Take control of passwords in Mac OS X [2nd ed] 9781933671673, 193367167X

You'll also learn how to handle: Passwords on your Mac (login, master, root, firmware, email, AirPort, keychains) I

583 114 4MB

English Pages 121 Year 2010

Report DMCA / Copyright

DOWNLOAD FILE

Polecaj historie

Take control of passwords in Mac OS X [2nd ed]
 9781933671673, 193367167X

Table of contents :
Cover......Page 1
Table of Contents......Page 2
Updates and More......Page 4
Basics......Page 5
What’s New in Version 2.1......Page 6
What Was New in Version 2.0......Page 7
Introduction......Page 8
Passwords Quick Start......Page 10
Consider Your Risk Level......Page 11
Use an Ounce of Prevention......Page 13
Understand Password Security......Page 14
Understand the Two Password Types......Page 17
Figure Out the Right Password Type......Page 18
Learn the Pros and Cons of Reusing Passwords......Page 20
Understand Optimal Password Length......Page 21
Strategy A: Rely (Mostly) on Technology......Page 25
Strategy B: Rely (Mostly) on Your Brain......Page 28
Choosing a Strategy: Joe’s Recommendation......Page 30
Create Security Passwords......Page 32
Devise a Pattern for Identity Passwords......Page 35
Use Password Assistant......Page 39
Take Action!......Page 41
Login Passwords......Page 42
Master Password......Page 49
Root Password......Page 52
Firmware Password......Page 53
Wireless Network Password......Page 56
File Sharing Password......Page 57
Keychains......Page 58
Use Keychain Access......Page 62
Understand Common Keychain Types......Page 63
View Your Passwords......Page 64
Change Access for a Password......Page 67
Add or Change Passwords......Page 68
Delete Passwords......Page 69
Change Keychain Settings......Page 70
Change the Default Keychain......Page 71
Add or Delete a Keychain......Page 72
Add Notes to a Keychain......Page 74
Repair Damaged Keychains......Page 76
Solve the “login” Keychain Prompt Problem......Page 77
Use the Keychain Menu......Page 79
Use Passwords on the Web......Page 80
Choose Good User Names......Page 81
Fill Out Forms Automatically......Page 83
1Password......Page 88
Other Password Generators......Page 93
Other Password Managers......Page 94
Biometric Devices......Page 102
Avoid the “Weakest Link” Problem......Page 105
Use Wireless Networks Safely......Page 107
Change Your Passwords......Page 110
Recover Forgotten Passwords......Page 111
Back Up Your Passwords......Page 113
Prepare an Emergency Password Plan......Page 114
About the Author......Page 117
Production Credits......Page 118
Copyright and Fine Print......Page 119
Featured Titles......Page 120
1Password Coupon......Page 0

Citation preview

Check for Updates



Make sure you have the latest information!

TidBITS Publishing Inc.

Take Control of v2.1

Passwords

Mac OS X d n o in

c e S tion

Joe Kissell

edi

$10

Help Catalog Feedback

Blog Order Print Copy

Table of Contents  

READ ME FIRST 4   Updates and More................................................................... 4   Basics ................................................................................... 5   What’s New in Version 2.1 ....................................................... 6   What Was New in Version 2.0................................................... 7  

INTRODUCTION 8   PASSWORDS QUICK START 10   ASSESS YOUR PASSWORD NEEDS 11   Consider Your Risk Level.........................................................11   Use an Ounce of Prevention ....................................................13  

LEARN PASSWORD BASICS 14   Understand Password Security.................................................14   Understand the Two Password Types ........................................17   Figure Out the Right Password Type .........................................18   Learn the Pros and Cons of Reusing Passwords ..........................20   Understand Optimal Password Length.......................................21  

CHOOSE A PASSWORD STRATEGY 25   Strategy A: Rely (Mostly) on Technology...................................25   Strategy B: Rely (Mostly) on Your Brain ....................................28   Choosing a Strategy: Joe’s Recommendation .............................30  

GENERATE GOOD PASSWORDS 32   Create Security Passwords ......................................................32   Devise a Pattern for Identity Passwords ....................................35   Use Password Assistant ..........................................................39   Take Action!..........................................................................41  

UNDERSTAND MAC OS X’S PASSWORDS 42   Login Passwords ....................................................................42   Master Password....................................................................49   Root Password ......................................................................52   Firmware Password ................................................................53   Email Password .....................................................................56   Wireless Network Password .....................................................56   File Sharing Password ............................................................57   Keychains .............................................................................58   2

USE KEYCHAIN ACCESS 62   Understand Common Keychain Types .......................................63   View Your Passwords..............................................................64   Change Access for a Password .................................................67   Add or Change Passwords .......................................................68   Delete Passwords...................................................................69   Change Your Keychain Password..............................................70   Change Keychain Settings.......................................................70   Change the Default Keychain...................................................71   Add or Delete a Keychain........................................................72   Add Notes to a Keychain .........................................................74   Repair Damaged Keychains .....................................................76   Solve the “login” Keychain Prompt Problem ...............................77   Use the Keychain Menu ..........................................................79  

USE PASSWORDS ON THE WEB 80   Choose Good User Names .......................................................81   Fill Out Forms Automatically....................................................83  

USE THIRD-PARTY PASSWORD TOOLS 88   1Password ............................................................................88   Other Password Generators.....................................................93   Other Password Managers.......................................................94   Biometric Devices ................................................................ 102  

KEEP YOUR PASSWORDS SECURE 105   Avoid the “Weakest Link” Problem.......................................... 105   Use Wireless Networks Safely ................................................ 107   Change Your Passwords........................................................ 110   Recover Forgotten Passwords ................................................ 111   Back Up Your Passwords ....................................................... 113   Prepare an Emergency Password Plan..................................... 114  

ABOUT THIS BOOK 117   Ebook Extras....................................................................... 117   About the Author ................................................................. 117   Author’s Acknowledgments ................................................... 118   Shameless Plug ................................................................... 118   About the Publisher.............................................................. 118   Production Credits ............................................................... 118  

COPYRIGHT AND FINE PRINT 119   FEATURED TITLES 120   1PASSWORD COUPON 121   3

Read Me First Welcome to Take Control of Passwords in Mac OS X, Second Edition, version 2.1. If you’re overwhelmed with too many passwords to remember or concerned that your passwords may not be safe, help is on the way. This book tells you everything you need to know about choosing, remembering, and managing passwords of all kinds—with special attention to those used when accessing Web sites with a Mac, iPad, iPhone, or iPod touch. This book was written by Joe Kissell, edited by Caroline Rose, and published by TidBITS Publishing Inc. Copyright © 2009, 2010, Joe Kissell. All rights reserved. If you have an ebook version of this title, please note that if you want to share it with a friend, we ask that you do so as you would a physical book: “lend” it for a quick look, but ask your friend to buy a new copy to read it more carefully or to keep it for reference. Discounted classroom and Mac user group copies are also available.

UPDATES AND MORE You can access extras related to this book on the Web (use the link in Ebook Extras, near the end of the book; it’s available only to purchasers). On the ebook’s Take Control Extras page, you can: • Download any available new version of the ebook for free, or purchase any subsequent edition at a discount. • Download various formats, including PDF and—usually—EPUB and Mobipocket. (Learn about reading this ebook on handheld devices at http://www.takecontrolbooks.com/device-advice.) • Read postings to the ebook’s blog. These may include new information and tips, as well as links to author interviews. At the top of the blog, you can also see any update plans for the ebook. • Get a discount when you order a print copy of the ebook. 4

BASICS In reading this book, you may get stuck if you don’t know certain fundamental facts about using your Mac or if you don’t understand Take Control syntax for things like working with menus or finding items in the Finder. Please note the following: • Menus: Where I describe choosing a command from a menu in the menu bar, I use a compact description. For example, to create a new folder in the Finder, you choose New Folder from the File menu; I’d abbreviate this as “File > New Folder.” • Finding System Preferences: I sometimes refer to settings in System Preferences that you may want to adjust. To open System Preferences, click its icon in the Dock or choose Apple () > System Preferences. In the System Preferences window, click the icon of the pane whose settings you want to adjust. I refer to these panes with an abbreviated notation such as “the Network preference pane.” • Finding an application’s preferences: I often refer to preferences in an application that you may want to adjust. Don’t confuse an application’s preferences with the system-wide settings found in System Preferences. To access an application’s preferences, choose Application Name > Preferences. For example, in Disk Utility, you would choose Disk Utility > Preferences. Within some applications, all preference controls appear in a single window. In others, a bank of buttons is located across the top, or a list of categories along the side; in those cases, click a button or category to display a pane with a corresponding range of preferences. Instead of providing detailed directions each time, I may use an abbreviated notation such as “go to the General preference pane.” • Path syntax: I occasionally use a path to show the location of a file or folder in your file system. For example, Mac OS X stores most utilities, such as Terminal, in the Utilities folder; the path to Terminal is /Applications/Utilities/Terminal. A slash at the beginning of a path tells you to start from the root level of the disk. You’ll also encounter paths that begin with 5

~ (tilde), which is a shortcut for the current user’s home folder. For example, if the person currently logged in has the user name joe and

wants to install fonts that only he can access, he’ll put them in his ~/Library/Fonts folder, which is just another way of writing /Users/ joe/Library/Fonts. • Volumes and partitions: I follow Apple’s terminology in referring to any disk or partition on a disk as a volume. So if a hard disk has not been partitioned, it has just one volume. If a disk has been partitioned, each partition is a volume. • Passwords and passphrases: You may sometimes hear the word passphrase used instead of password; this implies a longer set of characters, perhaps a series of words. For the purposes of this book, I generally stick with the term password, with the understanding that it’s not necessarily a word as such but any string of characters (which could, certainly, include a phrase). • iOS devices: The iPhone, iPod touch, and iPad (as well as, perhaps, future devices) all run Apple’s iOS operating system (known as iPhone OS before version 3.2.1). In some contexts, I use the shorthand “iOS device” to refer to any of these devices. Note, though, that some apps I discuss here work only on some iOS devices—so if I spell out device names, that’s usually why.

WHAT’S NEW IN VERSION 2.1 In this minor revision, I’ve updated the book to reflect the latest information about Mac OS X 10.6 Snow Leopard, iOS devices, 1Password, and other third-party products. Among the most significant changes are these: • Revised the discussion of 1Password (p. 88) to reflect the latest version (3.x) at publication time, as well as current versions for iOS • Updated the list of Desktop Password Managers (p. 95) with the latest facts, and added mention of the popular LastPass service/ software • Corrected information in Biometric Devices (p. 102) about using UPEK’s Eikon fingerprint scanners with 1Password 6

What Was New in Version 2.0 Version 2.0 was a major revision to the book, with many changes scattered throughout. The book was thoroughly updated with information on Mac OS X 10.5 Leopard, had all new graphics, and contained numerous small corrections and adjustments. Among the other significant changes were these: • A new chapter, Choose a Password Strategy, that outlines two broad approaches to thinking about and using passwords • Division of the chapter previously titled “Generate Good Passwords” into two parts: Learn Password Basics, which provides background information, and Generate Good Passwords, about the nuts and bolts of creating passwords (with or without the help of software) • Instructions on changing an administrator password even if you don’t have a Mac OS X Install disc in Reset an Administrator Password • Coverage of password managers that sync data between your Mac and iPhone or iPod touch in Use Third-Party Password Tools • A significantly expanded discussion of 1Password • Revised and expanded discussion of Other Password Managers • Information on using the UPEK Eikon fingerprint scanners in Biometric Devices

7

Introduction I have a love-hate relationship with passwords. Well, mostly hate. I understand that passwords help keep my computer, my private data, and my money safe, but for many years, every time I was asked to come up with yet another password (for a Web site, a Mac OS X user account, or any of a dozen other purposes), I’d grumble. I felt, as many people do, that it took too much mental effort to produce and remember all those passwords. On the other hand, I didn’t want to take the easy way out—choosing a simple, memorable password and using it everywhere—because I worried that I was putting my valuable information at risk. I didn’t want to sacrifice security for convenience. In addition, I lacked a clear understanding of how to go about selecting good passwords, and I was unsure what the security implications were for each of the contexts in which passwords are required. For example, Mac OS X requires passwords for a bewildering array of purposes: logging in, securing a computer’s firmware, encrypting home folders, checking email, connecting to MobileMe, and more. What are all those passwords for? Do I need to use them all? What sorts of passwords can I use in which places? Even computer geeks like me wonder about these things. I decided to get to the bottom of this whole password business once and for all. This book is the result of my research and experiments. In it, I show you how to choose good passwords without overtaxing your brain. I explain when you need heavy-duty passwords and when you can get away with less secure ones. I cover all the kinds of passwords an average Mac OS X user will encounter, and describe how and when to use them. And I discuss a variety of tools and methods you can use to simplify your interactions with passwords. In short, this book enables you to take control of your passwords once and for all!

8

To keep this book from being unreasonably long, I’ve made some assumptions: • I’m writing for ordinary computer users, not technical wizards or security experts. If you’re looking for detailed information on encryption algorithms or the like, this isn’t the place. • Along the same lines, I assume that you’re not protecting state secrets or billion-dollar fortunes with your passwords. For that sort of security, you’ll need more password mojo than I offer here. Also, I only skim over certain topics related to passwords, such as user accounts, wireless networks, keychain synchronization, and file sharing. For more information on these topics, I refer you to other Take Control titles. For this edition of Take Control of Passwords in Mac OS X, I’ve taken a long look at what has happened since the book’s original publication in 2006. I’ve significantly modified my thinking on a few topics, adopted some new techniques, and begun to use hardware and software products that weren’t available when I wrote the first edition. And I’ve watched Mac OS X evolve through a couple of major revisions, seen Apple complete its shift to Intel processors, and witnessed the birth and growth of the iPhone, iPod touch, and iPad. So I’ve updated the book with the latest in technology and my current advice. This version of the book is written primarily for users of Mac OS X 10.6 Snow Leopard or Mac OS X 10.5 Leopard. Nearly all of this book also applies to 10.4 Tiger, with some minor differences in wording and the like, which I’ve called out in most cases. However, I no longer cover earlier versions of Mac OS X at all. To keep up to date with any significant changes to this book’s advice, click Check for Updates on the cover.

9

Passwords Quick Start You can read this book in any order, since I’ve included plenty of cross-references to help you find the information you need. However, I urge you to begin with Assess Your Password Needs and read at least up through Choose a Password Strategy, to get valuable background information that will help you understand everything else better. Beyond that, skip to whichever part of the book addresses the issues you’re most concerned about.

• Gauge the level of password security you likely need by reading Assess Your Password Needs. • Read Learn Password Basics to learn the fundamentals of password security, including the difference between passwords that truly protect something and those that merely identify you. • Decide on the best overall approach to password management for your needs: read Choose a Password Strategy. • Learn painless ways to create your own great passwords in Generate Good Passwords. • In Understand Mac OS X’s Passwords, find out how to choose and use all the major kinds of passwords in Mac OS X, including login, firmware, and email passwords. • Read Use Keychain Access to learn about a tool Apple includes with Mac OS X that lets you secure, repair, and optimize the keychains in which your passwords are stored. • In Use Passwords on the Web, learn how to select, store, and fill in user names and passwords for Web sites. • If the password programs included with Mac OS X provide too little oomph, turn to more-capable utilities from other developers. See Use Third-Party Password Tools. • Read Keep Your Passwords Secure for tips on protecting your passwords from thieves and hackers. 10

Assess Your Password Needs We’re all at different points on a continuum of password needs. Although I do have strong opinions about passwords and do make numerous recommendations in this book, I want to begin by putting those opinions and recommendations in context. Only you can decide which choices are best for you. To help you do that, I’d like to say a few words about ascertaining how much password-related risk you have and how that should guide your decisions.

CONSIDER YOUR RISK LEVEL I live in a major city, in close proximity to my neighbors. Although there happens to be a police station on my block (making me feel a bit safer), thefts and robberies are not at all uncommon in this area. I own several computers, use wireless networks extensively, do most of my banking and bill paying online, and work at home. On a daily basis, automated programs try to infiltrate my computers to send spam, run chat servers, and scan for personal information. In short, when it comes to the kinds of things I use passwords for, my level of risk is fairly high. I have excellent reasons to take significant precautions with my computers and with the resources they access— everything from my bank accounts to the servers that keep my business online. In contrast, consider a hypothetical person I’ll call Scott. Scott lives in a rural area where the biggest crime in the last year was someone running a red light. People in Scott’s community don’t lock their doors, and their home security systems are noisy dogs. Although Scott surfs the Web frequently, it’s only for recreation; he does his banking in person or over the phone and pays his bills by mail. He has a single Mac, and no particular harm would come from a stranger looking at all the files on his hard disk or reading his email. Scott’s risk level is extremely low, and therefore he has no need to take precautions that in my case would be common sense; for Scott, they’d be unnecessary effort. 11

Most of the recommendations in this book are based on what I do personally. I err on the side of caution; my anxiety level about protecting my money and my information is based on past experience and the facts of my situation. I feel confident that the amount of effort someone would have to expend to figure out my passwords, get past the security measures I’ve used, and access my accounts is so far out of proportion to what they could gain from it that I’m as safe as I need to be. By using a few simple techniques, I’ve made the process of creating and using good passwords reasonably easy; for me, that’s the right trade-off between convenience and security. Your situation may differ. On the one hand, you might be charged with protecting highly confidential records or managing vast sums of money. You might live or work in an especially insecure place. You might have well-funded enemies who are intent on destroying your reputation or your business. If so, you should use the strongest and most paranoid options I offer; the extra effort, in your case, is justified. On the other hand, you might be more like Scott. You might have little to lose, and it might be almost unthinkable that a stranger would get physical access to your computer. You’d suffer, at worst, minor inconvenience if someone got past your passwords. If this describes you, you should opt for the simplest and least awkward options. In any case, I want to make it very clear that it’s up to you: If you feel that some of my recommendations are inappropriate for your situation, please don’t hesitate to ignore (or modify) them. Choose a shorter or more memorable password than what I suggest. Use the same password in more than one place. Keep your passwords written down in a notebook beside your computer. Or, at the other extreme, memorize a long list of insanely complex passwords and don’t entrust them to any other person or machine. Just make your decisions carefully and thoughtfully after considering the safety factors I describe and your specific situation. Having said that, I should point out that the level of risk you perceive and your actual level of risk may be two different things. I’ve known lots of people who didn’t think they needed to back up their hard disks until they’d lost their data somehow, and people who didn’t take out adequate insurance until after they’d suffered a physical loss. The same thing is true when it comes to your passwords; threats can come 12

from unexpected places—and your password needs could change unexpectedly. For example: • A vengeful ex-spouse who knows your passwords decides to clean out your bank account or send nasty email messages in your name. • Someone watches over your shoulder as you type the password for your bank account at a computer in the library. • Your computer spends most of its time in a college dorm room, where people come and go frequently, and someone decides to take the opportunity to access your student records. • A geeky neighbor hacks into your Wi-Fi network and starts reading the email you send and receive. I mention these things not to frighten you but to help you think soberly and sanely about risks. If you’re unsure how easily someone could access one of your password-protected accounts or how much damage they could do if they did, it pays to be more cautious.

