macOS-Security-and-Privacy-Guide
macOS-Security-and-Privacy-Guide copied to clipboard
Question: Why remove the admin account from FileVault?
I have difficulties wrapping my head around this recommendation:
The admin account can also be removed from FileVault.
What is the benefit of not being able to unlock the disk using the administrator account? I thought the admin account is supposed to be more difficult to be compromised than the normal user account. So why would only the user account get the FileVault key?
I think I understand the technical details, but don't understand the threat scenario. I would appreciate any clarification.
Thank you for your time 🙂
I can't think of any particularly strong reason to do this, other than as a general separation of privilege, but even then the risk is difficult to comprehend. Feel free to remove or change that directive.
Also from https://support.apple.com/HT203998
If FileVault is enabled, a hidden user may continue to appear in the initial login window after the computer is turned on or restarted.
which leads the whole thing ad absurdum
Thanks for the fix!