How to hand off your Mac for repair without worrying about insecure data on an SSD
Unfortunately, there’s not. As Don recognizes, if you create a separate account, but give that account administrative privileges that will be needed for testing and diagnosis, that administrative account can effectively see any files on the decrypted drive while the computer is running. It takes slightly more effort than just logging in, but they’re all available.
Don started in absolutely the right way, which is to use FileVault from the beginning with an SSD. Because of the way an SSD’s management software distributes wear evenly to prevent premature failure of parts of the drive, you can’t be sure that none of your data is recoverable by a determined-enough party.
I consulted Rich Mogull, a security expert, who writes for Macworld and TidBITS, and he noted:
He also agreed with Don’s concern and my assessment, that only wiping the drive and reinstalling OS X will provide the privacy Don wants:
In my experience, when I’ve had a problem with a new-ish laptop, within the first few months, the odds of getting back the unit with the hard drive intact are very low, so you’re probably not making that much more work for yourself in the end: you’ll want to make a backup (or two) anyway, and you’ll need to restore if they replace the drive or the entire laptop.
We’re always looking for problems to solve! Email yours to mac911@macworld.com including screen captures as appropriate. Mac 911 cannot reply to email with troubleshooting advice nor can we publish answers to every question.