Stolen MacBook should I worry about my data?How to secure data before returning Macbook Air?Macbook pro, rootkithunterPatching Mac DMA attackShould I worry about a breach where my password was not revealed?Did I get “hacked”? Need helpIs non-malicious unauthorised usage likely to suggest a security compromise?How secure is the new MacBook Pro's Touch ID?MacBookPro's OSX install.log has entries that predate the initial unboxingHow to Best Minimize Damage After Loss of Computer
Shift lens vs move body?
How do we improve collaboration with problematic tester team?
A first "Hangman" game in Python
Why does matter stay collapsed in the core, following a supernova explosion?
Why is explainability not one of the criteria for publication?
What are the IPSE’s, the ASPE’s, the FRIPSE’s and the GRIPSE’s?
Why did James Cameron decide to give Alita big eyes?
Why is there not a willingness from the world to step in between Pakistan and India?
Can an object tethered to a spaceship be pulled out of event horizon?
Commercial company wants me to list all prior "inventions", give up everything not listed
Time difference between banns and marriage
Why does the weaker C–H bond have a higher wavenumber than the C=O bond?
Should I use the words "pyromancy" and "necromancy" even if they don't mean what people think they do?
Which meaning of "must" does the Slow spell use?
Did ancient peoples ever hide their treasure behind puzzles?
Half filled water bottle
Are strlen optimizations really needed in glibc?
Drawing probabilities on a simplex in TikZ
To what extent should we fear giving offense?
How many petaflops does it take to land on the moon? What does Artemis need with an Aitken?
Does the Reduce option from the Enlarge/Reduce spell cause a critical hit to do 2d4 less damage?
How to emphasise the insignificance of someone/thing – besides using "klein"
Federal Pacific 200a main panel problem with oversized 100a 2pole breaker
Force SQL Server to use fragmented indexes?
Stolen MacBook should I worry about my data?
How to secure data before returning Macbook Air?Macbook pro, rootkithunterPatching Mac DMA attackShould I worry about a breach where my password was not revealed?Did I get “hacked”? Need helpIs non-malicious unauthorised usage likely to suggest a security compromise?How secure is the new MacBook Pro's Touch ID?MacBookPro's OSX install.log has entries that predate the initial unboxingHow to Best Minimize Damage After Loss of Computer
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
Unfortunately, someone stole my laptop(Macbook) and I did not realize that for 48 hours. Now, this was a work laptop and my company's security team is going to wipe the laptop out remotely if it is on ASAP. Which is nice.
However, what I am worried about is more about what could happen in those first 48 hours.
- My passwords were all over the place(auto-fill on my browser etc)
- My evernote had some good amount of passwords
What I am guessing is that since it was stolen from my car, someone stealing it was interested more into selling parts of it or wipe it off and re-sell it(Not data). At least, I hope that.
Now, in worst case scenario, if it was stolen by a person who is dedicatedly interested in data. What are their options? Can they really crack open a Macbook and get my data?
If so, what are my options?
account-security macos apple
edited 8 hours ago
Conor Mancone
13.5k5 gold badges36 silver badges59 bronze badges
asked 9 hours ago
LostLost
1621 silver badge4 bronze badges
add a comment |
Unfortunately, someone stole my laptop(Macbook) and I did not realize that for 48 hours. Now, this was a work laptop and my company's security team is going to wipe the laptop out remotely if it is on ASAP. Which is nice.
However, what I am worried about is more about what could happen in those first 48 hours.
- My passwords were all over the place(auto-fill on my browser etc)
- My evernote had some good amount of passwords
What I am guessing is that since it was stolen from my car, someone stealing it was interested more into selling parts of it or wipe it off and re-sell it(Not data). At least, I hope that.
Now, in worst case scenario, if it was stolen by a person who is dedicatedly interested in data. What are their options? Can they really crack open a Macbook and get my data?
