Note that this does not work with a Mac, if you are running as an administrator. In fact, Screen Time will discourage you from setting a Screen Time passcode for an administrator account. An admin can still access items restricted by Screen Time.
Years ago there was a push to discourage users from running as admin for security reasons, but in my experience this proved impractical (for one thing, I never got any software updates unless I was running as admin). I checked with some prominent Apple people at the time, and they were all running as admin.
I suppose this might concern people who use laptops in public places, or anyone worried about hidden cameras in their living spaces.
never got any software updates unless I was running as admin
Edited per request…hope this is more clear.
Long time sysadmin here…running as admin for your daily driver is…choosing poorly…too easy to screw something up and too easy for a phish or bogus website or whatever to do Bad Things to your computer…and It’s quite easy to just provide admin credentials when necessary. Although TBH…with the sealed system volume we have now it is probably more the user screw up will be a problem than the bogus website or whatever.
Updates install just fine logged in as non admin…although with Ventura for macOS updates you have to provide first an admin password and then the currently logged in used password before they install. And IMO, setting updates for auto install is likewise a bad idea…other than the security updates and system files which should auto install IMO…more than one update has been pulled after release because of various issues…much better to wait a day or three for any reports of Bad Things Happening.
I would be curious as to how many users here run as non-admin or (like me) have found the specified trade-offs make it impractical.
The point remains that if someone gets both your computer and your admin password, they can lock you out of your account as specified in the article, and the Screen Time trick won’t stop them.
Remember: the issue we are talking about is a thief (or team of thieves) who shoulder-surfs you as you enter your passcode on your phone (usually forcing passcode entry by offering to take your photo and then disabling FaceID or Touch ID with a key sequence) and then steals the phone and locks you out of your Apple ID by using the passcode only to change the password on your Apple ID, and also changing trusted phone numbers and adding a recovery key to prevent you from regaining access to your account. Meanwhile they have access to financial data, etc., that may be stored on your phone. A Mac is probably not a likely target of this attack.
Anyone spending a lot of time using a MacBook in a public place might take Neil’s suggestion to heart and run as non-admin while disabling Apple Account access with Screen Time. In the event (unlikely, yes, but not unimaginable) someone across the room has been filming you entering your password, upon stealing your MacBook they would not be able to gain access to your Account.
I run as non-admin. I have read discussions of benefits and costs, and concluded (rightly or wrongly) that there is a small benefit and a smaller cost. However, I am not a power-user, and I recognize that other people might experience greater difficulties or other people might rate the same difficulties as more severe.
Just to be clear, the whole point of the previous article and thread, which I broke this out of, is to use Screen Time on the iPhone. The Mac isn’t relevant to the particular discussion, unless I suppose you’re typing in your login password in a coffee shop and someone observes you and then steals your Mac. But there’s been no suggestion that happens.
For the paranoid among us, the coffee-shop-password-stealing scenario is exactly the kind of security gap that might keep us awake at night. One unsecured device could bring down the whole house.
Adam, do you run as admin or non-admin? Or does this sort of thing not keep you awake?
I always run as admin. I’ve just never seen any utility in putting roadblocks in my everyday use of the Mac. The more requests we get to authenticate, the less attention we pay to them.
I would echo Adam on this, adding only to also have a second admin account. I’ve had issues (well, one time anyway) where an upgrade somehow hosed the main acct on a Mac, but having a second acct saved the day.
Over the years I’ve run in both configurations. What I got out of the comparison is that it really depends on what your daily workflow is. I tend to install, test, and remove software, drop into terminal, poke around at the “innards” of my Mac, debug stuff, light software development and build. It’s more convenient to me to run as an admin rather than logging in/ssh/su to an admin user to get privileges to do some lower level things I need to do via command line. (and yes, I know you can add any user to the sudoers file so they can elevate privileges, but if you’re going to do that, then why not just run as an admin).
The more “power user” that you are, the more the needle swings to running as a user with admin privileges. The less “power user” and tech savvy that you are (users who just runs mail, web browsing, word processing, spreadsheets, light photo editing, video editing, etc.), the needle swings to running as an non-privileged user.
But… I no longer use a laptop. My systems are static on my desk. Perhaps I’d have a second thought about running with an non-admin account if I were moving about with a laptop in public areas.
For those interested in further reading, Howard Oakley wrote a short article on the topic earlier his year, and some of the article comments are worth reading, too:
On the other end of the spectrum, if you are very concerned about securing your devices, I can recommend the much, much, much more technical Center for Internet Security’s series of CIS Benchmarks, which give very detailed instructions for locking down particular versions of operating systems, including macOS and iOS.
The CIS Benchmarks are not for the faint of heart and definitely are overkill for most home users, but if you walk through the benchmarks and apply them selectively depending on your own situation, they can be very useful for raising awareness of issues that aren’t obvious. In particular, if you are running an old version of macOS that no longer is getting updates from Apple, and it is consistently connected to the Internet, you may get some useful ideas from the benchmarks.
PS. CIS also has security benchmarks for a handful of apps, including Safari, Firefox, Chrome, Zoom, and Office.
Oh yes, I always have a “Ghost in the Machine” admin account that’s almost completely clean for testing and troubleshooting. It is logged into my iCloud account, but I otherwise don’t change default configurations.
This thread got started when I read Adam’s article about securing iCloud accounts on iOS using Screen Time (which he has eventually concluded doesn’t quite work, or always work). I wondered if the same trick would secure iCloud accounts on Mac.
Turns out, it doesn’t work at all. iCloud accounts remain accessible on Mac whether you are a standard or admin user. I tested this by changing my user account to standard, and setting a Screen Time passcode. My iCloud accounts did not gray out (as they do in iOS and iPadOS).
I’ve changed my user account back to admin for reasons similar to Adam and Technogeezer. Using the Terminal as a standard user was a particular hassle. As the Howard Oakley article cited by josehill points out, the security benefits of a standard over an admin account are minimal these days.
And most IT security professionals would disagree with that approach…
Everybody makes their own decisions…and even if your account has admin privy…you will still get asked or your password for some things…and I might have had 2 requests in the past week for an admin password maximum.
I have a College account, non admin, which is the account I use with my MBPro16 while on campus. I have to demo too much and my laptop is up and running during class. At home or in my studio I login with my main admin account.
I’ve used a non-admin account as my main account since, if I recall correctly, Tiger or Leopard. I think early on I did have to do installs and updates from my admin account but that hasn’t been a requirement for quite some time. In any case, I very rarely log-in as admin now unless I’m troubleshooting.
I run as admin on my MacBook (the one that I use 99% of the time) but I have an always-running Mac Mini in the house that is a media server (mostly) and also runs spamsieve to capture spam on the mail accounts that have poor server-side spam filtering, and that one automatically logs in to a non-admin account.