When repair personnel ask for your password

I know this was mentioned in a tech-guy episode. while a repair person has physical access to your device they can physically extract hard-drive contents (barring bitlocker). but giving them your password seems to allow much worse risk (or having no password or other security in place). report

I have enough “trust issues” that I wouldn’t be willing to give someone else my password for any reason. This is probably, in part, why I have become my own technical support.

On the other hand, it can be impossible to do support work without the necessary permissions, so I understand the request for the administration password. A possible fix for that is, for devices that support it, to establish, in advance, a second account/password just for repair people. Since you won’t be using it, remember to make the password suitably strong, but write it down (or store it in your password manager, so long as it’s synced to another device in case the device it’s for becomes completely unusable.)

When it comes to support personnel going beyond fixing the problem and snooping, I don’t think there is a way to prevent that, so the wise person should assume whatever they’ve got to hide is going to be found.

1 Like

Several cars that I had had a special key for the mechanics. They had access to the cabin and the engine bay, but not the globe box or the boot.

1 Like

It dawns on me that Apple Macs might have a partial solution to this if you followed my advice to have a second account ready for a repair person. I believe that the secured files in Macs are secured by your user password. Since I’m not a Mac user, I don’t know if the files also support a backdoor for admin users. If the files are encrypted and only available to the user via their logon password (I have my doubts about this, but again if) then those files should be secured from snooping by an admin.

In any case every user on the major platforms can make this setup on their own if they want… just use a file system (FUSE) like Veracrypt.

I remember some cases where linux offered to encrypt user home when I set up a new account. unfortunately options for mobile are more limited.

Rule number one: whenever you send anything in for repairs back it up then wipe the drive.

1 Like

That isn’t always possible.

My first iPhone broke within 2 days of having it. I’d just loaded all my data on it, when it siezed up. I couldn’t turn it off, I couldn’t reboot it, I couldn’t reset it - long press of power button didn’t reboot, it just continued to be unresponsive. The only way would have been to wait 4 or 5 days for the phone’s battery to run flat, then recharge and try and reset, before it froze again.

It was sent back to Apple “as is”, because even the dealer couldn’t reset it. When it came back, it worked for a day, before locking up again. I was sent back again and when I got it back, it locked up when I was still in the shop! Each time it had come back as no fault. I kicked up a stink in the shop the third time and lo-and-behold, they found the memory chips were defective and I got a new phone! But 3 days use in the first 6 weeks of ownership! But that is by-the-by.

Another time, my Samsung Ativ tablet stopped booting. Sealed unit, can’t power on, no way to wipe the data from the internal drive.

And a Surface Pro 3 with a dead battery - funny thing with the Surface Pro, if the battery is dead, you can’t use it, even when it is plugged into the mains, it detects the battery is dead and turns itself off! After 20 attempts, I managed to get it running long enough to do a safe boot and tell it to reset the machine. It turned itself off again at 2% formatting the drive. I hope the drive was scrambled enough (Bitlocker + failed format) that the data couldn’t be read.

A phone with a broken screen or damaged board will be the same, no chance to wipe the data before it is sent for repair. You have to be able to trust the repairer sometimes.

In most cases, if I’m sending in something for repair, its due to it being dead. I don’t normally have the option to wipe ahead of time. Though I wish I did.

1 Like

Imagine a crazy world where the phone was modular, and you could just replace the built in storage, or display, or battery, or… I know crazy right! :wink:

3 Likes

Well, at least two crazy manufacturers (SHIFT and Fairphone) are still going at it.

And of course “removable battery” is easy enough to do, so even name-brand manufacturers still offer one or two models with that feature: Best Smartphones With A Removable Battery In 2021 - Technobezz

1 Like

I work for a big box retailer in Australia and deal with a number of customers who will check in their devices for repair. I always stress backing up and wiping the device before we send it. We also have a clause that “data may be wiped in the process of repair” to which I usually say that it will definitely be wiped and then wipe the unit before we send it. Id rather not deal with that phone call if a repairer goes rogue.

1 Like

True - you do. I tell people all the time that I don’t want them to give me a password, but to change it just for the work that I’ll be doing and make it something unique for that purpose. I don’t do much recovery anymore but I do one or two per year it seems. Sometimes to get into a drive of a deceased relative. I always have the ability to say “no” to the work - which is good for me.

1 Like