If so, what are my options?
account-security macos apple
edited 8 hours ago
Conor Mancone
13.5k5 gold badges36 silver badges59 bronze badges
asked 9 hours ago
LostLost
1621 silver badge4 bronze badges
2
Given enough time and effort, in the worst case scenario, yes this would be possible. That's why we usually encrypt our drive(s) in order to prevent data leakage. In the meantime, you should change all your online passwords a.s.a.p.
– Jeroen - IT Nerdbox
9 hours ago
add a comment |
Unfortunately, someone stole my laptop(Macbook) and I did not realize that for 48 hours. Now, this was a work laptop and my company's security team is going to wipe the laptop out remotely if it is on ASAP. Which is nice.
However, what I am worried about is more about what could happen in those first 48 hours.
- My passwords were all over the place(auto-fill on my browser etc)
- My evernote had some good amount of passwords
What I am guessing is that since it was stolen from my car, someone stealing it was interested more into selling parts of it or wipe it off and re-sell it(Not data). At least, I hope that.
Now, in worst case scenario, if it was stolen by a person who is dedicatedly interested in data. What are their options? Can they really crack open a Macbook and get my data?
If so, what are my options?
account-security macos apple
edited 8 hours ago
Conor Mancone
13.5k5 gold badges36 silver badges59 bronze badges
asked 9 hours ago
LostLost
1621 silver badge4 bronze badges
Unfortunately, someone stole my laptop(Macbook) and I did not realize that for 48 hours. Now, this was a work laptop and my company's security team is going to wipe the laptop out remotely if it is on ASAP. Which is nice.
However, what I am worried about is more about what could happen in those first 48 hours.
- My passwords were all over the place(auto-fill on my browser etc)
- My evernote had some good amount of passwords
What I am guessing is that since it was stolen from my car, someone stealing it was interested more into selling parts of it or wipe it off and re-sell it(Not data). At least, I hope that.
Now, in worst case scenario, if it was stolen by a person who is dedicatedly interested in data. What are their options? Can they really crack open a Macbook and get my data?
If so, what are my options?
account-security macos apple
account-security macos apple
edited 8 hours ago
Conor Mancone
13.5k5 gold badges36 silver badges59 bronze badges
asked 9 hours ago
LostLost
1621 silver badge4 bronze badges
edited 8 hours ago
Conor Mancone
13.5k5 gold badges36 silver badges59 bronze badges
asked 9 hours ago
LostLost
1621 silver badge4 bronze badges
edited 8 hours ago
Conor Mancone
13.5k5 gold badges36 silver badges59 bronze badges
edited 8 hours ago
Conor Mancone
13.5k5 gold badges36 silver badges59 bronze badges
edited 8 hours ago
Conor Mancone
13.5k5 gold badges36 silver badges59 bronze badges
13.5k5 gold badges36 silver badges59 bronze badges
asked 9 hours ago
LostLost
1621 silver badge4 bronze badges
asked 9 hours ago
LostLost
1621 silver badge4 bronze badges
asked 9 hours ago
LostLost
1621 silver badge4 bronze badges
1621 silver badge4 bronze badges
2
Given enough time and effort, in the worst case scenario, yes this would be possible. That's why we usually encrypt our drive(s) in order to prevent data leakage. In the meantime, you should change all your online passwords a.s.a.p.
– Jeroen - IT Nerdbox
9 hours ago
add a comment |
2
Given enough time and effort, in the worst case scenario, yes this would be possible. That's why we usually encrypt our drive(s) in order to prevent data leakage. In the meantime, you should change all your online passwords a.s.a.p.
– Jeroen - IT Nerdbox
9 hours ago
2
2
Given enough time and effort, in the worst case scenario, yes this would be possible. That's why we usually encrypt our drive(s) in order to prevent data leakage. In the meantime, you should change all your online passwords a.s.a.p.
– Jeroen - IT Nerdbox
9 hours ago
Given enough time and effort, in the worst case scenario, yes this would be possible. That's why we usually encrypt our drive(s) in order to prevent data leakage. In the meantime, you should change all your online passwords a.s.a.p.