USE AN OUNCE OF PREVENTION You know the old saying: an ounce of prevention is worth a pound of cure. If there’s one concept I want you to take away from this book, it’s this: you can achieve a tremendous amount of security with surprisingly little effort. For example, coming up with and remembering lots of passwords, although it may seem daunting, is actually not hard at all. In most cases, you can let your computer generate and remember passwords for you, requiring no thought whatsoever. Alternatively, if you follow my suggestions for using patterns, you can almost instantly come up with (and recall) strong passwords whenever they’re needed—even if you don’t have access to the computer you normally use. Either way, the difference in effort between low security and high security is often tiny. When it costs so little to gain so much peace of mind, you may choose to take greater precautions than you might need, in the hope of saving yourself significant problems later.

13

Learn Password Basics A goal of this book is to teach you how to choose good passwords. All passwords are not created equal; you should understand a bit about how passwords work and what makes one password better or worse than another. The circumstances in which a password is used also have implications for its security. Even if you ultimately rely on a password generator to make good passwords for you, you should be aware of things like how the number and types of characters correspond to the level of security provided.

UNDERSTAND PASSWORD SECURITY Before you can choose an appropriately secure password, you should know the basics about how passwords work. Imagine that you need to protect something valuable from a hypothetical thief who wants to get to it, and that a password functions as the lock that stands between the thief and your valuables. For starters, let’s say the password is just a single character, limited to digits (0 through 9). No matter which password you chose, it’s clear that any thief could figure it out in a maximum of ten tries—meaning it’s not very secure. Suppose, though, that the single-character password could use not only digits but also all 26 letters in the English alphabet. Then there are 36 possible passwords, which is more secure because it would take significantly more tries to guess the right character—although the thief might, of course, get lucky and guess correctly sooner rather than later. Next, imagine a case-sensitive context, in which capital letters and lowercase letters count as different characters, so that if the password is A, entering a won’t work. Now there are 62 possible passwords. Add the option of using any of 33 common punctuation characters (such as #, %, or /) and the number of possible combinations rises to 95. Although statistically this is a far cry from the original 10, it still wouldn’t take terribly long to try 95 characters, especially if the thief used a computer to try them all instead of entering each one manually.

14

But add a second character to the password, and the number of options goes way up, to 9,025 possibilities (95 x 95). With eight characters in the password, the number of possible combinations rises to 6,634,204,312,890,620 (958)! Of course, a thief doesn’t have to type all these combinations manually. A determined culprit might resort to a brute force attack, in which a computer generates and attempts every possible combination of characters in sequence. Brute force attacks can take a long time but are guaranteed to succeed eventually. However, “eventually” could be so long that you need not worry. If the thief used a very fast desktop computer that could check ten million passwords per second, and if your eight-character password contained alphanumeric and punctuation characters (95 possible choices for each character), it could take up to 21 years for the computer to guess it— though on average it would take half that time (since the correct password probably wouldn’t be the very last one it tried). If the thief had a large supercomputer (or a thousand fast desktop computers networked together), this time would drop to a little more than a week. But if you added just one more character to the password, even a supercomputer would need nearly 4,000 years to figure it out! (I say more about the computational effort required to crack passwords ahead, in Length of Random Passwords.) So for all practical purposes, a nine-character password with alphanumeric and punctuation characters is effectively uncrackable—but only if it’s random, because thieves (and their computers) are likely to try more predictable passwords before deploying a brute-force attack. Most of us don’t select completely random passwords, though, because they’re hard to remember—but easier-to-remember passwords are also easier to guess. For this reason, you would be unwise to choose as a password the name of your spouse, pet, or best friend. Similarly, using common numbers (your date of birth or anniversary, your phone number, your Social Security number) is a bad idea, because those strings of characters may be among the first a thief would try. Another common tactic (employed in both manual and computergenerated attacks) is to try sequences of characters that form easyto-remember patterns on your keyboard. For example, the string

15

rfvujm may appear random at first glance, but it’s made by pressing

two parallel diagonal rows of keys on an English QWERTY keyboard. Any such pattern makes a password less secure. If those simple attempts fail, a thief might move on to a dictionary attack, in which a computer runs through every word in a long word list as a possible password and then, failing that, tries combinations of words. (Despite the name, a dictionary attack isn’t necessarily restricted to words from a real dictionary; it can include slang, misspellings, non-English words, and other common combinations of characters.) Since you’re far more likely to choose a password using the word dog than the string ogd, chances are that this approach will yield results faster than a brute-force attack. A typical dictionary attack in a case-sensitive context might start with words in all-lowercase letters (since they’re the easiest to type) and move to capitalized and then all-capital words. Later it might try words in combination with numbers, but trying every combination of lowercase and capital letters for every word makes the attack much more time-consuming. Taking all this into consideration, you might choose an entirely random combination of characters, such as 8hj#1Qf9. No thief would ever guess it, and a computer would have to resort to a hopelessly long brute-force attack. But such an odd mixture of characters might be hard for you to remember, so you’d be tempted to write it down somewhere. If the thief were to find it written down (or stored in a file on your computer)—and he’d surely search thoroughly—he’d be able to break in almost instantly. D!cti0n@ry: Modern dictionary attacks also try common variations on standard spellings, such as replacing a with @ and E with 3. What should you take away from this discussion? When choosing a password, keep in mind the following: • Never use names or numbers that are obviously connected to you. • Avoid words that can be found in a dictionary (any dictionary). • If a password is especially easy to type or forms a pattern on the keyboard, it’s not secure. 16

• Longer passwords are more secure than shorter passwords—and more secure still if they’re random. • If you write down your passwords, keep the paper on which they’re written in a safe place, and jumble the characters in a memorable way to slow down anyone who might find your list. (I discuss writing down passwords further in Strategy A: Rely (Mostly) on Technology and in Prepare an Emergency Password Plan.) • Always use a combination of all the character types available for the password. (But don’t worry, these passwords aren’t as hard to create or remember as you might think, even if you’re generating them manually; read Create Security Passwords and Devise a Pattern for Identity Passwords for more details.) Character study: Some programs and Web sites exclude punctuation from the allowable character types, while others accept foreignlanguage characters (such as ç or æ, which you can enter using Option-key combinations on a Mac). When choosing a password, find out which types of characters the system supports, and use all available types. However, I suggest avoiding the space character and the ' and " characters (single and double straight quotation marks), which can confuse some computer systems.

UNDERSTAND THE TWO PASSWORD TYPES Passwords fall into two broad categories: those designed to secure something (as in our ongoing example in the previous section) and those designed to identify someone. Although this distinction is often subtle, it’s something you should understand before delving into the nuts and bolts of working with passwords.

Security Passwords When most of us think of passwords, we assume their function is to protect something, such as information (email or documents), access (programs on a computer or entry to a building), or money (a bank account or other assets). Many passwords do serve such a purpose; I refer to these as security passwords. Like a key to a safe or a building, this sort of password enables the holder to reach what’s inside.

17

Also like a key, a password can be lost (forgotten) or stolen (discovered), and if hidden it can be found. An otherwise terrific password has no value at all if it falls into the wrong hands. Likewise, just as a lock can be physically broken if someone has no key, some kinds of information in the virtual world can be accessed without a password by cracking, or circumventing security systems with clever programming or manipulation. So it pays to bear in mind that choosing an excellent password is only one part of keeping something secure. That said, I can’t overstate the importance of choosing security passwords wisely. Just as you wouldn’t protect a bank vault with a suitcase padlock, you shouldn’t take unnecessary risks with your electronic valuables by using an insecure password.

Identity Passwords Of the hundreds of passwords I’ve created, most exist not to protect anything but merely to identify me. For example, say I register for a free account at the New York Times Web site so I can read news stories there. The site asks me to supply (among other things) a user name and a password. My user name might be my real name, a variation, or a nickname—something someone else could guess. To ensure that only I can log in with my user name, the site asks for a password: information that only I know. (They may do this for several reasons, one of which is to verify that only people who have agreed to their terms of service get access.) I call such passwords identity passwords. This type of password doesn’t necessarily protect anything. Someone who guessed or stole my New York Times password could log in as me and read articles, but not drain my bank account or access my email. For this reason, in most cases identity passwords need not be as strong—as difficult to guess or break—as security passwords. The loss or inconvenience you might suffer if someone discovered your identity password would, in most cases, be extremely minor.

FIGURE OUT THE RIGHT PASSWORD TYPE When the time comes to create a password, your first step is to consider its purpose: security or identity. This is trickier than it sounds, because all security passwords also help identify you, and some passwords that seem only to identify you turn out to protect 18

information too. (However, if you decide to follow Strategy A: Rely (Mostly) on Technology, as I describe later, this decision is moot—all passwords can be equally secure.) Consider the following guidelines: • If the resource accessed with the password involves money in any way, it’s a security password. Examples include bank accounts, PayPal, eBay, Amazon.com, the iTunes Store, tax preparation services, utilities, and any online merchant. • If the password gives you access to private data, it’s a security password. Examples include: email accounts; your Mac OS X administrator account; third-party password utilities; social networking, dating, or job-hunting Web sites; network servers; and AirPort networks. • If a Web site asks you to choose a user name and password only, it’s clearly looking for an identity password. The same is true if a site collects only general demographic information (your ZIP/postal code, age range, gender, and similar facts). • Sites that ask for your real name, your email address, or both are ambiguous. Ask yourself whether you would care if your name and email address were posted publicly on the site if your password were to be guessed. If the answer is no, consider it an identity password; otherwise, it’s a security password. • If a Web site asks for your postal address, phone number, mother’s maiden name, date of birth, or anything else that specifically identifies you, you should use a security password. • Some Web sites that store only your user name and password today could, in the future, expand to provide new services and begin storing additional information about you. Of course, you can’t always predict this in advance, but if you have any suspicions or doubts about what data the password may protect, consider using a security password instead of an identity password.

19

LEARN THE PROS AND CONS OF REUSING PASSWORDS A friend of mine had to supply the password for her Mac OS X login account to a technician repairing her computer, which concerned her greatly because it was the same password she’d used in more than 100 other places. Although that particular technician was trustworthy, the sad truth is that plenty of people aren’t. Someone else learning that password might have used it to access all sorts of private information, perhaps even stealing my friend’s identity and making fraudulent purchases in her name. You might decide that you should never use the same password in more than one place, because varying your passwords greatly limits the damage that can occur if someone learns any single password. At the other extreme, you might decide to keep only certain (especially important) passwords unique, while freely using a single identity password that could result in little trouble if it were compromised. I grant that coming up with an endless series of completely new passwords is a hassle that no one should endure. On the other hand, suppose you have a single password that’s used in 100 relatively unimportant places, and that password somehow becomes public. Most likely you’ll still want to change it, because some ne’er-do-well with too much time on his hands could do unpleasant things like posting bulletin board messages as you, bringing the wrath of media giants on you by violating their service agreements, and so on. To avoid all such consequences, you’d eventually have to go to 100 different Web sites and enter a new password on each one. That, too, is a hassle no one should endure. I advocate a compromise approach: • For identity passwords, I suggest that you either use a password utility (as I discuss in Use Third-Party Password Tools) or follow a pattern for creating passwords (described later in Devise a Pattern for Identity Passwords) so that all your passwords are different while still being easy to create and remember. A pattern-based system requires almost no expenditure of brainpower after you devise the initial template, making it virtually as easy as—but much safer than—reusing one password everywhere. 20

• Security passwords require more care, but you’ll have fewer of them, so there will be less to remember; I discuss how to deal with them (even without a password management tool) in Create Security Passwords.

UNDERSTAND OPTIMAL PASSWORD LENGTH Having read Understand Password Security, earlier, you may be thinking that you should construct and memorize completely random 64character security passwords to thwart any cracking method available to current or hypothetical future computers, but that’s probably unreasonable. Consider these factors: • The value of what you’re protecting. If the treasure is someone’s life or millions of dollars, for example, an insanely long password is worth it. But if you’re protecting only $100 in your checking account, the effort of memorizing and entering such a long password is out of proportion to its value. • The likely effort someone would be willing to expend to break your password. The people who have the computing resources to crack a long, random password within a reasonable period of time aren’t going to waste their effort unless they have something significant to gain, and that may not include anything on your computer. In other words, there’s a range within which a password is adequately secure for ordinary mortals but not so complex that you’ll never be able to memorize it—or that it will take too long to enter. The important thing to remember is that length alone does not a secure password make. As I described earlier, using characters from a wider palette makes shorter passwords more secure, while using guessable patterns makes longer passwords less secure. So there are trade-offs. The fewer kinds of characters you include and the less random it is, the longer your password must be; the broader the character range and more random it is, the shorter it can be.

21

Touch typing: Most password fields display only bullet or asterisk characters as you type—not your actual password—so that someone looking over your shoulder can’t see what you enter. For this reason, it pays to choose passwords that you can easily type accurately without being able to see them, and this can become tricky with long, multiple-word passphrases, especially if they include seldom-used special characters. This is one more reason why a shorter (but more complex) password may be better than a longer one.

Length of Random Passwords I performed some rough calculations to figure out how long it would take to break random passwords of various lengths and character ranges. For example, with a password containing a mixture of capital and lowercase letters and numbers, a single desktop computer could guess a six-character password in about an hour and a half; a supercomputer could do it in less than 6 seconds. In Table 1 (shortly ahead), I list several character ranges and for each one, the number of characters at which a password becomes long enough that it would take an attacker at least twice as long as my total life expectancy to test all the possible combinations—meaning that, on average, the probability of a given password being cracked while I’m still alive approaches zero. For a medium-security password, I base this hypothetical statistic on an attack by a single well-equipped hacker; for a high-security password, I base it on an attack by a massive supercomputer (or a botnet, a network of hacked computers working together as a single attacker). Either way, I figure that if the attacker can’t crack my password during my lifetime, it’s as safe as it needs to be. I’ve highlighted the row in the table that shows the alphanumeric character ranges because these characters can be used safely in virtually any password. Although I encourage you to use punctuation and special characters when you can, and doing so can result in shorter passwords that are just as secure, the “sweet spot” for your average random password turns out to be 10 or 11 characters.

22

Table 1: Recommended Lengths for Random Passwords Character Ranges Used in Password

Recommended Recommended Password Length for Password Length Medium Security for High Security

0–9

17

20

a–z

12

14

a–z, 0–9

11

13

a–z, A–Z

10

12

a–z, A–Z, 0–9

10

11

a–z, A–Z, 0–9, punctuation[1]

9

10

a–z, A–Z, 0–9, punctuation[1], special characters[2]

7

9

[1]

Punctuation includes the 32 visible characters that can be typed on a standard Mac keyboard (using the U.S. English layout) without modifier keys or with the Shift key only (! @ # $ % ^ & * ( ) _ + - = ` ~ [ ] { } \ | ; : ' " , . / < > ?), plus the space character. However, some systems can’t handle spaces or single or double quotation marks (' or "), so I suggest avoiding those.

[2]

Special characters, sometimes known inaccurately as “high ASCII” or “upper ASCII,” are the 126 characters that, on a standard Mac keyboard (using the U.S. English layout), can be typed using the Option key with other keys:

ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòô öõúùûü†°¢£§•¶ß®©™´¨≠ÆØ∞±≤≥ ¥µ∂∑∏π∫ªºΩæø¿¡¬√ƒ≈∆«»…ÀÃÕŒ œ – — “ ” ‘ ’ ÷ ◊ ÿ Ÿ / € ‹ › fi fl ‡ · , „ ‰ Â Ê Á Ë È Í Î Ï Ì Ó Ô Ò Ú Û Ù ı ˆ ˜ ¯ ˘ ˙ ˚ ¸ ˝ ˛ ˇ

Length of Non-Random Passwords For non-random passwords, you’ll need even longer strings. If your password uses names and words from a dictionary (even assuming that you choose multiple-word phrases), you’ll need 28 characters to get the same (medium) level of security as a 10-character random alphanumeric password, and 33 characters to get the higher level of security provided by an 11-character random password. 23

Pronounced differences: Some people prefer pseudorandom pronounceable passwords, which aren’t actual words but can be sounded out as a memory aid. (In fact, the Mac OS X Password Assistant offers pronounceable passwords with its FIPS-181 option.) These passwords aren’t vulnerable to dictionary attacks but are easier to crack than truly random passwords. Examples of pronounceable passwords are peilajooseft and imdudabondif. With this type of password (assuming only lowercase letters), you’d need 14 characters for medium security and 17 for high security. If ease of memorization is important to you, by all means go with a longer but non-random password. But if you want to save yourself some typing (and have fewer characters to memorize, even if they’re harder to learn), choose a shorter, random password.

24

Choose a Password Strategy If you read the preceding chapter, you know about the difference between identity passwords and security passwords, as well as how long and complex passwords should be in order to avoid manual or automated attacks. But when it comes to the nuts and bolts of creating and using these great passwords, many people get stuck between wanting an unguessable password on the one hand, and wanting a memorable password on the other. These two goals aren’t contradictory, though. You only need a good strategy. In my view, the many methods of creating and using passwords can be distilled into two broad approaches. In one, you rely primarily on technology to generate, store, and enter passwords for you (although you must also take a few steps to remember certain passwords and perform some other tasks). In the other approach, you assume that your brain will do most of the work of creating and entering passwords, though you may use software tools to help you with certain tasks (for example, selecting random characters). Before you worry about the details of how to construct passwords, it’s good to have in mind what your overall approach will be. Then you can choose appropriate tools and techniques and not concern yourself with those that don’t apply to your strategy.

STRATEGY A: RELY (MOSTLY) ON TECHNOLOGY One approach to dealing with passwords is to decide up front that you’ll let the computer do as much of the work as possible. You’ll use one or more programs to generate passwords for you automatically (most likely long, complex, random passwords), to securely store those passwords, and to enter them for you in most cases. I call this approach Strategy A (A for automated!).

25

A great thing about Strategy A is that you need not make a distinction between identity passwords and security passwords, or fret over the minimum length and complexity for various passwords. Since they’re all generated by software anyway, you can make all your passwords equally secure. Even if you choose to rely on technology, though, you’ll still need to put your brain to work from time to time. For example, there are some passwords that, by their nature, can’t be entered automatically, such as your keychain password (see Keychains) and your Mac’s Firmware Password, if you’ve set one. Since you must remember these passwords, you might prefer to create them manually too, using one of the methods I describe in Create Security Passwords. If you have hundreds of passwords stored on your computer (presumably in a safely encrypted form), it behooves you to back them up liberally—that is, frequently, in multiple ways, to multiple destinations. If all your eggs are in one digital basket, you could be setting yourself up for a world of hurt. Consult Back Up Your Passwords. In addition, you may encounter situations when you’re away from your main computer but still need a password. For instance, you may want to check your email from a public computer while you’re on vacation, or log in to PayPal to transfer money while you’re at a friend’s house. In cases like these—or when your computer is in the repair shop or otherwise inaccessible—you need an alternative means of viewing your passwords. For some people, this could be an iPhone or iPad app that syncs to a password management utility on your Mac. For others, a better choice may be a Web-based password manager or an encrypted Web page such as the one 1Password can create. Dual-purpose backups: If you use a backup method that stores your data in an encrypted, Web-accessible form using a program such as Backblaze, SugarSync, or SpiderOak, your backup itself can potentially serve as a means of remotely accessing your passwords, as long as they’re stored in a format you can read on another computer. As an extra precaution against getting stuck without a password, you might write down your most crucial passwords and keep them on your person always. To keep them safer in case someone steals your wallet 26

or otherwise stumbles on them, jumble them according to a method you can easily remember—for example, writing them backwards or writing down the next higher letter or number for each character. To put it all together, Strategy A includes the following elements: • Random password generation: Use software to create all your passwords. See Use Password Assistant, 1Password, and Other Password Generators. • Secure password storage: Use your keychain (see Keychains), 1Password (see 1Password), some other tool (see Other Password Managers), or a combination of these to store all your passwords in an encrypted form. • Automatic password entry: Using your keychain (in conjunction with applications that support it) or a third-party password manager, let your Mac enter your passwords as needed. See Safari, 1Password, and Use Passwords on the Web. • Rigorous backups: You can never have too many backups of your passwords. Whether you use Time Machine, CrashPlan, Carbon Copy Cloner, or any of 100 other programs, make sure your passwords are thoroughly and frequently backed up. • Remote accessibility: Make sure you can get at your passwords in one way, or preferably several ways, when you’re away from your main computer. This could include any or all of the following: ◊

A mobile app: Many Mac password managers have companion apps for the iPhone, iPod touch, iPad, or other mobile gadgets that enable you to keep your private information in sync with your computer and safely encrypted. If you carry such a device with you all the time, one of these may be the path of least resistance. See 1Password and Other Password Managers.



