspicuously named so he'd notice it.

If either of these things is true then yes I would change passwords on any accounts where you could suffer loss from someone else having access to them, and regardless, I would make unique strong passwords for those accounts anyway if you reused same password ANYWHERE else (not just for the computer OS account).

Yes two factor authentication is more secure, unless the perpetrator knows something about you. For example if it is the question "What's the name of your pet?" you have pictures of your dog in your documents folder named "Spot as a puppy.jpg" it wouldn't be too hard to put two and two together to figure your dog's named spot.
 
Gebo said:
I might be slightly tainted so please don't laugh. Here's the scenario. Wife's 2010 iMac finally died last night. Repair shop looked at it today and said
he could patch it for $400, really fix it for $500, sell me a used iMac for $900 or I could buy a new iMac if I could find one ($1500). With those
choices and the fact several of her "work" apps can't be upgraded on the 2010 model, we decided to purchase a new iMac. I called around
and found a blue one in NC. Got it and took it to the Repair shop at 5:40 pm for them to transfer data from the old HD to the new iMac.
He said it would be no issue for him as he already had access to the hard drive. He asked for my password when I dropped it off as he would need it during the repair.

Here is my dilemma. He will have access to all our passwords, right? What do I need to do to protect our info? Do I just go and change the financial
passwords? I will get the old HD and do some drilling through it before I trash it. With Paypal I have that 2 factor ID or whatever you call it where I get
a text on my phone so Paypal should be protected, right?
Click to expand...
.010% chance of that happening, only a small few are criminal. But I won't discount a micro bit of worry. Where were all of your passwords kept so he could get access to them?
 
Well, my computer was set up to auto fill Passwords. The admin password was also used in "Keychain Access" which isn't cool now that I think about it. I use Brave as a browser which I thought I look up all my passwords.
 
CleanSump said:
Change them. You sleep, he can't get in. Get your old harddrive back, wipe it, and destroy it. Fraud/theft averted.
Many wipe softwares are available.
Click to expand...
I'm not that smart to wipe my HDD. I have about 20 HDD plates in a bag that I want to destroy somehow. Some day. Who knows what's on them. I can barely get into my own accounts knowing the passwords.
 
He should not have needed the password if he was just copying data. If the old drive was in a USB enclosure, it would just mount and at no point would he have to "login" to your old account. The exception would be if the drive was encrypted,

Now, it's possible he was cloning the drive and wanted your password to login so he could update it after the fact, but a clean install is better, even if more work.
 
eljefino said:
Do you have a password list, unencrypted, on your hard drive, or access to a password manager that will show in your browser history?

I suppose the paranoid approach is the best one.
Click to expand...
Yes
 
Mainia said:
.010% chance of that happening, only a small few are criminal. But I won't discount a micro bit of worry. Where were all of your passwords kept so he could get access to them?
Click to expand...
Keychain Access
 
Gebo said:
Keychain Access
Click to expand...
I am all about security, as this is how I get on the internet.


Unless you drove up in a super car, came in, in a flashy suit with gold chains and a Rolex, if you were a *****ead to the help there, or are a known famous person, do you think they are really going to care to dig into your stuff? I know we hear stories..... Then just change the passwords for finances and call it a day.
 
Mainia said:
I am all about security, as this is how I get on the internet.


Unless you drove up in a super car, came in, in a flashy suit with gold chains and a Rolex, where a ******** to the help there,or are a known famous person, do you think they are really going to care to dig into your stuff? I know we hear stories..... Then just change the passwords for finances and call it a day.
Click to expand...
I fit none of your descriptions so I’m thinking just change my financial passwords. As per some if you have advised.

I looked at your picture and got scared. LOL
 
I personally would never use a browser's password saving program. I would use a known top tier password program like 1Password or LastPass. If you do I would never have your bank or stock access saved in the browser for your very scenario. If you brought it to an Apple store, I would feel the safest vs a private store or Best Buy. Changing financial passwords just make sense in any scenario.

As a Mac guy myself, do not trust Time Machine for backups as your ONLY backup. I have have been burned twice by Time Machine, but that is because I use it as an always on use. If you use it by plugging your external drive every month it would be ok. Daily there are too many hard links it eventually crumbed onto itself. I have a 1 TB SSD 3M velcroed to the back of my iMac M1, partitioned in half. One half goes to Time Machine and the other half goes to a partition that gets cloned to by Carbon Copy Cloner every other day. An enterprise quality backup program from an X Time Machine Apple employee. That program is more then rock solid. If you would of had that, you could of done the transfer yourself by watching one video on Youtube. It is so so so easy and simple to do, anyone can do it.
 
You must log in or register to reply here.

Similar threads

K
New-ish Maytag washing machine from 2018 is already dead
2 3
Replies
45
Views
2K
Paco Pena
y_p_w
Apple Watch Series 9 DOA
2 3
Replies
46
Views
1K
alarmguy
LDB
Apple M3 vs the masses
2
Replies
34
Views
1K
Rand
AZjeff
Use a mouse with a smart phone, who knew? (PSA)
Replies
12
Views
1K
Pew
paulri
Amazon (or Asurion) warrantees
Replies
7
Views
535
fantastic
Back
Top