Maybe I'm naive but shouldn't it be enough to encrypt your disk with FileVault? Of course assuming that you don't hand over your password to the technician. Also logging out of iCloud would remove the option to e.g. lock or wipe the device remotely.
After some searching around it seems that a second Admin account can definitely access the FileVault encrypted files of the first Admin account. AFAICT this is because FV is full disk encryption, and any user who can login when FV is on, must therefore necessarily be able to unencrypt the disk. User protections then depend on OS privileges, which don't stop an admin user.
This makes me think that: 1) using FV to secure your data, and then 2) setting up a second admin account on the mac for the repair people is not enough to protect any ssh keys / proprietary code / financial data on the first admin account from anyone who can access the second admin account.
FV is useful but I think you need to combine a dedicated encrypted partition, or encrypted folder (with another tool I guess that can do this) if you want to protect from a second admin account.
graderjs|3 years ago
This makes me think that: 1) using FV to secure your data, and then 2) setting up a second admin account on the mac for the repair people is not enough to protect any ssh keys / proprietary code / financial data on the first admin account from anyone who can access the second admin account.
FV is useful but I think you need to combine a dedicated encrypted partition, or encrypted folder (with another tool I guess that can do this) if you want to protect from a second admin account.
dijonman2|3 years ago
I back it up just in case. Never ever give your data away.