A Web-based password manager: Although password managers hosted on Web servers aren’t as flexible or convenient as programs that run directly on your Mac or mobile device, they do enable you to get at your passwords easily wherever you have an Internet connection. See Web-Based Password Managers.

27



An encrypted Web page: 1Password lets you export your passwords as a special encrypted Web page that you can put on your own server, your MobileMe iDisk, a USB flash drive (see the next point), or somewhere else where you can access it remotely. Unlike Web-based password managers, this solution requires no software to be running on the server. See 1Password.



A portable app: If you don’t want to carry an iPhone or other small computer with you, you could put your passwords on a tiny USB flash drive that you keep on your keychain or in your pocket. Several password managers that run on multiple platforms are designed to be stored on, and run directly from, these drives. See Portable Password Managers.

• A cheat sheet: I suggest making a short list of the top five or ten passwords you rely on the most and which you might be unable to remember when you most need them—an emergency or a trip in the distant future, for example. This list might include passwords for your email account, keychain, bank account, or anything else that’s especially important. Be sure to modify the passwords on this list in some easy-to-remember way so that they wouldn’t be immediately useful to anyone who happened upon them, and keep this list with you at all times (in your wallet, for example). Also include on the paper the URLs for any online locations where you’ve stored the rest of your passwords.

STRATEGY B: RELY (MOSTLY) ON YOUR BRAIN A different approach to password management is to forgo automated solutions and put your confidence primarily in your brain’s computational and memory capabilities. This strategy costs nothing, doesn’t require you to install or learn any software, isn’t affected by bugs or program revisions, and protects you from the risk of a lost or stolen gadget. It does, however, require considerably more thought and effort than Strategy A. If you want to be entirely in control of your passwords yourself—rather than putting your computer in control—Strategy B (B for brain!) is the way to go.

28

You may, of course, choose to employ a bit of technology here and there for the sake of convenience. For example, if you decide to come up with a random password, you might use a password generator to offer suggestions (see Use Password Assistant and Other Password Generators), because randomness isn’t something human brains are good at. You may also decide to use your keychain or other password manager to store a few carefully chosen passwords, simply to save yourself the bother of retyping them all the time. But this would be in addition to, rather than instead of, keeping them in your head. Unless you have a photographic memory or enjoy the mental challenge of learning and regurgitating complex strings of characters on demand, Strategy B requires you to use mnemonic techniques. That is, you must come up with patterns or other methods that enable you to create passwords that appear to be random but that you can recall or reconstruct when needed. (I describe some of these techniques in Create Security Passwords and Devise a Pattern for Identity Passwords.) Even so, for the average person this strategy may tend to break down a bit once your password list grows into the hundreds, and in any case it’s worth writing down at least your most important passwords and keeping them in a secure place. Limitations of the brain also mean that the distinction between identity and security passwords becomes much more important with Strategy B. Because a password’s security increases with its randomness and length, you want your most important passwords to be as random and long as feasible. But because longer and more random passwords are harder to remember (and to associate with a particular resource), you’ll inevitably want to follow a simpler system for creating identity passwords, which will probably be much more numerous. To summarize, Strategy B involves the following: • Identity and security passwords handled differently: For security passwords, choose long(ish), random(ish) passwords that a machine or another person wouldn’t easily be able to guess (see Create Security Passwords). For identity passwords, use a pattern (read Devise a Pattern for Identity Passwords). Either way, the process is normally manual, perhaps supplemented by suggestions from a program for more secure applications.

29

• Non-volatile CRAM (cerebral random access memory) storage: Learn your passwords using rote memorization, mnemonic clues, or the template that you reuse for identity passwords. • (Mostly) manual password entry: Type your passwords manually when needed—though you might use your keychain or a password manager occasionally for convenience. Read Keychains and 1Password. • A cheat sheet: Even if you trust your memorization skills implicitly, you could someday be in a situation where stress, the impact of a falling coconut, or some other random occurrence prevents you from remembering a crucial password. So as in Strategy A, I suggest keeping a short list of your most crucial security passwords with you all the time—perhaps obfuscated slightly to prevent them from doing a thief any good.

CHOOSING A STRATEGY: JOE’S RECOMMENDATION I used Strategy B for many years, and it worked reasonably well for me. But my list of passwords grew dramatically over time, and as password management software evolved I began to realize that I was putting myself to a lot of unnecessary work and aggravation, while at the same time taking shortcuts that led to many of my passwords being less secure than they should have been. So I gradually shifted to Strategy A. Today, 100 percent of my passwords are generated by software, and perhaps 99 percent are stored and filled in automatically as needed. I use my brain to store the remaining 1 percent or so, and I’ve taken precautions to ensure that I never get stuck without access to a needed password. My use of Strategy A reflects a certain amount of faith in technology and in a few very smart software developers in particular—I trust that the methods I use to store and retrieve passwords will still work years from now and with new versions of the applications that I rely on, although I do have alternative means of getting at my passwords if necessary. (See the sidebar Should You Trust a Password Manager? for further discussion on this point.) It also reflects a degree of paranoia 30

(or perhaps I should say prudence) on my part: I assume that my passwords are going to be attacked sooner or later, and that short, simple, or obviously pattern-based passwords won’t provide adequate security. Because I have so many hundreds of passwords, relying on technology prevents me from feeling overwhelmed or insecure. However, if you have only a handful of passwords (say, a few dozen) to keep track of, or if your risk level is much lower than mine, then using software to create and manage all your passwords is probably overkill. And if you don’t share my faith in technology, you’ll want to stick with a tried-and-true method that’s guaranteed to keep working indefinitely. In these cases, Strategy B is the smarter choice.

31

Generate Good Passwords Earlier chapters of this book discussed the principles that govern a password’s security and the general strategies you might employ to manage your passwords. Now it’s time to get down to specifics: how do you go about constructing a secure yet memorable password? And what special techniques can you use for the seemingly endless number of identity passwords most of us must maintain? If you’ve decided on what I’m calling Strategy A—using automated tools to create and store passwords—you can skip lightly over most of this chapter. However, even the most technologically dependent person may have to set good passwords manually from time to time, and you should be familiar with some of the basic methods for doing so. Toward the end of this chapter, I also introduce you to Password Assistant, a feature built into Mac OS X that can help you create passwords of several types, with varying length and complexity. In this chapter, I sometimes refer to passwords that I haven’t discussed in detail yet, such as the login and firmware passwords, as well as the password for your Mac OS X keychain (itself a password repository); I get into details about these passwords later.

CREATE SECURITY PASSWORDS Taking all the previously discussed facts into account, I’d like to make suggestions for creating security passwords. (In the next section, I give advice for identity passwords.) When faced with the need to create any new security password, ask yourself this question: “Will I ever need to remember it on my own?” The answer may not be as obvious as you think. On the one hand, the Mac OS X keychain can remember passwords for you (see Keychains), and third-party Mac OS X and iOS tools can help too (see Use Third-Party Password Tools). If a certain password 32

will be used only when you have access to such a program, you needn’t also store it in your brain. (You may, however, need to give another, trusted person access to such a password; read Prepare an Emergency Password Plan for details.) On the other hand, as mentioned earlier, you may find yourself in a situation where you must recall a password without help. If you have not committed important passwords to memory, such a situation can leave you stranded (but see Strategy A: Rely (Mostly) on Technology for more advice). In addition, you must remember your Mac OS X login, firmware, and keychain passwords, since you may not be able to access your computer until you’ve entered them! So, choose one route or another for creating security passwords: • The random route: If you’re sure you can let the computer remember a security password for you (or if you’re willing to memorize it by rote), use Password Assistant (see Use Password Assistant) or another password generator (see Use Third-Party Password Tools) to create a random 10- or 11-character string that includes numbers and capital and lowercase letters, and store it in your keychain or other password manager. Choose the length according to your desired level of security (per Table 1) and the restrictions on password composition (see Table 2, shortly ahead). • The non-random route: If you might need to recall a security password yourself, use one of the following techniques (or devise something comparable) to create a secure yet memorable password: ◊

Use Password Assistant’s Memorable type to create a password that’s at least 17 characters long. (Some other password generators have comparable options.) You may think that 17 characters is a lot to remember, but you’ll easily recall passwords like Turkish1%teenaged, Bronx18\munches, or send78*obediently.



Create a 10- or 11-character string that appears to be random but that has an underlying pattern that only you know. For example, start with a movie quote you like, and write down the first letter of each word. So, “No matter where you go, there you are” becomes nmwygtya. Insert numbers within the string; for example, since this quote is from a movie released in 1984, you might have nm1wy9gt8ya4. Finally, capitalize some letters, such 33

as the vowels or the first and last letter: Nm1wy9gt8yA4. (For more ideas on creating pseudo-random passwords, see the next section, Devise a Pattern for Identity Passwords.) Whichever procedure you follow, note that not all character types can be used in all situations; Table 2 lists some of the restrictions. Table 2: Password Restrictions Password

Restrictions

More Information

Login Avoid special characters (including typed using Option key. administrator)

http://docs.info.apple.com/ article.html?artnum=302231

Firmware

http://docs.info.apple.com/ article.html?artnum=107666

• Avoid special characters typed using Option key. • For PowerPC Macs, also avoid the capital letter U.

AirPort 3.0 or later

• Avoid special characters typed using Option key. • WEP passwords (but not WPA passwords) should have either 5 or 13 characters (5 for 64-bit WEP, 13 for 128-bit WEP). • WPA passwords can have 8 to 63 characters (or 64 hexadecimal digits).

Keychain

None

Master

None

Root

Avoid special characters typed using Option key.

Web sites

Varies by site. In general, you’re safe with a–z, A–Z, and 0–9; some sites require a combination of letters and numbers, some restrict password length.

34

http://docs.info.apple.com/ article.html?artnum=107434 http://docs.info.apple.com/ article.html?artnum=108058

DEVISE A PATTERN FOR IDENTITY PASSWORDS For passwords that serve only (or mainly) to identify you, I suggest building them out of two components: one that’s always the same and another that varies from one place to the next. To use a trivial example, if you needed one password to open a door and another to open a safe, you might take your recurring personal segment of a1b2 and add it to door and safe to get a1b2door and a1b2safe. (But those are not good passwords; read on to see how to overcome that problem.) Each component of a good identity password appears to be random, as does the password as a whole, but in reality they follow a pattern that makes it easier for you to remember them. Don’t Panic! The advice here may seem like too much effort for too little gain. But it’s not difficult: you go to the small effort of creating two patterns just once, and then, after you use them a few times, they’re burned into your memory and their use becomes automatic. In fact, it can be even easier than that! As I explain later in Keychains, Use Keychain Access, and Use Third-Party Password Tools, in most cases your computer can remember passwords for you, and if you prefer, it can create the passwords too, requiring almost no effort on your part. You may, however, fall back on the techniques described here when you need to remember passwords without the aid of a software tool—so don’t skip this section even if you plan to let your computer remember your passwords. Whatever you do, resist the temptation to take the lazy way out and reuse just one password everywhere. You might get lucky and encounter no problems, but I’d be irresponsible if I suggested it was safe or wise—even for these low-security identity passwords.

Password Part 1: Your Personal Segment Let’s begin with the part of the password that will be the same each time it’s used. It should follow the guidelines mentioned earlier, such as avoiding words in a dictionary and numbers someone might guess, and mixing numbers with capital and lowercase letters. But it need not be long—five to seven characters should be plenty. 35

If you want to generate a completely random set of characters and don’t mind memorizing it, that’s fine—and for help doing so, you can use Password Assistant (see Use Password Assistant, a bit later in this chapter). But to make memorization easier, I suggest obfuscating a familiar string. There are innumerable ways you might do this; here are a few strategies, to give you some ideas: • Start with a word—ideally one that’s obscure or from a foreign language—and replace the vowels with numbers. For example, if the word is aquatic, you might replace the vowels with consecutive numbers, to get 1q23t4c, or reverse the numbering to get 4q32t1c. Or use 1 for a, 2 for e, and so on: 1q5lt3c. • Instead of starting with a word, use the first letter of each word in a phrase you can remember (such as a movie, book, or song title). For example, The Long, Dark Tea-Time of the Soul could become TLDTTotS. Play with the case of the letters to disguise their origin. • Reverse the order of any word or numerical string you choose, to obfuscate it further. Instead of aquatic, choose citauqa; instead of 90210, choose 01209. • Intersperse a string of numbers with a word to disguise where both came from. If your favorite movie is Star Wars and you remember that it was released in 1977, you could produce strings like s1t9a7r7 or (in combination with reversal) 77sraw91. • To mix case, capitalize all the consonants (aQuaTiC), all the vowels (AqUAtIc), every third letter (aqUatIc), the first and last letter (AquatiC), or some other combination you can remember. • Combine several of these techniques. If you start with “A rolling stone gathers no moss” and use the first letters, you get Arsgnm. Replace the vowel with a number, and you get 1rsgnm. Capitalize every other letter to get1RsGnM. Reverse that and it’s MnGsR1. These are only a few of the techniques you can use to devise a pattern that appears to be a random string of letters and numbers and yet is easy to remember (or at least easy to reconstruct, even if it doesn’t roll off your fingertips). Before moving on, take a few minutes to come up with a five-to-seven-character string to use as the unchanging part of your identity passwords. It will become easier to remember as you get into the habit of using it. 36

Shared Passwords You may have to come up with passwords for other people (coworkers or family members, say) or create a single password that will be shared by several people (such as the password for a shared network volume). In these cases, you should not follow the patterns you use for your own passwords, because that reduces their security. Come up with a separate pattern for any password that must be shared and used regularly by other people.

Password Part 2: The Usage-Specific Portion The second part of your identity password is specific to the place in which it’s used. The idea, as with the first part, is to follow a pattern so that it takes little or no mental effort to figure out what a given password should be, while obscuring that fact from someone who might obtain one of your passwords and try to guess the rest. Let’s say that my personal password segment is 9t3vQd (and that, as random as it looks, it’s actually based on a pattern I can easily recall). If I want to use this to create a password for the New York Times Web site, I could make it 9t3vQdNYT or NYT9t3vQd. The problem, though, is that the NYT part of the password is pretty obvious. A hacker learning this password and noticing the origin of NYT might guess that CI9t3vQd could be used to access my account at Cook’s Illustrated. (Great recipes are a hot commodity, you know!) The goal, then, is to come up with a usage-specific pattern that’s immediately obvious to you, so that you can instantly reproduce a password simply by looking at the name of the Web site or other resource, yet other people won’t be able to decode your pattern easily. Many of the tricks for creating the personal password segment could apply here, but the system needs to work equally well with single short words, long phrases, varying capitalization, and so forth. Once again, I’d like to offer a few suggestions to spark your creativity: • Take the last six characters of the resource and reverse their order; put the first three in the middle of your personal segment and the last three at the end. So, if your personal segment is 9t3vQd and the password is for the New York Times, you’d take the last six characters (ktimes), reverse them (semitk), put the first half in the middle of your password (9t3semvQd), and put the other half 37

at the end (9t3semivQditk). If the resource’s name has fewer than six characters (for example, Pogo.com), add zeroes (or some other character) to each half to pad it (9t3og0vQdop0). • Count the characters in each word of the resource’s name (New York Times = 345), and add up the digits (3 + 4 + 5 = 12). Append all those numbers to your personal segment (9t3vQd34512). If you have too few characters to make a password of your desired length, add zeroes (or some other character) to the beginning of the string to pad it (ZZ9t3vQd34512). • Using only the vowels in the resource’s name, add half (up to three) to the beginning of your personal segment and the rest to the end. (I recommend, for this purpose, counting w and y as vowels!) For the New York Times, you’d use the letters e-w-y-o-i-e. Put the first three at the beginning of your personal segment and the other three at the end: ewy9t3vQdoie. Whether you use one of these techniques or devise your own, the key is to be consistent. If you always use the same strategy to derive your password, remembering the password for any given site will be a cinch. But if you change the rules sometimes, you’ll have a hard time remembering your passwords. Decide up front whether you’ll base Web site passwords on the site’s name or its URL and whether you’ll include elements like “the”, “of”, “www”, and “.com” in a password derivation. Using the system I describe here, you can be relatively confident that anyone who discovers one such password won’t be able to divine the passwords for any other of your accounts without considerable effort and luck. However, if someone were to discover two (or more) of these passwords, the job would become much easier. If you learned that my New York Times password is tkro9t3vQdywen and my Cook’s Illustrated password is llis9t3vQdkooc, you’d immediately notice the common pattern, drop out the middle, and arrive at tkroywen and lliskooc, which are easily decoded. This is one reason I recommend against using this type of pattern for security passwords. Warning! Please don’t use the example passwords in this book! Lots of other people have read it too, so those passwords are easy to guess. Likewise, never use a password that appears in any book or movie; hackers make a hobby of collecting, and trying, those passwords. 38

USE PASSWORD ASSISTANT Hidden behind an obscure icon in a few Mac OS X dialogs is a useful tool called Password Assistant. It can help you generate various kinds of random passwords, with adjustable length and character type. It even shows you how secure each option is. It’s a shame Apple didn’t make it more accessible, but even that problem is easily solved (see “Password Assistant” under Other Password Generators). Note: Password Assistant is just one of many automated password generators; see 1Password and Other Password Generators.

Whenever you see the button by a password field, you can click it to display Password Assistant. Among the half-dozen or so places you can find this button are: the dialog that appears when you create a user or change a user’s password in either the Finder or the Accounts preference pane; the dialog for adding or changing a master password in the Security preference pane; and the login window when you reset a user’s password. When you click the appears.

button, a small, floating window (Figure 1)

Figure 1: Password Assistant creates several kinds of passwords for you and gives you a visual indication of any password’s strength.

As soon as you open this window, a password suggestion appears. Changing any of the options immediately results in a new suggestion.

39

The options you can adjust are as follows: • Type: From this pop-up menu, choose the type of password you want. In this context, type refers to both the range of characters and the way the password is constructed. Your choices are: ◊

Memorable: The default setting, Memorable combines multiple words (from a dictionary) with numbers and one punctuation character.



