In the previous post, I described some of the barriers to using FileVault 2 to protect data on a laptop hard drive. I have since made some discoveries that shine a light in what looks like a pretty dark corner of OS X. In the previous post I conclude that FileVault 2 offers no protection against data snoops because OS X unlocks the disk when an administrator logs in. The security afforded by an administrator account can be circumvented in a matter of minutes. Under 10.7, a user could not access the system login screen until entering in the disk password. It appears that Mavericks can be made to work this way. The older behavior occurs if the disk is encrypted using the “encrypt” item from the contextual menu that appears when ctrl- or right-clicking on the disk icon on the desktop. The insecure behavior occurs if the disk is encrypted using the FileVault 2 system preferences pane. I take it that the password is required to access the disk even if the machine is booted from an external disk. The machine cannot be booted into single user mode until the disk access password is entered, which defeats one of the ways most likely to be used to take control from an administrator.
I conclude that the combination of a good disk access password and a good administrator password offer effective data security against data snoops, unless they have access to a quantum computer.
I wonder if storing sensitive files on an encrypted disk image would provide still increased security, beyond what is afforded by requiring the user to enter an additional password.