Posted 27 May 2014 - 11:39 AM
Seems that one big lesson from that thread on the Apple site is to set a passcode for your iOS devices, which I have always done. For those that did this, they could get back into their devices without having to wipe them. This does not help anyone after the fact, however.
It is unclear to me if you can do something similar with a Mac. It appears a firmware password does not serve the same purpose as there is a note/disclaimer in Apple's tech note on using "Lost Mode" that setting up a firmware password on a Mac and then having it locked with Find My Phone would result in one needing to take it to an authorized repair center to unlock it. I cannot tell if the normal user password would serve this function. I may have to experiment with things a bit.
The other worthy suggestion from the thread is to setup two factor authentication with one's iCloud account. Of course, that will not help anyone after the fact either. I have to admit that I am a bit leery about this. I am leery in general of two factor authentication. Yes, it is good from a security point of view, but depending on how it is implemented, it has the potential to be a real pain from a usability point of view. In the case of an AppleID, it seems like it does not really interfere with the usability aspect as you only need to use it to change a password or other details of your AppleID account or to make a purchase on a new device (assuming you use that AppleID to make purchases). The part that makes me leery with respect to an AppleID is that Apple explicitly states that if you get locked out of your AppleID with two-factor authentication turned on, then there is nothing they can do to help you. I understand this is to prevent "social engineering" ways of calling into Apple and tricking Apple employees to allow access to your account, but it seems to be a bit overboard.