Letters & Numbers: This choice includes numbers and capital and lowercase letters.



Numbers Only: This is the least secure option, which in my opinion you should always avoid.



Random: This option includes capital and lowercase letters, numbers, and punctuation characters, but not characters you type using the Option key.



FIPS-181 compliant: FIPS-181 is a standard used by the U.S. Department of Commerce to create (mostly) random yet pronounceable strings. It uses only lowercase letters.



Manual: Enter your own password, and Password Assistant indicates its quality.

To learn about the relative strength of these types, see the sidebar Strength in Numbers (and Letters), shortly ahead. • Suggestion: As soon as you change the Type or adjust the Length setting, the Suggestion field offers a suggested password meeting your criteria. If it’s not to your liking, you can click the arrow at the right of the field to open a pop-up menu with more choices. If those aren’t enough, choose More Suggestions from the pop-up menu. • Length: Drag this slider left or right to adjust the length of the passwords generated. The minimum is 8 characters and the maximum is 31 (though if you enter a shorter or longer password manually, Password Assistant still measures its quality). • Quality: This gives a rough estimate of the password’s quality. If the bar is more red or yellow than green, the password is less secure; if it’s mostly or all green, it’s more secure. A longer green bar is more secure than a shorter green bar. The method used to 40

assess quality is rudimentary and imprecise, and it doesn’t take into account issues picked up by the Tips field (explained next). Still, it’s useful as a quick indicator of a password’s approximate strength. • Tips: This area makes suggestions regarding how the password currently in the Suggestion field can be improved. For example, if you enter only lowercase letters, the Tips area says, “Mix upper and lower case, punctuation, and numbers.” Strength in Numbers (and Letters) If you’re curious to know what it takes for a password to get the Quality indicator’s highest rating (a full green bar), here’s how the various password types stack up: • Memorable: 21 characters • Letters & Numbers: 20 characters • Numbers Only: 39 characters • Random: At least 18 characters; sometimes requires 20 • FIPS-181 compliant: 28 characters • Manual: Depends on characters chosen, but a minimum of 17 In other words, Random (or a carefully chosen Manual password) gives you the highest ratio of security to length, and Numbers Only gives you the lowest. (Even 17 characters is much longer than most of us need; my point here is merely to illustrate how Password Assistant judges the quality of various password types.) However, even a password with the highest possible rating can be insecure. For example, abcdABCD1234!@#$¡™ fills up the green bar, but because those characters follow an easy-to-type pattern on the keyboard and aren’t mixed up in any way, the Tips field (wisely) says, “This is too simplistic or systematic.”

TAKE ACTION! Having read this chapter, you may now be thinking that a lot of your existing passwords could stand some improvement. If so, use what you’ve learned here to replace them with better passwords today. Of course, if you have hundreds of bad passwords, changing them all is not an easy project; for advice, see the sidebar Update Old Passwords. 41

Understand Mac OS X’s Passwords In the course of using Mac OS X, you’ll often encounter the need for passwords: when you set up a new computer, install new software, connect to a wireless network, and more. Many Mac users become aggravated at having to type passwords so often. Because such frequent demands to enter a password are annoying, they might lead you to choose less secure passwords so that they’re easier to enter. Apple’s perspective is that requiring passwords regularly helps keep your computer and its data safe and secure. In this chapter, I discuss the various situations in which passwords are needed in Mac OS X, how to enter and change them, and how secure they should be. Change the locks: Many passwords—including all the ones described in this chapter—are case-sensitive, which means that if you accidentally have the Caps Lock key activated, you’ll type an incorrect password. Some Mac OS X password dialogs display a symbol next to the password field when Caps Lock is activated. On a laptop, the Num Lock key can also lead to typing incorrect passwords—though no visual cue appears. If your password is repeatedly rejected and you’re sure you’ve typed it correctly, make sure both Caps Lock and Num Lock are deactivated.

LOGIN PASSWORDS Every computer running Mac OS X has at least one user account—a means of identifying the person using the Mac at any given time. In the Accounts preference pane, you can set up additional users if you like. Each user gets a separate virtual (and private) space in which to work; this includes access to the user’s own preferences, documents, and Finder settings. The password for a user account is called the login password. It’s what you use to log in, thus gaining access to your personal space, but it has other uses too (as I explain a bit later). 42

Basic training: For more detailed information, consult Kirk McElhearn’s Take Control of Users & Accounts in Snow Leopard. When you set up a new Mac or install Mac OS X for the first time, you’re asked to enter your real name, a user name (typically shorter than your real name; all lowercase and without spaces), and a password. In so doing, you set up a user account for yourself with administrator privileges—meaning that you have the authority to add and delete other user accounts, make changes anywhere on your disk, and install and run any application. Each Mac has one or more administrator accounts. The login password for such an account is also known as an administrator password. Mac OS X asks you for an administrator password when you take certain actions that can have far-reaching consequences—for example, installing or using software that makes changes to the /Applications, /Library, or /System folder. How Many Administrator Accounts? As an administrator, you can give other users administrative privileges (by checking Allow User to Administer This Computer at the bottom of the Password view in the Accounts system preference pane). Because administrators could inadvertently make changes that would erase important data or prevent the computer from working properly, some experts suggest avoiding administrator accounts for day-to-day use. (In my opinion, using an administrator account as your main account is reasonable if you’re the computer’s only user, and it is only slightly less safe than using a non-administrator account.) Even if you’re the only one using your Mac, I strongly recommend setting up a second administrator account, with a different password, for your own use. You can log in with this second account for troubleshooting or, should your computer ever require service, you can supply the second user name and password to the repair shop instead of divulging your main password.

43

Choose and Set a Login Password Your login password not only identifies you but also protects a variety of resources (such as your personal files), so it’s clearly a security password. This implies that it should be at least 10 or 11 characters long and should follow the rules for secure passwords (see Create Security Passwords, earlier). However, if you use a different password for your keychain (read Keychains), you can get away with a somewhat less secure login password—and you may want to do this, because you’ll be entering it often and because administrator passwords can be circumvented so easily (see Reset an Administrator Password, a few pages ahead). To change your login password, go to the Accounts preference pane, click the lock icon, at the lower left, to authenticate (identify yourself with a user name and password), and select your name in the list on the left. Click Change Password, fill in the appropriate fields, and click Change Password again. Take (or Leave) a Hint When you select a login password, Mac OS X provides a field in which you can enter an optional password hint. Many Web sites offer a similar field (sometimes required). If you forget your password, you can look at the hint and it might jog your memory. While I appreciate the potential usefulness of hints, I don’t use them myself if I don’t have to, and I recommend that you avoid them too. Hints cut both ways: if they can help you remember your password, they can also help a hacker (or, say, a disgruntled employee or ex-boyfriend) learn it. In my opinion, hints considerably reduce the security of passwords. If you use a password infrequently and feel so nervous about forgetting it that you’re compelled to enter a hint, make the hint obscure. For example, if you created the password t0SsFm061Fm from the quote “That’s one small step for man, one giant leap for mankind,” a hint like “Apollo 11 quote” or “The Eagle has landed” is too obvious. On the other hand, something more remote, such as “Tranquility” or “Colbert’s icon,” might be enough to trigger recall without giving too much away. (And if you don’t know what I mean by those references, don’t worry: that’s the point.)

44

Use Your Login Password You enter your login password when you log in to your Mac OS X account (which may happen automatically when you turn on your computer); this gives you access to all your personal files and settings until you log out or turn off your computer. Away from home: Entering an administrator password at login doesn’t unlock every protected resource for the entire time you’re logged in, as you might expect. You must, in general, enter it again every time you do something that makes changes outside your home folder (/Users/your-user-name). Note that if you’re currently logged in as a non-administrator and you’re asked to supply an administrator password, you must also enter the administrator’s real name or user name in the Name field. The default settings for when your login password is required are not very secure. For example, if you walk away from your computer for a few minutes, someone else could sit down and access any of your files. If you live alone in a house in the country, that’s hardly a concern; however, if you do most of your work on your laptop in crowded city cafés, you probably want as much extra security as you can get. So, given the environment in which you use your computer, you should consider whether additional security is advisable. Each of the following settings that you change from the default will result in your being asked to enter your password more frequently, but with a corresponding increase in security: • Sleep and screen saver: Normally, your login access remains active when your Mac’s screen saver activates or when the Mac goes to sleep; waking the Mac puts you back where you were before. But you can require entry of your login password when the Mac wakes from sleep or the screen saver deactivates, to make your data safer if you’re away from your Mac for a while. To require a password in both cases, go to the Security preference pane (and then, in Leopard or Snow Leopard, to the General view) and check Require Password to Wake This Computer from Sleep or Screen Saver. If you use your Mac only in a setting where you needn’t worry about someone else walking up to it and accessing your accounts, leave this disabled; in other situations, I recommend enabling it. 45

Three for all: Note that the next three options apply to all users on the computer, not just your own account. • Automatic login: By default, Mac OS X logs you in automatically when you turn on or restart your Mac. If your Mac is in a secure place where no one but you can access it, that’s probably fine; otherwise, it’s best to disable automatic login (so that the login window appears every time the computer starts up). You can do this in the Accounts preference pane: click the lock and authenticate with an administrator password; then click Login Options and choose Disabled from the Automatic Login pop-up menu (in Leopard or Snow Leopard) or uncheck Automatically Log In As (in Tiger). Or, open the Security preference pane (and then, in Leopard or Snow Leopard, go to the General view) and check Disable Automatic Login. In general, laptops should always have automatic login disabled; for other computers, the choice depends on whether anyone you don’t trust completely has physical access to your computer. • Automatic logout: When your computer goes to sleep or the screen saver activates, you’re still logged in, and any applications or documents you had open remain so (even if a password is required when the computer or display wakes up); this can potentially increase your vulnerability to certain kinds of network-based attacks. To take security one step further, you can have Mac OS X log you out automatically after a period of inactivity; all programs running under your user account will quit. To activate this feature, go to the Security preference pane (and then, in Leopard or Snow Leopard, to the General view), check the Log Out After __ Minutes of Inactivity checkbox, and enter the desired number of minutes before automatic logout. For most users, enabling this setting is unnecessary, but it may be useful for computers kept in highly public places. • Secure system preferences: Several preference panes contain settings that affect all users’ accounts and potentially have security implications for all users. To make it harder for an unauthorized user to modify these settings, you can require that an administrator password be used to unlock each pane individually. (The default setting is that unlocking one pane unlocks them all.) 46

To activate this feature, go to the Security preference pane and check Require a Password to Unlock Each System Preferences Pane (Leopard or Snow Leopard) or Require Password to Unlock Each Secure System Preference (Tiger). The affected preference panes are Accounts, Date & Time, Energy Saver, Network, Parental Controls, Print & Fax, Security, Sharing, Startup Disk, and Time Machine (and some third-party preference panes). This setting is useful primarily for computers shared by many people, such as in schools and libraries. • Keychain password: By default, your login password is used as your keychain password, which means that your keychain is unlocked automatically when you log in (see Keychains). To prevent this, you can change the keychain’s password. Because the keychain password is particularly valuable, I recommend that all users change it to be different from their login password. • Login window alternative: When the login window appears, it normally lists all the Mac’s users, each with an icon; you can click one of them and enter a password to log in. Alternatively, the login window can display two empty fields, one each for user name and password; this makes it harder to break in, because the intruder has to guess not only a valid password but a valid user name as well. To switch the login window from a list to name and password fields, go to the Accounts preference pane, authenticate if necessary, and click Login Options. Then select the Name and Password radio button. Displaying the login window as name and password fields is a good idea for laptops and for situations where more than a handful of people have user accounts. • Password hints: After a user tries to enter a login password three times in a row without success, Mac OS X displays that user’s password hint (if one was entered). Because these hints can also help an attacker figure out someone’s password, you can disable their display. To do this, go to the Accounts preference pane, authenticate if necessary, and click Login Options. Then uncheck Show Password Hints (Leopard or Snow Leopard) or Use Password Hints (Tiger). As I mentioned in the sidebar Take (or Leave) a Hint, I suggest not using password hints at all. 47

Reset an Administrator Password I have some good news and some bad news. The good news is that if you forget your administrator password, you can reset it without much difficulty; the bad news is that this fact makes administrator passwords relatively insecure, because anyone else can do the same thing. However, you can minimize this risk by setting a Firmware Password and physically locking your computer with a security cable (see the sidebar The Too-Open Firmware Password). If you know the password of the administrator account that was configured when Mac OS X was first installed (the “original” administrator, which Mac OS X sometimes treats in subtly different ways from other administrators), you can change any other administrator password with these steps (which work similarly for changing other login passwords, though it’s generally best left to other users to change their own passwords): 1. Log in as the original administrator. 2. Open the Accounts preference pane. If the lock icon is closed, click it and enter your administrator password to authenticate. 3. Select an administrator and click Reset Password. 4. Enter (and repeat) a password, and optionally enter a hint. 5. Click Reset Password. If your machine has just one administrator account (the original one), you can reset its password as follows: 1. Put your Mac OS X Install CD or DVD in your optical drive and restart with the C key held down (to boot from the optical disc). Leave your troubles behind: Because this disc can be used to bypass your administrator password, consider leaving it at home when traveling with your laptop. But take another startup disc (such as a third-party disk utility) with you in case of disk errors that prevent you from starting your Mac. 2. Click through the language selection screen. Then choose Utilities > Reset Password.

48

3. Select your usual startup disk. Then, from the pop-up menu below the volume list, choose the user whose password you want to reset. (Do not choose “System Administrator (root),” which represents an entirely different account!) 4. Enter (and repeat) a new password, and optionally enter a hint. Click Save, and then click OK. 5. Choose Reset Password > Quit and then Installer > Quit Installer. Click the Reset button to restart from the hard disk. Once you’ve done this, you’ll still be prompted to enter a password for your login keychain (see Keychains, toward the end of this chapter). If that password was the same as your login password—meaning it too is forgotten—you’ll have to delete that keychain, make a new one, and set that keychain as the default (see Solve the “login” Keychain Prompt Problem). Resetting an Administrator Password without a CD or DVD What if you’ve misplaced your Mac OS X Install CD or DVD, or your optical drive isn’t working, and you need to reset your administrator password? There’s another option, although it’s more convoluted. The procedure depends on what version of Mac OS X you’re using: • For Mac OS X 10.5 or later: Follow Apple’s instructions at http://support.apple.com/kb/TS1543 under “if you are unable to log in.” • For Mac OS X 10.4: Try the similar (but not quite identical) directions at http://www.intelliot.com/blog/2005/02/mac-os-xpassword-recovery/.

MASTER PASSWORD Mac OS X includes a security feature called FileVault, which encrypts the entire contents of a user’s home folder so that all the data on the machine is protected if the computer is lost or stolen. Like many other Mac experts, I’m unenthusiastic about FileVault. It’s a great idea in theory, but I find the implementation worrisome: it’s too easy for 49

something to go wrong that would result in the permanent loss of all your data. However, the introduction of FileVault led to an interesting and little-known password feature that could be useful even if you don’t use FileVault: something called a master password. You configure FileVault in the Security system preference pane (in Leopard and Snow Leopard, it’s in the FileVault view, as shown in Figure 2). Before you can turn on FileVault for any user, an administrator must set a master password, which gives you a second way to unlock your FileVault data in case you forget your regular login password. What many people don’t realize is that the master password can be used to reset any user’s password, even an administrator’s, regardless of whether that user has FileVault enabled. That makes the master password an important safety net but also means it’s extremely powerful, so it should be just as secure as any administrator password.

Figure 2: The FileVault view of the Security pane of System Preferences lets you set a master password, which is used for more than just FileVault.

50

Choose and Set a Master Password When choosing a master password, use the same criteria that you’d use for any administrator password—but remember that if you forget both the login password for a FileVault-protected account and the master password, you’re completely sunk. Even though you can reset the login password associated with the account, doing so does not unlock the account’s FileVault data. To set the master password, go to the Security preference pane, click FileVault (if you’re running Leopard or Snow Leopard), and click Set Master Password; to change it, use the Change button in the same place (and enter the previous master password when prompted). Although you can change the master password in the Security pane, you can’t remove it altogether here. If for some reason you want to delete the master password altogether—which could be necessary if you’ve forgotten it—you need to use Keychain Access to delete the FileVaultMaster keychain; see Use Keychain Access for instructions.

Use Your Master Password Once you’ve set up a master password, you can use it to reset any user’s password; if the user has FileVault enabled, Mac OS X unlocks it upon logging in with the new password. Follow these steps: 1. Display a login window, whether by restarting (if you’ve set Mac OS X to open the login window on startup), choosing Login Window from the Fast User Switching menu (if you have that option enabled), or choosing Apple () > Log Out Your-User-Name. 2. Depending on how your preferences are set, click a user’s name in the list or type the user’s real name or user name in the Name field. 3. Enter anything in the Password field and press Return. Assuming you haven’t entered the correct password, the window shakes back and forth to indicate “no.” Repeat this two more times. 4. After the third wrong try, the login window displays a password hint if the user entered one; if so, enter something in the Password field one more time and press Return. If no password hint was entered, or after you try one more password after being presented with the hint, the Password field changes to Master Password (or in some cases simply Master). The hint for the 51

master password, if any, appears below the field. Enter your master password here and then click Log In. 5. A warning appears, reminding you that changing a user’s password creates a new keychain for that user (leaving the old keychain still present and locked with its previous password). Click OK. 6. Enter (and repeat) a password, and optionally enter a hint. Click Log In. Mac OS X logs you in as that user and, if necessary, unlocks FileVault.

ROOT PASSWORD Mac OS X is based on Unix, and in the Unix world the root user is the most powerful user on the system, able to do anything up to and including erasing the operating system itself. With a root password (that is, the password for the user named “root”), you can do a tremendous amount of damage. For this reason, the entire root account is disabled in Mac OS X by default. Fortunately, almost anything you might need to do as the root user can be done without enabling this account, as long as you have an administrator password. And the vast majority of Mac users won’t even need root-user access at all, which is generally exercised only in the command-line environment of Terminal. So I strongly suggest that you do not enable the root account, no matter how geeky you are. Rooting it out: If you’re a tech-head working in a command-line shell and need to log in as root, you can do so (even without the root account being enabled) with sudo -s, entering your administrator password when prompted. Be sure to type exit when you finish with whatever tasks required root access. If you absolutely must enable the root account—and I’m speaking here only to highly technical people who are certain they have a valid reason for doing so—you can find instructions at http://support.apple.com/kb/ HT1528. If you do this, be sure to assign to the root user a password that’s different from, and at least as secure as, your administrator password. (On single-user machines, you can safely use your administrator password as the root password.) 52

FIRMWARE PASSWORD Because an administrator password can be circumvented relatively easily (see Reset an Administrator Password), Apple provides additional security in the form of a firmware password. Unlike your other passwords, this one is stored in the nonvolatile memory of a chip on your Mac’s logic board, which means that you can’t bypass it even if you hook up a different hard drive or start from a CD or DVD. PowerPC-based Macs use a system called Open Firmware; Intel-based Macs have an analogous system called EFI (Extensible Firmware Interface). The function of the firmware password is essentially the same in both cases. No firmware password is set by default, but if you specify one it has the following effects: • Most special startup modes are disabled that would normally be activated by holding down one or more keys on the keyboard (such as Command-S for single-user mode, T for target disk mode, C to start from a CD or DVD, and Option to select a different startup disk). • For Macs with PowerPC processors, accessing the Open Firmware command prompt (by holding down Command-Option-O-F during startup) requires entering the firmware password. • Holding down Command-Option-P-R during startup doesn’t reset the PRAM (parameter RAM), as it otherwise would. In other words, the presence of a firmware password blocks most of the paths someone might use to avoid or reset your administrator password and get access to your computer and its contents. The downside is that if you’re troubleshooting a problem that requires booting from another volume, resetting the PRAM, or entering single-user mode, you’ll have to disable the firmware password first, and then restart to enable the special key sequences.