– Jeroen - IT Nerdbox
9 hours ago
add a comment |
2 Answers
2
active
oldest
votes
If your laptop doesn't require a password, then they have your data.
If you had a password, and that password is required every time you open your screen, AND you had filevault turned on (or your company did), then they need to guess your password to decrypt the data.
But, if you had a dumb password, they can probably guess it. Check out haveibeenpwned.com to determine if you had a dumb password.
If you had a strong password, file vault, and your device requires you to enter a password, then you're probably ok.
Still, why not go through your accounts and reset them anyways. Now's a good of time as any. Get a password manager like 1password and let it autogenerate passwords for you. Choose a not-dumb password (like a truly random string of 10 characters - google a pw generator) for your password manager and memorize it.
Do the same for your new laptop password. You'll have to memorize two crazy passwords. Write them and put them in your wallet until you do remember them.
answered 9 hours ago
JonathanJonathan
1,3987 silver badges12 bronze badges
2
While I generally agree with this response, I think it could be improved in a couple of ways. First, haveibeenpwned.com serves as a way to see if an email address has been associated with "dumps" containing a potential password to the account. It does not serve as a metric to measure password strength. Instead, I would reference a list of the most common passwords, as a thief who likely does not have password cracking skills is unlikely to manually test many besides these.
– svartedauden
8 hours ago
2
Second, while the suggestion of a password manager is good, I think the suggestion of a random string of 10 characters isn't in practice the ideal password for something like disk decryption or a password manager. While it's all up to personal preference, a set of words or a phrase could be easier to remember while being just as difficult if not more difficult to crack, depending on context.
– svartedauden
8 hours ago
add a comment |
Even if you format (wipe) the data, someone clever enough can still recover it, but that requires some serious skills. Try to google "recovering formatted drives".
They would still need to crack your password as macs are encrypted.
answered 8 hours ago
Puértolas LuisPuértolas Luis
11 bronze badge
New contributor
Puértolas Luis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f216050%2fstolen-macbook-should-i-worry-about-my-data%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
If your laptop doesn't require a password, then they have your data.
If you had a password, and that password is required every time you open your screen, AND you had filevault turned on (or your company did), then they need to guess your password to decrypt the data.
But, if you had a dumb password, they can probably guess it. Check out haveibeenpwned.com to determine if you had a dumb password.
If you had a strong password, file vault, and your device requires you to enter a password, then you're probably ok.
Still, why not go through your accounts and reset them anyways. Now's a good of time as any. Get a password manager like 1password and let it autogenerate passwords for you. Choose a not-dumb password (like a truly random string of 10 characters - google a pw generator) for your password manager and memorize it.
Do the same for your new laptop password. You'll have to memorize two crazy passwords. Write them and put them in your wallet until you do remember them.
answered 9 hours ago
JonathanJonathan
1,3987 silver badges12 bronze badges
2
While I generally agree with this response, I think it could be improved in a couple of ways. First, haveibeenpwned.com serves as a way to see if an email address has been associated with "dumps" containing a potential password to the account. It does not serve as a metric to measure password strength. Instead, I would reference a list of the most common passwords, as a thief who likely does not have password cracking skills is unlikely to manually test many besides these.
– svartedauden
8 hours ago
2
Second, while the suggestion of a password manager is good, I think the suggestion of a random string of 10 characters isn't in practice the ideal password for something like disk decryption or a password manager. While it's all up to personal preference, a set of words or a phrase could be easier to remember while being just as difficult if not more difficult to crack, depending on context.
– svartedauden
8 hours ago
add a comment |
If your laptop doesn't require a password, then they have your data.
If you had a password, and that password is required every time you open your screen, AND you had filevault turned on (or your company did), then they need to guess your password to decrypt the data.
But, if you had a dumb password, they can probably guess it. Check out haveibeenpwned.com to determine if you had a dumb password.
