Apple - Can I trust Apple Store's employees with my laptop?
You can probably trust the average genius team (since the machine will be under the watch of many people while it is out of your possession). From a legal standpoint, you have agreed to the AppleCare Repair Service terms and conditions by signing your property and data over to Apple. For the rest of this discussion on the contract between you and Apple relating to your data, I'll focus on the English north american contract.
It lays responsibility on the person bringing in the equipment to remove all confidential or proprietary information from the system. It also lays responsibility on Apple for having "security measures, which should protect your data against unauthorized access or disclosure as well as unlawful destruction." which a lawyer will focus on should which is more binding than may but less binding than shall/must. It continues with
You will be responsible for the instructions you give to Apple regarding the processing of data, and Apple will seek to comply with those instructions as reasonably necessary for the performance of the service and support obligations under the Plan. If you do not agree with the above or if you have questions regarding how your data may be impacted by being processed in this way, contact Apple at the telephone numbers provided.
But why not be a bit skeptical and ask why you might trust them. Sure they are probably trained to protect personal data of customers and respect privacy and there is social pressure to not be a jerk with your personal data.
Some devices (iPhones, iPads, Air and retina MacBook) require advanced skills and potentially damage to the equipment to remove the storage module, so this is something worth exploring a bit as not everyone can simply pop out the hard drive during service like older MacBooks allowed.
I would say never give your password until you understand why it is being used and you are fully informed and willing to take that risk by disclosing your secret. I would also say, when I choose to not entrust a specific password, that I've done one of four things when I have something in for service that was in the category of data requiring more protection than none.
- Wipe the drive - if things are truly sensitive - I have no business saving time by not securely wiping all data that's sensitive before it leaves my control. (or paying for a higher level of service to ensure confidentiality)
- Change the password to either my account or my keychain.
- Make a new temporary account for the testing and give that. Sometimes I give them admin rights - other times I do not.
- Give them a cell phone number and permission to call me 24/7 if they need the password and can explain why it's needed at that point of the repair.
Basically, If you hand your computer to Apple - you are handing it to someone with the tools and help to bypass all passwords(including firmware and normal physical security of the case) and read the data from the hard drive or just take the storage and keep it. Unless you have FileVault or other encryption (like 1Password) and withhold that pass phrase. A technician could if they wanted, make a full copy of your data and perhaps even go snooping. I would ask the genius (or technician) to help educate you to how security works before you proceed with this repair.
If you had a few extra-secret files, you cold put them into encrypted disc images.
There are many repairs where a password is needed to complete the service if your service involves software changes. Normally, this password is asked for to speed up the repair for you and let them replace any and all parts needed to complete the repair. If they are in and find you need a new motherboard, they could just do that if you give them the extra permission and password they need to do all possible work without stopping to contact you and explain what/why.
In your case, I would simply say you'd like to know a bit more about how they secure your password and your data during service. I would bet that the person asking for your password was lulled by the 100th time they've checked in a machine and forgot to ask you if you had any questions or perhaps missed your uneasiness about what was being asked. Once you've made your concern concrete by asking why they need it - you can then say you'd feel better not giving it and ask if that will either delay or prevent the repair. Any shop I trust will spend time to address these concerns to your satisfaction before they would accept your password. They would also lay out for you how to secure things again after the repair - change these three passwords, etc...
As a class, my opinion and experience is that Apple service technicians are highly professional, trained on privacy of your equipment and information and have thought out very well what, how and why they ask for someone's password. But even if bad things have never happened despite good training and policy, mistakes can and will happen in returning the wrong laptop or theft and your data is at risk when in the shop.
It is you in the end who have the right (and responsibility) to be a little suspicious - especially when it's not clear how your password will be used during a repair. The clearer you can be with your concerns - the more comfortable you will be with your choice to trust the specific team you interact with on a case-by-case basis.
Here's your answer:
I agree that:
[...]
• Apple is not responsible for any loss, corruption, or breach of the data on my product during service; and
[...]
The Genius Bar is staffed by people, not robots. Apple can't force them to follow the rules, so there is always a chance that they do something with your data that they're not supposed to.
They can boot your mac from an external hard drive for testing (and if your laptops hard drive is not encrypted, they can access your files that way), so they don't need your password. I even removed the drive before repair and there wasn't a problem here.