Choose and Set a Firmware Password If you decide to set a firmware password, choose one that’s not easily guessed, but don’t outdo yourself: it’s relatively easy for a hacker to get past it (see the sidebar The Too-Open Firmware Password, shortly ahead), and the aggravation you’ll suffer if you forget it could 53

be significant. I’d opt for one or two words with some simple foils (see Devise a Pattern for Identity Passwords) to disguise them. With or without U: Because of a bug affecting Open Firmware in certain PowerPC Macs, firmware passwords that contain the capital letter U are not recognized. So avoid that character if you have one of the affected models. For more information, consult http://support.apple.com/kb/TA21330. The tool you use to set, change, or remove a firmware password is called Firmware Password Utility. For some reason, Apple neither installs this along with Mac OS X nor offers it as a separate download on its Web site. Instead, it’s provided on your Mac OS X Install or DVD in the (normally hidden) /Applications/Utilities folder. You can run it from the disc, but I recommend copying it to your hard disk’s /Applications/Utilities folder to make it easier to find in the future. To do this, insert your Mac OS X Install DVD, choose Go > Go to Folder in the Finder, enter /Volumes/Mac OS X Install DVD/ Applications/Utilities, and click Go. The disc’s Utilities folder opens in a new window; from there, you can drag Firmware Password Utility to your hard disk. To set your firmware password: 1. Open Firmware Password Utility. 2. Click Change. 3. Check the Require Password to Change Open Firmware Settings checkbox. 4. Enter a password in the Password field; enter it again in the Verify field. Click OK. 5. When prompted, enter your administrator password and click OK. Your firmware password is now set; you can quit Firmware Password Utility. The next time you restart, the password will be active and will prevent startup from another volume or in a special mode.

54

The Too-Open Firmware Password Setting a firmware password adds some security to your Mac, but it provides no protection against an attacker who’s knowledgeable and who has physical access to your computer. Using a straightforward procedure, you can reset the firmware password—useful if you’ve forgotten the password, but unfortunate if your computer falls into the wrong hands. The most reliable way to defeat a firmware password, on a Mac whose case can be opened conveniently, is to change the amount of RAM in it. First, remove (or add) a RAM module, close the case, and restart; during restart, hold down Command-Option-P-R to reset the PRAM, and continue holding those keys down until you hear the second startup chime. Release the keys and allow the Mac to start up normally. (You can then, if you like, turn it back off and restore the RAM to its earlier configuration.) You may also need to open the Startup Disk preference pane and reselect your preferred startup disk. Most Macs have a slot for a security cable, such as the Kensington MicroSaver, which enables you to physically attach your computer to a desk or other sturdy object. Some Mac models are designed in such a way that attaching a security cable also prevents the case from being opened, making it that much harder to get around the firmware password by changing the RAM. Security cables are a good idea, but remember: they won’t stop anyone truly determined to get into a computer. Interestingly, the MacBook Air, which lacks a security slot, also has all its RAM soldered directly onto the logic board, so you can’t defeat the firmware password on that computer by changing its RAM even if you can open the case. According to Apple, the only way to get past a forgotten firmware password on a MacBook Air is to take the computer to an Apple Store or authorized service facility and let the technicians there work some magic.

55

EMAIL PASSWORD Your email password may be one of your most valuable passwords. Apart from the fact that your email may contain all sorts of interesting personal information about you, consider that many Web sites use email to remind you of your password if you’ve forgotten it. Someone with access to your email account could click the “forgot my password” link on a site where you have an account and simply read the resulting message, thus learning a much more valuable password. For this reason, I recommend choosing a very strong password for each of your email accounts (including your MobileMe account, if any). I must also remind you that even a secure password, if intercepted in transit, is worthless (see Use Wireless Networks Safely). So take every precaution to ensure that your email password remains private— especially when using public wireless networks. If your email server offers secure authentication (such as MD5 Challenge-Response or Kerberos), use that instead of the insecure Password method—and note that this applies to both incoming (POP/IMAP/Exchange) and outgoing (SMTP) email. Better yet, if possible, use SSL/TLS (Secure Sockets Layer/Transport Layer Security) to encrypt both messages and passwords traveling between your computer and the server. In Apple Mail, you can change an account’s password by choosing Mail > Preferences, clicking Accounts in the toolbar, and selecting the account from the list on the left. In the Account Information view, you can set the password for the incoming mail server; to set the SMTP password (and its authentication options), click the Server Settings button. To change the authentication method for incoming accounts and turn SSL on or off, go to the Advanced view.

WIRELESS NETWORK PASSWORD If your Mac connects to the Internet using a wireless network, that network may be protected with a password. If you own the AirPort base station, Time Capsule, or third-party wireless gateway that provides your Internet access, you can choose whether or not to use a password on it (consult your gateway’s manual for instructions). Assuming it’s a relatively modern device that supports WPA (Wi-Fi Protected Access) or WPA2 encryption (see Use Wi-Fi Encryption for 56

details), enabling this feature is a good idea. Even in your home, you can’t assume your wireless network is safe; a neighbor or someone in a car across the street could be monitoring your data, looking for passwords. (I discuss wireless security in Use Wireless Networks Safely.) A second pass: Besides the password that protects the wireless network, AirPort base stations and other wireless gateways have a second password that protects access to the configuration options of the gateway itself—using Apple’s AirPort Admin utility, a third-party tool, or a Web-based interface. This administrative password is also quite important; someone who guesses it could change (or eliminate) the wireless network password and thereby gain access to the whole network. Learn more about these passwords in Take Control of Your Wi-Fi Security by Glenn Fleishman and Adam Engst. In general, you should follow the same procedure for creating a wireless network password that you would for any other security password (see Create Security Passwords). Bear in mind that since you may need to share this password with others in your household or office who use the same gateway, it should be different from your other security passwords and shouldn’t follow a pattern that might lead someone to guess your other passwords.

FILE SHARING PASSWORD In an office environment where you must connect to a stand-alone file server, your network administrator will supply the password. But if you’re using Personal File Sharing to share files between computers in your home or office, each user must have a password to access an account on each shared computer. (In general, this means setting up a user account for each user on each computer.) Tip: To learn more about sharing files, read Glenn Fleishman’s book Take Control of Sharing Files in Snow Leopard.

If your computers have equal physical security, if your network is wired rather than wireless, and if you’ve followed my other tips to keep your login passwords safe, then these extra login passwords need not be particularly secure; you have several other layers of security already in place. However, if you have a wireless network, if one or more of 57

your computers is publicly accessible, or if you haven’t protected your login passwords on all machines, opt for a higher-security password.

KEYCHAINS Since the days of Mac OS 9, Apple has provided a system-wide repository for each user that stores all of that person’s user names and the passwords associated with them; this repository is called a keychain. The idea is that instead of having to remember (and manually enter) dozens or hundreds of user names and passwords individually, you let the keychain remember (and enter) them for you. The keychain itself is encrypted and protected by a password. By entering just that one password, you unlock all the passwords inside the keychain; the system then hands them to applications, network servers, or other resources as necessary. Not all applications that use passwords are designed to support the keychain, but most do. All chained up: Although I use the word keychain in the singular (as does Mac OS X in most cases), you can have more than one keychain. I discuss the variety of keychains, and issues involving the use of multiple keychains, in the next chapter, Use Keychain Access. Whenever someone creates a user account, Mac OS X creates a keychain named “login” for that account. (In some earlier versions of Mac OS X, this keychain was given a name matching the user’s short name—for example, johnsmith. If you had such a keychain in the past and either updated Mac OS X or copied your user data from one machine to another, your current keychain may still have that name.) Normally, this is your default keychain, and the only one you’ll interact with regularly. Here’s an example of how a keychain can work: Suppose you have two Macs networked together, and one of them has File Sharing turned on. When you go to the other Mac, the first Mac appears in the Finder’s sidebar under “Shared.” You select its icon and click Connect. An authentication dialog (Figure 3) appears.

58

Figure 3: When you check Remember This Password in My Keychain and click Connect, Mac OS X adds the user name and password to your default keychain.

After selecting Registered User and entering a valid user name and password for the computer to which you’re connecting, you check Remember This Password in My Keychain and click Connect. Behind the scenes, Mac OS X makes a new keychain entry containing the address of the Mac you’re connecting to and the user name and password you need to connect to that Mac. Assuming your keychain is unlocked, the next time the authentication dialog appears for this server, it’s already filled in; you need only click Connect. (Had you not checked Remember This Password in My Keychain earlier, you would have been presented with blank Name and Password fields to fill in manually.) By default, your keychain password is the same as your login password. Upon login, if your keychain is named “login” (or has the same name as your user name) and your login password is the same as your keychain password, your keychain is unlocked automatically. Of course, by default, Mac OS X also logs you in automatically when you turn on your computer. In other words, unless you change those default settings, your keychain is unlocked every time you turn on your computer—not a terribly secure situation! Therefore, unless you use your computer only in a setting where other people can’t physically access it, I recommend changing your keychain password so that it’s 59

different from your login password (see Use Keychain Access) and turning off automatic login (see Use Your Login Password). Note: Your keychain interacts with most parts of Mac OS X, but since you can’t access it until you’ve logged in, it can’t automatically fill in your login password or firmware password. You can enter those passwords in your keychain manually if you want to, simply to have a secure place to keep them.

Choose and Set a Keychain Password Because your keychain protects all your other passwords, your keychain password should be the strongest one you have—in other words, at least as strong as any other password in the keychain. If your keychain password is less secure than it should be, you can change it in either of two ways: • Change your login password (see Choose and Set a Login Password). If your keychain password is identical to your login password, changing your login password also changes your keychain password to match. • Change your keychain password independently (see Change Your Keychain Password).

Use Your Keychain Password Mac OS X adds user names and passwords to your default keychain every time you enter them when the Remember Password in Keychain checkbox is checked. You can also add them manually; see Add or Change Passwords. At login, Mac OS X tries to unlock your default keychain. If you’ve created other keychains and the default keychain is not “login” (or the one matching your user name), a prompt appears asking for the default keychain’s password. Even if your keychain unlocks automatically at login (because its password is the same as your login password), you can still lock or unlock it manually at any time, in either of the following ways: • If the Keychain menu appears in your menu bar, choose Lock Keychain “keychain-name” (or Lock All Keychains) from that menu 60

to lock it; choose Unlock Keychain “keychain-name” to unlock it. If this menu does not appear in your menu bar, you can add it; see Use the Keychain Menu. • Open Keychain Access (in /Applications/Utilities). If the Keychains list is not showing on the upper left in the window, click the Show Keychains button at the bottom left. Select your keychain in this list; then choose File > Lock Keychain “keychain-name”. You can also set a keychain to lock automatically after a given period of inactivity, when your computer goes to sleep, or both (see Change Keychain Settings). In either case, Mac OS X will prompt you to unlock the keychain the next time it’s required to access some resource. Most of your interaction with your keychain will involve locking or unlocking it, and agreeing (or not) to have various passwords stored there. However, you can do a great deal more with your keychain using the Keychain Access utility, which I cover next.

61

Use Keychain Access Keychain Access, a utility included with Mac OS X, enables you to add, delete, view, and modify keychains and their contents. That may sound simple, but Keychain Access is surprisingly complex. Because most of your interactions with keychains will be mediated by Mac OS X or another application, you may never need to use Keychain Access at all; if you do, your most frequent activity is likely to be looking up passwords you’ve forgotten. However, you can also use Keychain Access to do numerous other tasks, including these: • Add new passwords manually, or change existing passwords. • Adjust the degree of access that applications have to individual keychain items. • Change a keychain’s password. • Modify a keychain’s settings, such as MobileMe synchronization and automatic locking. • Add or delete an entire keychain. • Create and view secure notes (such as credit card information). • Repair damaged keychains. • Manage certificates, which verify the identity of a person, company, Web site, or other resource. In this chapter, I cover only the aspects of Keychain Access that you’re most likely to use in keeping track of your passwords. Tip: If you haven’t already done so, read Keychains, in the preceding chapter, for a description of what keychains are and how they work.

62

UNDERSTAND COMMON KEYCHAIN TYPES When you open Keychain Access, you may see one or more of the following keychains: • FileVaultMaster: If you’ve enabled a Master Password, it’s stored in the FileVaultMaster keychain. • login (or your-user-name): Each new user’s default keychain is named “login” (or it may be named the same as the user’s short name). You may have both a “login” keychain and a keychain with your short user name. • System: Every installation of Mac OS X includes a system-wide keychain by this name, used to hold certain passwords applicable to all users on the machine. Beat the System: Occasionally, the System keychain may not be updated correctly—for example, when the password for a wireless network changes. When this happens, you may be prompted to unlock the System keychain, but only Apple knows its password. If you encounter any trouble with your System keychain, the easiest solution is to delete it, which you can do without knowing its password; Mac OS X then recreates a fresh System keychain for you. See Use the Delete Keychain Command. • System Roots (known as X509Anchors under Tiger): This system-wide keychain holds certificates used to validate the identity of Web sites, companies, people, and other resources. • Microsoft_Entity_Certificates or Microsoft_ Intermediate_Certificates: If you use Microsoft Entourage, you may have a keychain by one of these names. For most users, this keychain remains empty. Microsoft doesn’t supply its password; if you encounter repeated prompts to enter the password, delete this keychain (see Use the Delete Keychain Command) and Entourage will recreate it the next time it runs. In addition, third-party software packages (such as Adobe AIR) may add their own keychains to this list.

63

VIEW YOUR PASSWORDS Over time, as you fill out forms on Web pages, connect to file servers and wireless networks, and use software that requires access to your keychain, you’ll accumulate many passwords. You may occasionally need to know a password (as opposed to having it entered for you), so Keychain Access lets you view your passwords (Figure 4).

Figure 4: The main Keychain Access window lists all your password items.

The passwords (along with certificates, secure notes, and other keychain items) appear in a list. As with most lists, you can click a column heading to sort by that heading; click a second time to reverse the sort order. If you’re unable to locate a certain password by name, you can use either or both of two shortcuts: • Click an item in the Category list on the left to show only items in that category. (Note that Passwords has three subcategories.) • Enter part of a domain name, user name, or application name in the Spotlight search field in the upper right of the window to look for matching items. (Spotlight can see the items’ names and account information, but not your passwords themselves.) Once you’ve located the item that you’re looking for, double-click it to open it in a new window (Figure 5). The Attributes pane in this window displays Name, Kind, Account, and Where fields for the item (the latter being the application or URL where it applies), and an optional Comments field. (These fields are all editable; see Add or Change Passwords, later.) 64

Figure 5: You can view the password, or enter or edit password item details, in the Attributes view.

To see the password associated with the item, check the Show Password checkbox. In the access confirmation dialog that appears (Figure 6), enter your keychain password and click either Always Allow (to prevent this dialog from appearing again for this particular item) or Allow (to display the password but require entry of your keychain password if this item is opened again in the future). If these options annoy or confuse you, see the sidebar Confirming Access, following the figure.

Figure 6: This weird and annoying access confirmation dialog helps keep your password items safe from intruders and wayward applications. 65

Confirming Access An access confirmation dialog appears any time an application requests access to an existing password in your keychain and the application is not already listed as one you’ve authorized to use that password. This applies not only to Web browsers and third-party utilities but also inside Keychain Access. Keychain Access asks you to enter your keychain password each time; other software may or may not require a password, depending on a given password item’s access control settings (shown in its Access Control view in Keychain Access). Either way, this dialog is notoriously frustrating and puzzling. Why should Keychain Access need my password again, since I already had to enter it to unlock my keychain? And why would I not want to grant myself permanent access to see or use the item? In a nutshell: Apple is trying to close every possible security hole. For example, perhaps I’ve unlocked my keychain and, without having turned on automatic keychain locking, walked away from my Mac. Now someone comes along and opens Keychain Access. Without having to enter my keychain password (again) to view each item, this person could access all my passwords! As for the Allow versus Always Allow choices in the access confirmation dialog, it comes down to how secure your Mac is. If you take good security precautions and are confident that no one will ever be able to view your keychain without your password, Always Allow is a perfectly good choice. It’s also the logical choice for Web browsers, email clients, and the like, which use your passwords frequently. However, if your computer is in a public (or insecure) location or if you simply want to be extra cautious, go with the safer Allow option. (Why Deny is there at all, I don’t know; if you have the password, I can’t figure out why you’d deny yourself access. Deny functions more as a Cancel button.)

Update alert: When you grant a program access to your keychain and then update that program, an alert may appear to confirm that you’re willing to give the new version access as well. The reason? If a program were modified without your knowledge (by a hacker or a virus, say), granting it keychain access could spell trouble. So if this alert appears and you haven’t updated the application, beware! 66

CHANGE ACCESS FOR A PASSWORD When you ask an application (such as a Web browser or email client) to add a password to your keychain, you grant access for that application to use that password item whenever your keychain is unlocked. (You don’t give that application the liberty to use other passwords.) If another application wants to use the same password item, you must explicitly grant it permission using the access confirmation dialog. If you click Always Allow, the application’s name is added to that password item’s Access Control list. To display the Access Control list, double-click a password item and click Access Control (Figure 7).

Figure 7: The Access Control view lets you set which applications can interact with this password item without asking for permission each time.

The programs listed are the ones that have full access to that password item. If you later change your mind and want to require a particular program to ask for a keychain password each time it uses that password item, select the item in the list and click the minus icon. (Although you can also add applications in this window, I recommend

67

against it. A more cautious approach is to grant access only when an application explicitly requests it.) This view has two other options you should be aware of: • If Confirm Before Allowing Access is selected (the default), each new application must ask your permission before accessing this password item. With Allow All Applications to Access This Item selected, no permission is required. I recommend always sticking with the Confirm option. • Ordinarily, when an application (other than Keychain Access) requests permission to use a password item, it presents an access confirmation dialog without a Password field. In other words, it’s assuming you’re aware that your keychain is unlocked, and it’s simply alerting you that an application is accessing your keychain. If you want the application to require your keychain password too, as extra security, check the Ask for Keychain Password checkbox. Save me: After making a change in the Access Control view, click the Save Changes button, enter your keychain password when prompted, and click Allow.

ADD OR CHANGE PASSWORDS If you like, you can manually add password items in Keychain Access: choose File > New Password Item, fill in the fields, and click Add. I recommend doing this only for passwords that can’t be added to your keychain automatically, such as a firmware password or your login password. To change a password, double-click that item, modify one or more fields, and click Save Changes. Enter your keychain password and click Allow. In general, avoid changing the Where and Account fields, since doing so may prevent the item from working correctly in Web forms.