If you had a strong password, file vault, and your device requires you to enter a password, then you're probably ok.
Still, why not go through your accounts and reset them anyways. Now's a good of time as any. Get a password manager like 1password and let it autogenerate passwords for you. Choose a not-dumb password (like a truly random string of 10 characters - google a pw generator) for your password manager and memorize it.
Do the same for your new laptop password. You'll have to memorize two crazy passwords. Write them and put them in your wallet until you do remember them.
answered 9 hours ago
JonathanJonathan
1,3987 silver badges12 bronze badges
2
While I generally agree with this response, I think it could be improved in a couple of ways. First, haveibeenpwned.com serves as a way to see if an email address has been associated with "dumps" containing a potential password to the account. It does not serve as a metric to measure password strength. Instead, I would reference a list of the most common passwords, as a thief who likely does not have password cracking skills is unlikely to manually test many besides these.
– svartedauden
8 hours ago
2
Second, while the suggestion of a password manager is good, I think the suggestion of a random string of 10 characters isn't in practice the ideal password for something like disk decryption or a password manager. While it's all up to personal preference, a set of words or a phrase could be easier to remember while being just as difficult if not more difficult to crack, depending on context.
– svartedauden
8 hours ago
add a comment |
If your laptop doesn't require a password, then they have your data.
If you had a password, and that password is required every time you open your screen, AND you had filevault turned on (or your company did), then they need to guess your password to decrypt the data.
But, if you had a dumb password, they can probably guess it. Check out haveibeenpwned.com to determine if you had a dumb password.
If you had a strong password, file vault, and your device requires you to enter a password, then you're probably ok.
Still, why not go through your accounts and reset them anyways. Now's a good of time as any. Get a password manager like 1password and let it autogenerate passwords for you. Choose a not-dumb password (like a truly random string of 10 characters - google a pw generator) for your password manager and memorize it.
Do the same for your new laptop password. You'll have to memorize two crazy passwords. Write them and put them in your wallet until you do remember them.
answered 9 hours ago
JonathanJonathan
1,3987 silver badges12 bronze badges
If your laptop doesn't require a password, then they have your data.
If you had a password, and that password is required every time you open your screen, AND you had filevault turned on (or your company did), then they need to guess your password to decrypt the data.
But, if you had a dumb password, they can probably guess it. Check out haveibeenpwned.com to determine if you had a dumb password.
If you had a strong password, file vault, and your device requires you to enter a password, then you're probably ok.
Still, why not go through your accounts and reset them anyways. Now's a good of time as any. Get a password manager like 1password and let it autogenerate passwords for you. Choose a not-dumb password (like a truly random string of 10 characters - google a pw generator) for your password manager and memorize it.
Do the same for your new laptop password. You'll have to memorize two crazy passwords. Write them and put them in your wallet until you do remember them.
answered 9 hours ago
JonathanJonathan
1,3987 silver badges12 bronze badges
answered 9 hours ago
JonathanJonathan
1,3987 silver badges12 bronze badges
answered 9 hours ago
JonathanJonathan
1,3987 silver badges12 bronze badges
answered 9 hours ago
JonathanJonathan
1,3987 silver badges12 bronze badges
1,3987 silver badges12 bronze badges
2
While I generally agree with this response, I think it could be improved in a couple of ways. First, haveibeenpwned.com serves as a way to see if an email address has been associated with "dumps" containing a potential password to the account. It does not serve as a metric to measure password strength. Instead, I would reference a list of the most common passwords, as a thief who likely does not have password cracking skills is unlikely to manually test many besides these.
– svartedauden
8 hours ago
2
Second, while the suggestion of a password manager is good, I think the suggestion of a random string of 10 characters isn't in practice the ideal password for something like disk decryption or a password manager. While it's all up to personal preference, a set of words or a phrase could be easier to remember while being just as difficult if not more difficult to crack, depending on context.
