Apple's support document has two suggestions to increase security with Back to My Mac:
- Enable the "Require a password after sleep or screen saver begins" setting.
- Lock the screen manually before ending a remote login session.
What happens if I don't take these suggestions? Regarding the first suggestion, doesn't macOS anyway prompt for a password before allowing remote access, in which case what good does the screensaver password do?
Regarding the second option, doesn't macOS automatically lock the screen when a remote session ends, so that someone physically in front of the computer can't access your data? It would be shocking if it didn't.
The way my Mac is currently configured is to use a separate login password from my Apple ID password, both of which are strong passwords. And my Apple ID uses 2-factor auth. I'm trying to figure out if enabling Back to My Mac decreases the security of the machine, and if so, in what way.