68

Using Multiple Keychains Although Mac OS X uses several keychains, only one of them (your default keychain) is normally used to store new user names and passwords. An exception occurs when applications create their own keychains. In general, however, there are few benefits to creating multiple keychains for yourself, and working with more than one keychain is typically more annoying than helpful. If you have multiple keychains and want to combine them, you can drag items from one keychain to another to move them; to copy them instead, hold down Option while dragging. Be aware that you may have to enter your keychain password for each item you move, however. Once a keychain is empty, you can delete it, but make sure one of your remaining keychains is marked as the default (as indicated by a boldface name in the Keychains list); if not, select the desired keychain and choose Edit > Make Keychain “keychain-name” Default.

DELETE PASSWORDS If you’ve canceled an account or for some other reason no longer want your keychain to remember a password, you can delete the password. Simply select it and either press Delete or choose Edit > Delete. Confirm the deletion by clicking the Delete button. On Safari: Safari has its own interface for removing passwords: choose Safari > Preferences, click AutoFill, and then click the Edit button next to User Names and Passwords. Select an item in this list and click Remove to delete it. When you delete the item in Safari, it disappears from Keychain Access too. If you delete a password item in Keychain Access, however, the change doesn’t show in Safari’s AutoFill list until you quit and relaunch Safari. Another reason for deleting passwords is duplicates. For example, suppose you fill out a Web form with a user name and password and ask Safari to remember them in your keychain; then the Web site displays an error message and you realize you entered the wrong user name. You try again, and this time you succeed. Now your keychain has two separate entries, one for each user name you entered! If, while 69

scanning your keychain, you notice such duplicates, feel free to delete the wrong one (usually the one with the earlier modification date). On the other hand, having extra entries does no harm, because by default Mac OS X uses the most recent entry for any given URL.

CHANGE YOUR KEYCHAIN PASSWORD If you want to use a different password for your keychain than for login (or simply want to change it periodically on principle), you can do so easily. Select the keychain in Keychain Access and choose Edit > Change Password for Keychain “keychain-name”. Enter the current password, enter and verify a new password, and click the OK button. Note: If you’ve backed up your keychains (as I hope you have!), remember that those backup copies still use your old—and perhaps less secure—password. If you want to delete backup copies of your keychain in a way that they can’t be recovered, drag them to the Trash and then choose Finder > Secure Empty Trash. Then be sure to make another backup as soon as possible!

CHANGE KEYCHAIN SETTINGS Besides the password, you can change several other keychain-wide settings, by choosing Edit > Change Settings for Keychain “keychainname” to open the dialog shown in Figure 8.

Figure 8: In this dialog, you can adjust several keychain settings.

Your options are as follows: • Lock after __ minutes of inactivity: To keep your keychain unlocked the entire time you’re logged in (or until you lock it 70

manually), uncheck this box. To force the keychain to lock when your computer has been idle for a while, check the box and enter the desired number of minutes. • Lock when sleeping: Even though you may have used the Security preference pane to require your administrator password when the computer wakes from sleep, that doesn’t mean your keychain locks automatically when the computer goes to sleep (even if the passwords for both are the same). To lock your keychain when the computer sleeps, check this box. • MobileMe Sync: If you’re a MobileMe subscriber, you can use MobileMe to synchronize your keychain between computers. A message in the dialog tells you whether or not keychain sync is currently enabled; to change the setting, click the MobileMe Sync button to open the MobileMe pane of System Preferences, go to the Sync view, and make sure Keychains is selected. (If you’re using Leopard or Tiger, you’ll instead see a checkbox labeled Synchronize this Keychain Using .Mac in the dialog; check this box to turn on MobileMe keychain syncing.) The keychain containing your MobileMe user name and password must be unlocked before any keychain can synchronize with MobileMe. Note: Although I’ve successfully synced keychains between Macs for years, I’ve heard of some people having problems when syncing keychains containing certificates that are specific to a particular computer (such as the ones used for encrypted iChat and MobileMe). Apparently in some situations, syncing keychains can result in the wrong certificate being used on a given computer, resulting in failed encryption. I’m unsure what circumstances give rise to this problem, but I wanted to mention it to provide a clue to troubleshooting in the unlikely event that you experience certificate-related error messages.

CHANGE THE DEFAULT KEYCHAIN The default keychain is the one in which Mac OS X stores new user names and passwords when you check a Remember Password in Keychain checkbox. In addition, this keychain opens immediately after you log in, prompting you for your keychain password if the keychain 71

name is not the same as your user name. In the Keychains list in Keychain Access, the default keychain is shown in boldface. Unless you have a special reason for choosing otherwise, your default keychain should be the one that matches your user name. If that’s not the case and you want to fix it, select your keychain and choose File > Make Keychain “keychain-name” Default.

ADD OR DELETE A KEYCHAIN To add a new keychain, choose File > New Keychain, enter a name for the keychain, and click Create. Then enter and verify a password and click OK. Deleting a keychain is less straightforward, because Keychain Access provides an obvious and a nonobvious way to do this, each with different effects—and the nonobvious way is what Apple recommends!

Use the Delete Keychain Command If you want to delete a keychain, the obvious strategy would be to select that keychain and choose File > Delete Keychain “keychainname”. When you do that, a mysterious dialog appears (Figure 9), asking whether you want to delete just the references or both the references and related files. Huh? What are references and files?

Figure 9: I just tried to delete a keychain. What’s all this “file” and “reference” stuff? In most cases, you probably want to delete both.

In this context, only one reference (or one reference and one file, if you click Delete References & Files) would be deleted, in spite of the plural used in the button labels. Here’s what they are: • The file is the actual keychain file on the disk. These files are stored in /Library/Keychains (for system-wide keychains) or ~/Library/ Keychains (for user-specific ones). 72

• The reference is an entry in an internal list that Keychain Access maintains. This list determines which keychains appear in Keychain Access (and which, therefore, are accessible for storing passwords). But, crucially, you can remove a keychain from Keychain Access’s list without deleting it from your disk. The usual reason for doing this is that you’ve forgotten a keychain’s password but hope to recall it later; you keep the file around just in case, but meanwhile you remove it from Keychain Access since it’s not currently usable. So, if you’re sure you’ll never remember the password (or simply don’t want the keychain anymore), click Delete References & Files; otherwise, click Delete References. However, that’s not the end of the story. In some circumstances, if you delete a keychain—particularly one created by Mac OS X, such as “login” or “System”—the keychain still appears in the list (albeit with a blank icon) even if you click Delete References & Files. That is, in some cases, Keychain Access deletes the file but fails to delete the reference. If this happens to you, you must use the Keychain List (as described next) to delete the reference.

Use the Keychain List Even though you might see a list of keychains in the main window of Keychain Access, the application maintains another keychain list, which serves another purpose. This special list shows all the keychain references the program is tracking, even though some of them could refer to files that no longer exist. If you use the Keychain List to delete a keychain, you can be certain that you’ll delete only the reference, not the file. On the other hand, you can also be sure that the reference will indeed be deleted, which it may not be from the main window. To delete a keychain using the Keychain List: 1. Choose Edit > Keychain List to open the Keychain List (Figure 10).

73

Figure 10: You’ll see this list after you choose Edit > Keychain List, letting you add or delete keychain references.

2. Select the keychain you want to delete. 3. Click the minus

button.

The keychain disappears from both the Keychain List and the main Keychain Access window. If you later want to add a previously deleted keychain, do this: 1. Choose Edit > Keychain List. 2. Click the plus

button.

3. Navigate to the keychain file on your disk. Select it and click Open. The newly added keychain file appears in both the Keychain List and the main Keychain Access window.

ADD NOTES TO A KEYCHAIN Your keychain is mainly for storing user names and passwords, but you can use it to store any sort of data securely—for example, serial numbers or bank account numbers. Apple refers to any such free-form, secure data as a note. In my opinion, Keychain Access is less convenient and flexible in this regard than most third-party password managers (see Use Third-Party Password Tools), but if you have modest needs, it may be adequate.

74

To add a secure note: 1. Choose File > New Secure Note Item. 2. Enter a name for the note and the note itself. 3. Click Add. To view a secure note: 1. Locate the note in the list. (To make this easier, you can click the Secure Notes icon in the Category list on the left to display only notes—or enter part of the note’s name in the Spotlight search field to find matching items.) 2. Double-click the note to open a note window. 3. Check the Show Note checkbox (Figure 11). The standard access confirmation dialog appears; enter your keychain password and click Allow or Always Allow to display the note.

Figure 11: You can store free-form notes of any kind in a secure note.

75

REPAIR DAMAGED KEYCHAINS Keychain Access has a feature called Keychain First Aid (once a separate application) that can repair corrupted or damaged keychains. A damaged keychain can result in a variety of symptoms, such as a failure to connect to a wireless network, a server, or the MobileMe service, even though the passwords are stored in your keychain and you’ve connected successfully in the past. If you suspect a keychain problem, using Keychain First Aid is a good first troubleshooting step: 1. Choose Keychain Access > Keychain First Aid (Figure 12).

Figure 12: Keychain First Aid, built into Keychain Access, lets you repair keychain problems with a couple of clicks.

2. Enter your keychain password in the Password field. 3. Select the Repair radio button. 4. Click Start. Keychain First Aid scans, and attempts to repair, all your keychains. The bottom part of the window displays the log (a series of messages about the repair process), noting any errors that were resolved—but most errors cause no problems for users, so don’t worry about them. 76

In addition to this general-purpose repair, Keychain First Aid can make several other modifications to your keychains. You can select any or all of these by choosing Keychain Access > Preferences and clicking First Aid. The options for modifying keychains are as follows: • Synchronize login keychain password: If this box is checked, running Keychain First Aid prompts you for your current password and then changes the password of the “login” keychain (or the keychain matching your user name; likewise where I refer to the “login” keychain below) to be the same as your login password. Using different passwords for your keychain and login is safer; if your Mac is accessible by others, I suggest unchecking this box. • Set login keychain as default: With this box checked, when you run Keychain First Aid, if the “login” keychain isn’t already the default, it becomes the default. I suggest keeping this box checked. • Change login keychain settings: When this box is checked and you run Keychain First Aid, the Lock After __ Minutes of Inactivity and Lock When Sleeping checkboxes for the “login” keychain will be cleared (read Change Keychain Settings). If you prefer to have your keychain lock itself for extra security, this box should be checked.

SOLVE THE “LOGIN” KEYCHAIN PROMPT PROBLEM Resetting the original administrator password using the Mac OS X Install disc (see Reset an Administrator Password) does not change the password for that user’s default keychain. As a result, Mac OS X prompts you to unlock the “login” keychain (using your new password) every time authentication is required. As long as you know the “login” keychain password, this isn’t necessarily a problem—in fact, it’s more secure if your default keychain has a different password from your user account.

77

However, if you prefer to have the passwords match so that you don’t encounter the prompts, follow these steps: 1. Open Keychain Access (in /Applications/Utilities). 2. If the Keychains list is not showing on the upper left in the window, click the Show Keychains button at the bottom. 3. In the list, locate the “login” keychain. Your next step depends on whether you know the password for this keychain: • If it’s already unlocked, its password is the same as your login password; follow Steps 4–6. • If it’s locked, click the lock icon to the left of the keychain name to unlock it; if you’re successful, proceed with Steps 4–6, otherwise follow Steps 7–10. If you know your “login” keychain’s password: 4. Select the “login” keychain in the list. 5. Choose Edit > Change Password for Keychain “login”. 6. Enter the current password, enter and verify your login password, and click OK. If you do not know your old keychain’s password: 7. Select your old keychain in the list and choose File > Delete Keychain “login”. Click the Delete References & Files button. 8. The old keychain will still appear in the list, but without its icon. To remove this phantom entry, choose Edit > Keychain List. Select the old keychain in this list and click the button. 9. Choose File > New Keychain, name it “login”, and click Create. Enter and verify your login password, and click OK. 10. Select the “login” keychain and choose File > Make Keychain “login” Default. Your new “login” keychain is ready for use.

78

USE THE KEYCHAIN MENU Keychain Access contains one last option I want to tell you about: the Keychain menu. With this menu enabled, you see a lock icon in your menu bar. Clicking this icon displays a menu (Figure 13) that lets you lock or unlock keychains quickly, among other tasks. To enable the Keychain menu, choose Keychain Access > Preferences, click General, and check the Show Status in Menu Bar checkbox.

Figure 13: The Keychain menu gives you a quick, system-wide way to lock and unlock keychains.

79

Use Passwords on the Web If your experience is anything like mine, the vast majority of the passwords you have to create and remember involve Web sites in some way. I’ve had to create passwords for discussion forums, technical support sites, newsletters, social bookmarking sites, photo-sharing sites, and many others. (Most of these are used purely for identification, but a few—such as passwords for eBay and PayPal—involve money and thus require greater security.) In all these, the common thread is that the site must keep track of some information about me while enabling me to change that information. For example, suppose I’ve signed up to receive the weekly TidBITS newsletter. To send me the newsletter, TidBITS needs my email address, but my address could change. So I have a TidBITS user name and password with which I can log in to a Web page to change my address (among other tasks). From reading Learn Password Basics and Generate Good Passwords you already know most of what you need to know to come up with passwords for any purpose, but Web sites introduce some additional complexity. For example, there’s the matter of needing to supply user names—what should you pick? And what about those verification questions that enable you to reset a lost password—are they a godsend or a security risk? There’s also the surprisingly complex question of whether, or how, to have your browser or another utility fill in user names and passwords for you. (You can even, in certain cases, get around the need to have any password at all.)

80

Secure Passwords on Insecure Pages Web sites that ask for user names and passwords often use SSL/ TLS to encrypt the information traveling between your browser and the site, as signified by a URL beginning with https:// and a lock icon in your browser window. However, some poorly designed Web sites don’t use encryption on the page that requests your password—meaning that your password is sent in the clear, even though the information on succeeding pages is encrypted. If you must access such sites, you can protect your password using a VPN (see Use a VPN).

CHOOSE GOOD USER NAMES I can’t tell you how many hundreds of times some Web site or other Internet service has asked me for a user name—a special “handle” by which I’ll be known to that system. If you’re playing a game or trying to hide behind an imaginary Internet persona, I suppose having an identity like BabelFish42 or StudlyWarrior can be fun, and I recognize that a parent, teacher, politician, or celebrity may want to participate anonymously (or pseudonymously) on a Web site. But usually I have no need or desire to disguise my identity. I already have a perfectly good name, and I get irritated when my real name is somehow insufficient to serve as a user name—which is most of the time. The most common issue I encounter involves the space character. When selecting a user name, I used to try Joe Kissell first, but most of the time that resulted in an error message saying that user names can’t contain spaces. Increasingly, Web sites automatically use your email address as a user name, or at least permit you to do so; however, sometimes I’ve had [email protected] rejected on the grounds that user names can contain only letters. In such cases I generally resort to joekissell, which usually works (there apparently being only a few other people with that exact name). But occasionally a site says that ten characters is too long for a user name, forcing me to go with jwkissell or jkissell.

81

Having one user name that works for all sites would be ideal, but, frustratingly, no combination of characters I’ve found has been suitable for every single site and service. More frustratingly, some sites are set up such that you can change any piece of information about yourself except your user name. So, in cases where my user name is my email address, I may be out of luck if my address changes. Taking all this into account, allow me to offer some advice about choosing good user names: • Pick a user name that’s highly likely to be unique. Your email address qualifies nicely; however, you may want to avoid using it as a user name in these situations (though, unfortunately, you may not be able to tell all these things in advance): ◊

If it will be displayed publicly and you want to protect your privacy



If a system prevents you from changing your user name after the fact



If you change email addresses from time to time

• Most people can make reasonable user names by combining their first, middle, and last names or initials. As in my example earlier, you might concatenate your first and last names (joekissell), first initial plus last name (jkissell), or two initials plus last name (jwkissell). Or try your first name and last initial (josephk). Which one you choose depends on your taste and the likelihood that it will be unique (too bad if your name is John Smith!). • Once you’ve selected a good user name, use it in as many places as possible. Unlike passwords, user names need not be unique, and trying to make them so is unnecessary work. • Have one or two backup user names in mind in case the first one you try is unavailable or disallowed for some reason.

82

Verification Questions Some Web sites, particularly those that deal with money, require you to supply—in addition to a user name and password—the answers to one or more verification questions. Sometimes you get to choose which of several questions to answer (“What was your first pet’s name?” “In what city were you born?” “What is your mother’s maiden name?”); other times you’re asked to type in your own question and its answer. On occasion I’ve had to choose and answer as many as three verification questions. These questions are designed to help you prove your identity if you lose or forget your password. The supposition is that only you know the answers to these questions, so if you claim to have lost your password and answer the questions correctly, your password will be revealed (or reset so that you can choose a new one). The problem with verification questions is that most of them are too obvious. Your mother’s maiden name and the town you grew up in are not secrets. They’re matters of public record, fairly easily discoverable if someone is willing to do the research. If you maintain a blog, you might have mentioned things like your first pet’s name at some point, making that information public too. Armed with such facts, someone could steal your password. If you can choose among several questions, choose those whose answers are least obvious. If you can choose your own question, make it as obscure as possible (something like “What was the middle name of my best friend in junior high school?”).

FILL OUT FORMS AUTOMATICALLY Every major Mac Web browser (as well as Safari on iOS devices) can fill out forms automatically—often called AutoFill. This typically includes not just your user name and password but also other information, such as your name, email address, street address, and phone number. The details of how this works vary from one browser to the next. Some people consider AutoFill the greatest thing since sliced bread, because it saves time and effort while reducing errors. Others feel AutoFill is dangerous, because it’s easy to enter passwords and other 83

personal information accidentally. The browser itself may not be secured against unauthorized use (allowing someone else to use your passwords when you’re not around), and a site with malicious code might trick your browser into revealing a password it shouldn’t. Despite these concerns, I count myself among the fans of AutoFill (especially for passwords), if used judiciously.

Safari Safari has a particularly good AutoFill feature, which makes use of the keychain for usernames and passwords, Address Book for contact information, and a private cache for other form data. To activate AutoFill: 1. Choose Safari > Preferences. 2. Click AutoFill. 3. To use the information in your Address Book card to fill in contact information, check Using Info from My Address Book Card. To store (and retrieve) user names and passwords using your default keychain, check User Names and Passwords. To use Safari’s cache for filling in form data of other sorts, check Other Forms. Once you’ve turned on AutoFill, Safari begins collecting information as you visit Web sites and fill out forms. For example, the next time you enter your user name and password at a site, Safari displays the dialog shown in Figure 14.

Figure 14: When you enter a new user name and password on a Web form in Safari, this alert asks if they should be stored in your default keychain.