– svartedauden
8 hours ago
add a comment |
2
While I generally agree with this response, I think it could be improved in a couple of ways. First, haveibeenpwned.com serves as a way to see if an email address has been associated with "dumps" containing a potential password to the account. It does not serve as a metric to measure password strength. Instead, I would reference a list of the most common passwords, as a thief who likely does not have password cracking skills is unlikely to manually test many besides these.
– svartedauden
8 hours ago
2
Second, while the suggestion of a password manager is good, I think the suggestion of a random string of 10 characters isn't in practice the ideal password for something like disk decryption or a password manager. While it's all up to personal preference, a set of words or a phrase could be easier to remember while being just as difficult if not more difficult to crack, depending on context.
– svartedauden
8 hours ago
2
2
While I generally agree with this response, I think it could be improved in a couple of ways. First, haveibeenpwned.com serves as a way to see if an email address has been associated with "dumps" containing a potential password to the account. It does not serve as a metric to measure password strength. Instead, I would reference a list of the most common passwords, as a thief who likely does not have password cracking skills is unlikely to manually test many besides these.
– svartedauden
8 hours ago
While I generally agree with this response, I think it could be improved in a couple of ways. First, haveibeenpwned.com serves as a way to see if an email address has been associated with "dumps" containing a potential password to the account. It does not serve as a metric to measure password strength. Instead, I would reference a list of the most common passwords, as a thief who likely does not have password cracking skills is unlikely to manually test many besides these.
– svartedauden
8 hours ago
2
2
Second, while the suggestion of a password manager is good, I think the suggestion of a random string of 10 characters isn't in practice the ideal password for something like disk decryption or a password manager. While it's all up to personal preference, a set of words or a phrase could be easier to remember while being just as difficult if not more difficult to crack, depending on context.
– svartedauden
8 hours ago
Second, while the suggestion of a password manager is good, I think the suggestion of a random string of 10 characters isn't in practice the ideal password for something like disk decryption or a password manager. While it's all up to personal preference, a set of words or a phrase could be easier to remember while being just as difficult if not more difficult to crack, depending on context.
– svartedauden
8 hours ago
add a comment |
Even if you format (wipe) the data, someone clever enough can still recover it, but that requires some serious skills. Try to google "recovering formatted drives".
They would still need to crack your password as macs are encrypted.
answered 8 hours ago
Puértolas LuisPuértolas Luis
11 bronze badge
New contributor
Puértolas Luis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Even if you format (wipe) the data, someone clever enough can still recover it, but that requires some serious skills. Try to google "recovering formatted drives".
They would still need to crack your password as macs are encrypted.
answered 8 hours ago
Puértolas LuisPuértolas Luis
11 bronze badge
New contributor
Puértolas Luis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Even if you format (wipe) the data, someone clever enough can still recover it, but that requires some serious skills. Try to google "recovering formatted drives".
They would still need to crack your password as macs are encrypted.
answered 8 hours ago
Puértolas LuisPuértolas Luis
11 bronze badge
New contributor
Puértolas Luis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Even if you format (wipe) the data, someone clever enough can still recover it, but that requires some serious skills. Try to google "recovering formatted drives".
They would still need to crack your password as macs are encrypted.
answered 8 hours ago
Puértolas LuisPuértolas Luis
11 bronze badge
New contributor
Puértolas Luis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 8 hours ago
Puértolas LuisPuértolas Luis
11 bronze badge
New contributor
Puértolas Luis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 8 hours ago
Puértolas LuisPuértolas Luis
11 bronze badge
answered 8 hours ago
Puértolas LuisPuértolas Luis
11 bronze badge
11 bronze badge
New contributor
Puértolas Luis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Puértolas Luis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f216050%2fstolen-macbook-should-i-worry-about-my-data%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Given enough time and effort, in the worst case scenario, yes this would be possible. That's why we usually encrypt our drive(s) in order to prevent data leakage. In the meantime, you should change all your online passwords a.s.a.p.
– Jeroen - IT Nerdbox
9 hours ago