To save the information you’ve just entered in your keychain, click Yes. If you don’t want to save the information now but think you might want to later, click Not Now. If you never want to store the information 84

for this site and don’t want to be prompted to do so again, click Never for This Website. Regardless of what you click, Safari then uses the information you provided to log in to the site. If you choose to store the information, the next time you visit that page Safari automatically fills in your user name and password as soon as the page loads. As for the other form data (such as contact information), you can fill it in automatically in either of two ways: • Choose Edit > AutoFill Form (or press Command-Shift-A). Safari fills in as many fields as it can. • Begin typing in any of the fields (such as Name). Safari attempts to fill in the rest of that field with matching data from your Address Book card or Safari’s cache. If you then press Tab to move to other fields, Safari fills in all of them too. Warning! Depending on the way a given form is designed, Safari might not be able to fill in some of the fields, or might put the wrong information in some of them. Be sure to check all the values before submitting the form! If you later want to remove any of the stored passwords, you can delete them either within Safari (click the Edit button beside User Names and Passwords, select an entry, and click Remove) or by using Keychain Access (consult Use Keychain Access). To remove other stored form data, follow the same procedure, except click the Edit button next to Other Forms. Tip: Safari’s AutoFill feature is good, but it’s not without limitations. For example, it can’t access fields in certain forms (such as those on many bank Web sites), it has trouble when you have more than one account per site, and it can’t share its form data with certain other browsers (such as Firefox). A utility called 1Password can solve these problems and more.

85

Other Browsers Safari isn’t the only game in town. Many people prefer other browsers, such as Firefox, Camino, and OmniWeb. Here’s what several thirdparty browsers offer in terms of AutoFill: • Camino: Camino saves user names and passwords in the keychain (much like Safari). It can also fill in arbitrary forms with information from your Address Book card, but it can’t fill in other random form fields. • Chrome: Google’s much-hyped browser also uses the keychain to store passwords. It can fill in not only information from your own Address Book card but also other addresses, and even credit card information, that you enter yourself. • Firefox: Firefox stores passwords and form data in its own private database. It automatically fills in forms, but only if you’ve already filled out that particular form yourself previously; unlike Safari, it can’t fill in contact information on arbitrary forms. • Flock: Flock’s AutoFill capabilities are the same as Firefox’s. • iCab: Like Safari, Camino, and Chrome, iCab can store user names and passwords in your keychain. (You can also opt to store them separately.) It can fill in other forms, too, but only after you’ve manually entered form data in its Forms Manager window. • OmniWeb: OmniWeb’s AutoFill feature is in some respects even better than Safari’s. It uses the keychain and Address Book, but it enables you to edit contact information right in the browser. It also has an Autocomplete feature that can remember and rapidly fill in up to 5000 different pieces of information on nearly any form. • Opera: Opera includes a feature called Wand that can fill in user names, passwords, and a limited set of contact information. All the information is stored in a proprietary database. Note: When I say credentials in this book, I’m referring to the combination of a user name and password—everything you need to identify yourself to a computer system.

86

Skip Registration with BugMeNot Web sites require you to log in with a user name and passwords for a variety of reasons. In some cases, as I’ve mentioned, they have a legitimate need to track information about you; however, in other cases they ask you to register only so that they can add you to a mailing list or collect demographic data. When the information you can access by registering is free, and when you derive no benefit from being uniquely identified, the requirement to enter a user name and password is annoying. Happily, you can in many cases circumvent the need to register, by using a free service called BugMeNot (http://www.bugmenot.com/). It works like this: You go to the BugMeNot Web site and drag a special link, called a bookmarklet, to your browser’s bookmarks bar or add it to your Bookmarks menu. Then, when you visit a site that asks for a user name and password, you click the BugMeNot link (or choose it from your Bookmarks menu). A window pops up listing user name–password combinations for that site that other people have set up (sometimes using fake or disposable email addresses); try one of these until you get access to the site. If you use Firefox, you can even install an extension that gives you access to the user names and passwords with a right-click (or Control-click), making the process even easier. Not all sites work with BugMeNot, and sometimes none of the user name–password combinations provided is valid. But if you’re concerned about your privacy or simply want to avoid creating unnecessary passwords, it’s a great tool to have available.

87

Use Third-Party Password Tools What’s not to like about your keychain? It’s nicely integrated with Mac OS X and with most applications that use passwords, it protects data with strong encryption, Apple includes a capable management tool (Keychain Access), and you can use all this without purchasing any additional software. For all its virtues, Apple’s keychain system has some limitations, and numerous third-party utilities have emerged to address them. Among the limitations are the following: • Not all applications support the keychain (Firefox and Thunderbird, for example, rely instead on their own keychains). This means you may have to store duplicate user name and password information in multiple places. • Some Web sites, including many banking sites, have forms designed to thwart browsers’ autofill mechanisms. They do this to provide an extra layer of protection against password misuse, but at the cost of your convenience. • Apple lets you synchronize your keychains with a MobileMe account, but not view the keychain’s content online or using a Windows computer, an iOS device, or another mobile device. • Password Assistant, Apple’s tool for suggesting new passwords, isn’t as flexible or convenient as it could be. Dozens of password utilities exist for Mac OS X; I’d like to call to your attention the ones I consider most useful.

1PASSWORD Let me get right to the point: 1Password (http://1password.com/) is the best, most capable, and most flexible password utility on the Mac by far. It includes an excellent password generator, stores and manages 88

all your passwords efficiently, is directly accessible from a wide range of Web browsers, and even has outstanding companion apps for the iPhone, iPod touch, and iPad. (A Windows version is available, too, but it’s still in beta testing at publication time.) Although I describe other options later on, I can’t recommend them with much enthusiasm. Unless you need some obscure capability that 1Password lacks or can’t afford the $39.95 cost (or $69.95 for a five-user family pack—and you can save 20% with the 1Password Coupon at the back of this book), you truly need not consider any alternatives. So what’s the big deal about this program? What makes it different from all the other programs that can create, store, and fill in passwords? Well, at the risk of turning this discussion into an advertisement, let me list the unique features I appreciate most: • Extensive browser support: Safari, iCab, and OmniWeb can store passwords in your keychain, and other browsers use proprietary databases that they don’t share with any other applications. But 1Password ties into nearly every popular browser (and a few that aren’t so popular): Safari, Camino, Chrome, Firefox, OmniWeb, DEVONagent, NetNewsWire, WebKit, Fluid, and iCab. That means just one central set of passwords can be used in all your browsers. • True browser integration: Some other password managers can send your credentials, in a rather clunky and unreliable fashion, to a Web browser, but 1Password extends your browsers by adding a menu and/or keyboard shortcuts. That means 1Password need not be running in order to be used; I simply go to any Web page I want to visit as I normally would, and when the need for a password arises, I have commands at my fingertips to produce it. This is a vastly simpler approach than what other password managers offer. (However, see the sidebar Should You Trust a Password Manager? a bit later in this section for some qualifications.) • Create, store, and fill with two clicks: When you get to a page that asks you to create a password, you can use 1Password’s excellent password generator to produce a random password of any desired length and complexity. But what’s more impressive is that you can create the password, fill it in on the page (even on pages that require a second copy of your password, for verification), and store it (along with your user name 89

and any other form data) in 1Password’s database for future use— all with exactly two clicks. One: choose Strong Password Generator from 1Password’s integrated menu. Two (assuming you don’t want to change any settings from the last use): click Fill—or press Return, making it one click! It doesn’t get any easier than that. Later, to log back in to a page for which you’ve stored your credentials in 1Password, you can press a user-definable key combination to fill them in and click the OK button (or Log In or other default button). • Multiple sets of credentials: Sometimes you need to store more than one user name–password set for a given domain, and in such cases, Safari offers no way to choose between sets of credentials. But in 1Password, it’s easy. • Credit card information: Securely store the account information for any or all of your credit cards, and use any of them to fill in an online order form with just one click. And those are only a few of the highlights. 1Password has a long list of other features—secure note storage, password strength indicators, automatic integrated backup, and wireless iOS device synchronization, to name a few. It truly has everything you need in a password utility. 1Password is easy to use. It would take many more pages than I can devote here to do justice to all its features, but I do want to highlight two capabilities that I think are particularly important and relevant to readers of this book.

iOS Device Support If you own an iPhone, iPod touch, or iPad—and especially if you subscribe to my technology-reliant password management strategy (see Strategy A: Rely (Mostly) on Technology)—you’ll want to synchronize your 1Password data with your mobile device to keep the data with you at all times. 1Password has three iOS versions: • 1Password for iPhone ($9.99) • 1Password for iPad ($9.99) • 1Password Pro ($14.99)

90

All three offer the same basic features, including strong encryption, onthe-go generation of new passwords, easy Wi-Fi syncing with your Mac or via Dropbox (https://www.dropbox.com/), and integration with Safari by way of a special JavaScript bookmarklet. The Pro version is a universal app that features both iPhone/iPod touch and iPad user interfaces, so you can save money if you have both types of device.

1Password Anywhere Whether or not you carry a device in your pocket that can run a version of 1Password, you may want to take advantage of a feature called 1Password Anywhere, which automatically saves all your credentials as a secure Web page. By “secure Web page” I mean a single HTML page containing all your data in a safely encrypted form, plus the necessary JavaScript code to decrypt it when you supply your password. This page is stored automatically in your 1Password keychain (a special folder that ordinarily looks like a file, but which you can open to display its contents). That means you can store your 1Password data in a portable format, accessible from nearly any computer with a Web browser. You don’t have to do anything special to create this Web page; you need only be sure you have mobile access to your 1Password keychain. You might, for example, choose your Dropbox as the storage location for your 1Password keychain file, or put a copy of the file on your Web server or on a USB flash drive that you carry around with you. To find out where you’ve stored your 1Password keychain, open 1Password’s General preference pane. The path to the keychain is at the top of the pane. If you want to move the keychain to, say, your Dropbox folder, click the Move button below the path. Then, to access your secure data, do the following: 1. On a Mac, right-click (Control-click) the 1Password.agilekeychain icon and choose Show Package Contents. (On any other platform, 1Password.agilekeychain appears as a folder already.) 2. Open the file 1Password.html. For example, double-click it to open it in your default Web browser. 3. Enter your 1Password master password and click Unlock to view your data. Click the lock icon in the upper-right corner of the window to relock it, or simply close the tab or window containing your 1Password data when you’re done. 91

Should You Trust a Password Manager? Having sung the praises of password managers generally (and 1Password in particular), I want to address a concern that more than one Mac expert has raised: is it wise to become dependent on a program to manage and fill in passwords for you, when the developer could go out of business or some future Apple software update could break that capability—or when you might get stuck without the software? My answer to the not-getting-stuck part is to use features such as iOS device syncing and secure Web pages to make your data available when you’re away from your computer—and perhaps to keep a cheat sheet of a few key passwords, too (as I describe in Choose a Password Strategy, earlier). As for a developer going out of business, that’s always a possibility, of course, much as we all hate to see it happen. However, as long as the program lets you export data in some standard format (as 1Password does—in fact, it offers a few options, including the Apple keychain format!), you can switch to another program readily. So that’s not a worry either. Some password managers have used unsanctioned methods to tie into browsers. For example, 1Password once used a technology called input managers to provide automated password entry in Safari. Although it worked well, Apple disabled this capability for 64-bit applications in Snow Leopard out of concerns for security and stability. But Agile Web Solutions, 1Password’s developer, simply adjusted to a more modern, officially supported technology called scripting additions to provide the same features. Even in the unlikely event that integration were to become impossible in the future, a 1Password user could switch to another browser or to Safari’s built-in keychain support, or even to copy and paste without tremendous grief. Bottom line: There’s no good reason not to trust a program like 1Password. It doesn’t hold your passwords hostage or limit you; it only offers a convenience—and one that’s highly likely to survive over time.

92

OTHER PASSWORD GENERATORS If 1Password isn’t to your liking, you still have numerous choices when it comes to programs that can create passwords for you: Shared features: All the following utilities are free, and they all let you set a password’s length and which types of characters it uses. • Arcana: Arcana generates random passwords made up of dictionary words, numbers, and punctuation, according to a pattern you specify. For example, if you enter the pattern 4,p,5,n Arcana generates a password consisting of a four-letter word (4) followed by a punctuation character (p), a five-letter word (5), and a number (n). A given pattern can result in any number of random passwords. http://www.tekuris.com/products/arcana • Make-a-Pass: This password generator comes as a Dashboard widget, saving you the bother of launching a separate application. http://andrew.hedges.name/widgets/ • Mnemosyne: If you’re afraid of forgetting a password, Mnemosyne can help by producing a password that’s not strictly random, but rather a random-looking hash: a string derived using a calculation involving your user name and an easy-to-remember phrase. If you later enter the same user name, phrase, length, and character types, Mnemosyne can recreate your password. Mnemosyne is also available as an iPhone app—free with ads, or $0.99 without. http://software.dibomedia.de/products/show/3 • Password Assistant: If you like Apple’s Password Assistant but you find it cumbersome to use outside of Keychain Access (or a few other applications), codepoetry’s Password Assistant is for you. This tiny tool lets you launch Apple’s Password Assistant as a standalone application. This is my favorite password generator. http://www.codepoetry.net/products/passwordassistant • RPG (Random Password Generator): RPG is a mostly unexceptional password generator, but it includes an option to specify any set of characters that must be included in or excluded from your passwords. You can also create your own set of password parameters, called schemas, for different uses. http://www3.autistici.org/rpg/ 93

Tip: If you’re looking for something even more powerful, many of the other password managers described just ahead also include built-in password generators.

OTHER PASSWORD MANAGERS Although I’m especially fond of 1Password for Web forms, and of Mac OS X’s built-in Keychain mechanism (see Use Keychain Access) for passwords used elsewhere in Mac OS X, many other programs exist for storing passwords, serial numbers, financial information, and other sensitive data in a heavily encrypted database that can be opened with a single password. When compared to Keychain Access, third-party password managers typically offer features such as stronger encryption, a greater variety of fields for each record, versions for both Mac OS X and Windows, and syncing with handheld devices. Merely storing passwords isn’t enough, though. You must be able to use them when you need them. Having to open a password manager, find a password, copy it, switch to your browser, and paste it—a procedure some managers require—is too much effort. Slightly higher on the usability scale are password managers that let you click a button to launch a URL and even, in some cases, type or paste your credentials on the resulting Web page. (Even that’s too cumbersome, in my opinion, because it forces you to switch between programs constantly.) Although none of the tools in this section has the degree of integration or usability of 1Password, each has a redeeming feature that makes it worthy of mention—for example, syncing with handheld devices or Windows software, or accessibility in some unusual manner. I’ve divided this topic into three categories: • Desktop Password Managers are stand-alone Mac OS X programs (which may, in turn, sync with other applications or devices). • Portable Password Managers are applications designed to be stored on, and run directly from, a USB flash drive (perhaps even on multiple operating systems).

94

• Web-Based Password Managers keep all your password information on a Web server, making them accessible from almost anywhere. (For more about how to make sure your passwords are available when and where you need them, read Strategy A: Rely (Mostly) on Technology, earlier.)

Desktop Password Managers Mac OS X password managers with potentially useful features include: • Data Guardian: Available for Mac OS X, Windows, and iPhone or iPod touch (but not as a native iPad app), Data Guardian uses heavy-duty 448-bit Blowfish encryption. It has a template-based password generator: you specify a pattern of letters, numbers, and special characters and create passwords that fit the pattern. An Export feature copies selected records to your keychain so that Safari (but not most other browsers) can use them to autofill. This is a one-way copy from Data Guardian to your keychain; if you change the keychain and resync, your new keychain values are overwritten. Data Guardian can also send credentials to FTP programs and other Internet clients in certain scenarios. http://www.koingosw.com/products/dataguardian.php (Mac or Windows version, $19.95; iPhone version, free) • info.xhead: This all-purpose snippet keeper holds notes, bank account information, passwords, and any other text-based data you care to throw at it—all protected with 448-bit Blowfish encryption. It can also, with one click, open a URL in Safari, enter your credentials, and submit a form. However, as with most other password managers in this section, it doesn’t give you direct access to your passwords from within your Web browser. http://www.xheadsoftware.com/info_xhead.asp (Single license, $25; Family Pack, $40) • Keeper: This tool stores passwords, notes, and other text, syncs to an iOS device, BlackBerry, or Android phone, imports and exports data in a variety of formats, and features a password generator and basic autofill capabilities. http://www.callpod.com/products/keeper_desktop (desktop version, $29.99 per year for two computers; mobile versions, free)

95

• LastPass: This unusual, hybrid password manager could be classified as a portable or Web-based manager. It comes in versions for almost every imaginable platform (including iOS) and can be accessed via a Web browser without any software. But I think that as a Mac user you get the best experience with the LastPass plugin for your favorite browser (Safari, Firefox, or Chrome), which makes it function more or less like a desktop manager. In much the same way as 1Password, LastPass can record passwords as you enter them in Web forms; it then encrypts them locally and stores them (still encrypted, naturally) on the LastPass servers, enabling the service to sync your passwords across devices and platforms. The next time you visit a site for which you’ve stored credentials, you can use a browser plugin to autofill them, or access them in numerous other ways. LastPass has oodles of features, including a password generator and secure notes, and it’s reasonably easy to use—although I find the user interface to be somewhat clunky, especially compared to 1Password. https://lastpass.com/ (free; some features and platforms, including iPhone, require $1-per-month Premium subscription) • Passpack: Passpack is a Web-based service for storing confidential information, but it also comes in a desktop version (based on Adobe AIR and compatible with Mac OS X, Windows, and Linux). http://www.passpack.com/ (free for up to 100 passwords; Pro version, which supports 1,000 passwords, costs $1.50 per month; other plans are also available) • Passwords Plus: This password manager from DataViz comes in Mac and Windows versions. It includes a basic password generator; however, its feature set is limited, and it doesn’t interact with your keychain or other applications directly. http://www.dataviz.com/products/passwordsplus/ ($29.99 for Windows or Mac version) • PasswordVault: Although designed mainly for storing passwords, PasswordVault can also securely store credit card numbers, notes, and other data, using bafflingly strong 896-bit encryption (which— take it from me—is utter overkill, and also rather pointless unless your encryption password is itself a paragraph long). It can automatically fill in your credentials on most Web pages and includes a 96

password generator. PasswordVault runs on Mac OS X, Windows, and Linux and is available as a cross-platform bundle called PasswordVault2Go, which can run directly from a USB flash drive. http://www.lavasoftware.com/ (Standard Edition, $29.95; Professional Edition, $89 for five-user pack) • PasswordWallet: Like several other password managers, PasswordWallet uses 448-bit Blowfish encryption, making it much more secure than your keychain. It comes in Mac OS X, iOS, and Android versions (among others) and offers easy syncing between platforms. Integration with Web browsers is unusual but functional: after selecting an item in PasswordWallet, you click an icon or use a keyboard shortcut to open its URL in your default browser, and then click in the user name field and press Option. The program “types” your user name in the field, tabs to the next field, and “types” your password there. PasswordWallet also has a templatebased password generator. http://www.selznick.com/products/passwordwallet/mac/ (Mac version, $20; iOS version, $4.99) • SplashID: SplashID is unique among password managers in that it comes in versions for nearly every major handheld operating system—not only for iPhone/iPod touch, iPad, and Windows Mobile, but also for Android, BlackBerry, Symbian UIQ, and Nokia’s Series 60, and you can sync between platforms relatively easily. SplashID uses solid, 256-bit Blowfish encryption, and it includes a password generator and an optional Safari plugin. http://www.splashdata.com/splashid/desktop/ (Mac or Windows version, $19.95; iPhone/iPod touch and iPad versions, $9.99 each; other platforms vary) • Web Confidential: One of the oldest password managers available for the Mac, Web Confidential also has a version for Windows. Your data is protected with 448-bit Blowfish encryption. With Web Confidential running in the background, you can access user names and passwords from a menu that appears in most Internet programs. Choose a Web site from this menu and it opens in your current browser; click a button in a floating window to enter your password (with or without a user name). Web Confidential can import items from your keychain, but only if you individually approve each item with your password (a constraint on Apple’s 97

side). You can store the master Web Confidential password in your keychain, though doing so reduces your Web Confidential security to the level of the keychain. Like most password managers, Web Confidential includes a password generator. http://www.web-confidential.com/ (Mac or Windows version, $20) • Yojimbo: Yojimbo is more of a general-purpose snippet keeper than a simple password manager. It stores everything from URLs, notes, and short text clippings to complete Web pages, PDF files, and other complex documents, making it more versatile than info.xhead. It includes explicit support for passwords, of course, and all passwords are automatically encrypted with Yojimbo’s strong AES-256 encryption. In addition, you can encrypt any other item in Yojimbo manually, making it ideal for storing sensitive information that wouldn’t fit in other password managers. Unfortunately, its interaction with your browsers and other applications is limited to copy and paste. http://www.barebones.com/products/yojimbo/ ($39)

Portable Password Managers A portable application is one that can be stored on, and run from, a USB flash drive (or other external storage device) without requiring any software to be installed on the host computer, and without storing any data on the host computer. In other words, it’s completely selfcontained. So, a portable password manager is a password manager designed to be used in this fashion, making it convenient to carry all your passwords around with you and use them on other computers. Many portable password managers run only on Windows computers, but at least a couple are not only portable but multi-platform: a single package contains software that runs on multiple operating systems plus all your password data. Here are three examples: • InfoWallet: InfoWallet can store your medical and insurance data, software serial numbers, and other private data—including passwords—but doesn’t include a password generator or an autofill feature. It runs on Mac OS X, Windows, or Linux. http://www.infowallet.com/ ($29.99)

98

• Password Dragon: This Java application can run on Mac OS X, Windows, and most flavors of Unix (including Linux). It includes a password generator and can store other kinds of textual information besides passwords, but it offers no auto-fill capability—you must use copy and paste to get your credentials into your browser. http://www.passworddragon.com/ (free) • PasswordVault2Go: This portable version of PasswordVault (described earlier) is a cross-platform bundle that runs on Mac OS X, Windows, and Linux and can be stored in a self-contained form on a USB flash drive. http://www.lavasoftware.com/ (Standard Edition, $29.95; Professional Edition, $89 for five-user pack)

Web-Based Password Managers Web-based password managers require no local software (or data storage); all the work of storing, editing, and delivering passwords happens on a Web server and is presented in a browser window. The nice thing about this approach is that your passwords are available wherever you have an Internet connection—regardless of what device, operating system, or browser you’re using—and you never need worry about losing a physical object containing your passwords, syncing data between devices, or finding incompatibilities due to software updates. On the negative side: • Although Web-based password managers are obviously integrated into your browser (in a trivial sense), they still require switching back and forth between pages to get to your passwords, which is much less convenient than what you get with your keychain in Safari, or with 1Password. Some do, however, offer automated URL launching and form filling similar to many of the desktop password managers described earlier. • These managers do you no good when you’re without an Internet connection, so they may not be ideal for storing, say, your firmware or login passwords (which you must enter before a Web browser can run).

99

The following are a few examples of Web-based password managers: • Clipperz: Clipperz is nominally a password manager, but it can function more like an all-purpose snippet keeper in much the same way as info.xhead or Yojimbo. All data is safely encrypted, and the site offers a “direct login” feature that takes you to the URL associated with a set of credentials, fills in a form, and submits it all with one click. You can also store an encrypted offline copy of your data in an HTML file much like the one 1Password uses. http://www.clipperz.com/ (free) • Just1Key: This password manager is competent but relatively bare bones. It stores credentials and text notes, and there are buttons to open URLs in your browser and to copy user names and passwords. But Just1Key has nothing resembling automatic form filling, and no import, export, or password generation capabilities. http://www.just1key.com/ ($2.49 per month) • Passpack: This service, which can securely store not only passwords but also other textual data, includes a password generator and password strength indicator. Like Clipperz, Passpack offers a one-click login feature to open a URL and fill in credentials automatically. A desktop version (mentioned earlier) is also available. http://www.passpack.com/ (free for up to 100 passwords; Pro version, which supports 1,000 passwords, costs $1.50 per month; other plans are also available) • Shibbo: Shibbo is a basic, no-frills online password manager. The service provides fields for user name, password, and several optional pieces of information, and offers categorization of stored items. However, there’s no automatic form filling; you must copy and paste your credentials from Shibbo onto the pages. http://www.shibbo.com/ (free)

100

Passwords on iOS Devices Several of the password managers mentioned in this section (including 1Password, Data Guardian, PasswordWallet, and SplashID) have companion apps, for some or all iOS devices, that let you sync your passwords and take them with you, while keeping them safely encrypted. In addition, all the Web-based services can be accessed from your handheld device using the iOS version of Safari (or another browser). These managers, along with other apps available from the iTunes App Store (search for “passwords”), store your passwords and offer varying degrees of interaction with Safari—though the experience doesn’t match what you can get with a desktop Mac OS X application, because the iOS doesn’t permit the same kinds of interapplication communication. Ever since iPhone OS 3.0, the iOS version of Safari has had its own autofill feature, too, but I have some good news and some bad news about that: • The good news: Safari offers to remember each set of credentials when you submit them the first time, and can automatically fill them in on subsequent visits to that site. You can also autofill your contact information. So, in practice, the behavior is almost like AutoFill in the Mac OS X version of Safari. • The bad news: On an iOS device, Safari’s password storage doesn’t use, integrate with, or sync with your Mac OS X keychain, so you must reenter all your passwords manually, at least once, before the feature proves valuable. What’s worse is that although Safari for iOS lets you turn AutoFill on and off, or erase all your stored passwords en masse (tap Settings, then Safari, then AutoFill), it offers no other password management. You can’t see or edit any of your stored passwords, or delete just one or a few. And although there are numerous third-party browsers for iOS, I know of none that can access passwords stored by Safari. So, although this capability is welcome, it feels half-baked to me, and I hope that in a future version of iOS, you get just as much control over your passwords as you do with Keychain Access— and, ideally, over-the-air password syncing via MobileMe, too!

101

BIOMETRIC DEVICES There are three broad categories of authentication: something you know (usually a password); something you are (a unique, measurable physical characteristic, such as a fingerprint or iris pattern); and something you have (a smart card, token, or other device that can be identified uniquely—something I don’t cover in this book). Passwords provide a reasonably good way to protect access to data and resources, but in some cases they may not be enough. After all, passwords can be guessed, found, or stolen. So where greater security is needed, you may want to use other forms of authentication instead of a password—or, better yet, in addition to one. Note: Authentication that uses just one means of identification (for example, just a password or just a fingerprint scan) is called single-factor authentication. Multi-factor authentication, which is much more secure, requires two or more means of identifying yourself (such as a password and a fingerprint scan).

Biometric devices enable you to use the second form of authentication (what you are). They identify you through a unique attribute of your body. From door locks with built-in fingerprint scanners to retinal scanners protecting government installations, biometric devices are increasingly common. Because you can’t guess a fingerprint the way you can guess a password, using biometrics is a good way to guard important data; however, most biometric devices can be defeated, so they’re best used as an adjunct to a password rather than as a replacement. As of late 2010, I’m aware of only one brand of Mac-compatible biometric device that’s readily available to consumers: UPEK’s Eikon fingerprint scanners (http://www.upek.com/solutions/mac/). The company currently offers two models: the Eikon ($49.95), a small device that connects to your Mac with a USB cable, and the Eikon To Go ($48), an even tinier device with a retractable USB connector that plugs directly into your Mac with no cable required. The two devices function identically. I’ve used both of them for more than a year, and I can recommend them to any Mac user who wants extra security—or even just the convenience of swiping a finger rather than typing a password. 102

Other Fingerprint Scanners There was previously another fingerprint scanner that worked with Mac OS X 10.4: the Sony Puppy FIU600/M. However, it’s been discontinued for several years (though used units may be available on eBay or similar sites), and its software was never updated for compatibility with Leopard or Snow Leopard, or with Intel-based Macs. A few Mac-compatible external hard drives and flash drives also include built-in fingerprint scanners, but those are used exclusively for encrypting and decrypting the contents of the drives, not for general-purpose authentication.

After installing the included software, plugging in the device, and restarting, the first thing you must do with an Eikon scanner is to work through an assistant that guides you through enrolling your fingerprints by swiping your fingers over the device’s scanner three times. You can scan any or all of your fingerprints (optionally using more than one finger to authenticate), and each user on your Mac can enroll separately. Then set up the options you prefer. When presented with a login window or other authentication dialog, the Eikon can operate in any of three modes: • A swipe or a password: You can either swipe your finger to authenticate or type your password as usual—your choice. In other words, fingerprint recognition is an optional convenience, albeit a significant one: this feature works even in login windows other password managers can’t touch. • A swipe only: The only way to authenticate is to swipe your finger; you may not type your password. • A swipe and a password: You must both swipe your finger and type your password. This the two-factor authentication approach offers the most secure setting. Warning! Requiring a fingerprint (with or without a password) protects you from someone guessing your password, but use these settings with caution; if you lose or forget your fingerprint scanner, you’ll be in a pickle.

103

I’m sorry to report that, contrary to what I’d been told before I wrote the last version of this book, there’s no longer a plan in place to integrate Eikon’s software with 1Password, so that you could swipe your finger over a scanner to log in to Web pages whose credentials are stored in 1Password. That capability would have been marvelous, and I’m disappointed that it’s no longer in the works. One downside to the Eikon scanners is that they can unlock your Keychain (see Change Keychain Settings) only if the keychain is configured to unlock upon login, which is to say that it has the same password as your user account—a less than secure arrangement. According to the company, the reason for this limit is that Mac OS X’s keychain prompts use a nonstandard dialog that the Eikon software can’t tap into. The upshot is that even if you set your Eikon to respond to a swipe only (or allow the choice of a swipe instead of a password), you must still unlock your keychain by typing your password if you use a different password for your keychain than for login, or if you set your keychain to lock automatically—both of which I recommend! Even so, the Eikon offers enough benefits that I don’t regard this annoyance as serious.

104

Keep Your Passwords Secure If you stored your fortune in a safe deposit box, you wouldn’t keep the key hanging on a hook outside your house. The same should be true of your passwords: if you keep them written on sticky notes at your desk, they’re not safe. But even if you don’ write them down, there are many ways that someone might discover your passwords. In this chapter, I look at some of the ways your passwords might fall into the wrong hands, and give you tips on keeping them safe. I also discuss recovering forgotten passwords, backing up your passwords, and devising a plan to ensure that your passwords are available in case of emergency.

AVOID THE “WEAKEST LINK” PROBLEM Suppose you have a fantastic password that would take the world’s best supercomputers centuries to crack. You’ve stored it in your Mac OS X keychain, but your keychain itself has a less secure password. And because you worry that you might forget it, you store your keychain password in an unencrypted text file on your hard disk. You can see where I’m going with this: you’ve nullified the security of that great password, because someone can get to it, by way of the text file that opens your keychain, without any guessing or computational effort at all. And even without that file, your super-secure password is effectively reduced to the strength of your keychain password. Just as a chain is only as strong as its weakest link, a password is only as strong as the weakest means by which someone can (directly or indirectly) get to it. That concept is straightforward enough, but consider some of the ramifications: • If you write down a password anywhere, the password (and whatever it protects) is only as safe as the piece of paper. That may be safe enough in most cases, but you’ve seen the movies and TV shows: the bad guys will turn your house upside down looking for 105

the paper with the password for the million-dollar bank account. As a password’s value increases, so do the risks of writing it down. • If you click a “forgot my password” link and a site emails you your password, that password is only as safe as the password used to access your email account (and possibly much less secure; see the next section, Use Wireless Networks Safely). • If you keep a password in your keychain (or other password manager), the password is only as safe as the keychain’s password. • If you type the password into a file on your computer, the password isn’t safe at all. (Remember, Spotlight makes it very easy to find files, even if they’re hidden in an obscure folder.) If you encrypt the file that holds the password, it’s only as safe as the password protecting the encrypted file—and that depends further on the encryption method, since some methods are easier to crack than others, regardless of the password strength. Taking all these situations into account, my advice is: • If you write down any of your passwords, keep them in a very safe place (such as on your person). For increased security, modify them in some way (such as reversing the order of the characters). For ideas about writing down passwords that someone else may need to access, read Prepare an Emergency Password Plan. • Make all security passwords equally secure. • Change default system settings to protect your login password (covered in Use Your Login Password). • Take appropriate precautions when using wireless networks (see the next page). • Store passwords in a keychain (or other password manager), but make your keychain’s password at least as secure as any password it contains, lock your keychain when not in use (described in Use Your Keychain Password), and back up your keychain (see Back Up Your Passwords, shortly ahead).

106

USE WIRELESS NETWORKS SAFELY Suppose you take your laptop to a local café or library and connect to the wireless hotspot there. If the hotspot is open (requiring no password to make a connection), it’s unencrypted. That means data traveling wirelessly between your computer and the wireless gateway is unprotected. Someone sitting next to you (or in the next room, or even in a building across the street) can use readily available software to “sniff” the activity on the wireless network, essentially watching all the data as it goes into and out of your computer. By examining this data, the person can easily identify user names and passwords you transmit when checking your email, logging into Web sites, using instant messaging, and performing other online activities. This worry may seem paranoid, but there are in fact petty criminals who target places like hotspots in which they can passively acquire quite a bit of data. Obtaining passwords and other information using freely available software could be a routine task to which this kind of person need not devote much effort. Tip: Wireless security is a big and complex topic. My colleagues Glenn Fleishman and Adam Engst tackle it in Take Control of Your Wi-Fi Security.

You can solve this problem in any of several ways, each with its pros and cons. Ideally, you’ll use a combination of several of them.

Use Wi-Fi Encryption If you’re connected to the Internet through your own AirPort base station or other wireless gateway, you can turn on its wireless security feature. That way, someone sniffing the wireless traffic can’t see your password (or other data) in plain text, but instead sees only garbage characters. Wi-Fi network security uses an encryption key that you enter on every computer that connects to the network to scramble the data as it’s sent through the air. An older method known as WEP (Wired Equivalent Privacy) is considered easily cracked but is the most widely supported method, and it’s better than nothing. A newer method called WPA (WiFi Protected Access) is considered strong and is available in almost all equipment released since 2004. It comes in both the original WPA and 107

WPA2, which uses an even stronger encryption algorithm. WEP and WPA/WPA2 can’t be mixed on the same network, so an older laptop with a WEP-only Wi-Fi card will force your entire network to use the older standard. (AirPort cards can be upgraded in Mac OS X 10.3 and later to use WPA; graphite and snow AirPort base stations cannot be upgraded to WPA.) If you’re using an AirPort Extreme or Express base station, Mac OS X 10.3 or later, and an AirPort card or AirPort Extreme card on every computer on your network, you can use WPA. You’ll have to use WEP if one system is running Mac OS X 10.2 or earlier, if you’re using versions of Windows before Windows XP SP1, or if you have older nonMac adapters that don’t have WPA updates available.

Use SSL/TLS To secure information flowing between an application on your computer (such as an email client or Web browser) and a server, most developers have chosen SSL/TLS (Secure Sockets Layer/Transport Layer Security). (SSL is the old name for the technology and what it’s generally called; TLS is actually what’s in use in many cases, and it’s backward-compatible with SSL.) If you log in to your bank’s Web site, for example, you’ll notice signs that the page you’re viewing is protected with SSL: a closed lock icon in the corner of your browser and a URL beginning with https. SSL encryption works over any kind of network and is completely transparent to you (after you’ve entered your user name and password). So even on an insecure wireless network with hackers prowling about, your data is safe. You should be aware, though, that only the particular Web pages, email accounts, or other resources that are SSL-protected are safe. So, although you can log in to your bank account securely, the next Web site you visit may transmit all your information without encryption. (Some sites can be accessed with or without SSL.) The presence or absence of that little lock icon can be too easy to miss. Note: I cover all the details of configuring Apple Mail to use SSL in my book Take Control of Apple Mail in Snow Leopard.

108

Use a VPN If you’re unsure whether your wireless network is properly encrypted, if you’re stuck using an email server that doesn’t offer SSL with secure authentication, or if you want to be sure all your data is protected (even when you visit insecure Web sites), your best bet is to use a virtual private network (VPN). This type of encryption sends all data between your computer and a remote server through an encrypted tunnel, rather than encrypting only certain bits of it (as with SSL) or only the connection between your computer and the nearest wireless gateway (as with WPA). It’s the safest way to compute wirelessly. You can set up a VPN in any of several ways. For example, you can buy a device called a VPN server or remote gateway that sits on your home or office network, and then connect to this box from your local café. Or you can use free or commercial software to set up a computer on your network to function as a VPN server, and connect to that. A simpler (and in many cases less expensive) option is to sign up for a VPN service. Using either the Internet Connect application included with Mac OS X or free, open-source software, you configure your Mac to connect to the service’s network, and (after a small monthly fee) you’re done. Four companies that offer such a service are: • Hotspot Shield: http://www.hotspotshield.com/ (free; adsupported) • HotSpotVPN: http://www.hotspotvpn.com/ ($8.88 per month) • PublicVPN.com: http://www.publicvpn.com/ ($6.95 per month or $69.95 per year) • personalVPN: http://www.witopia.net/ ($39.99–$69.99 per year, depending on options selected) Note: The types of wireless security I cover here are not the only ones available. For much more detailed information on these and other options, I refer you again to Take Control of Your Wi-Fi Security.

109

CHANGE YOUR PASSWORDS Some network servers, Web sites, and email providers force all users to change their passwords periodically—every 90 days, for example. You may try to log in one day, as you do regularly, only to see an error message stating that you must enter your old password and then choose a new one. The reason for such a policy is simple: if someone steals, guesses, or hacks your password, the requirement to change it periodically limits the potential exposure to damage. Keep it complex: When you have to change a certain password periodically, you might be tempted to come up with a pattern to help you remember each revision, such as incrementing two digits within the password (changing t5L64oIx to t5L75oIx, for instance). Avoid such simplistic changes, which a hacker could easily guess. If you work for a government, large corporation, medical practice, or other institution where information privacy is of the utmost concern, a policy requiring periodically changing passwords makes sense. But apart from situations in which you must change your password, should you voluntarily change your passwords? For identity passwords, if you’ve chosen a secure pattern (as discussed in Devise a Pattern for Identity Passwords), the bother of changing them regularly isn’t worth it. However, if you learn that someone has gotten access to two or more of them (or if you see evidence of identity theft in any form), the cautious response is to bite the bullet and change them all, using new patterns for both your personal segment and the resource-specific segment. Passwords that protect financial resources of any kind should be changed periodically. How often depends on the amount of money at risk, the care with which you guard your passwords, and your personal level of comfort. As a general rule, I suggest changing such passwords at least every 6 months. Change the locks: Be sure to change your keychain password whenever you change important passwords stored inside it.

110

I suggest changing other security passwords (your Mac OS X login password, email passwords, and so on) at least once a year. If your passwords are currently insecure, or if you suspect someone has learned one or more of them, change them immediately. Update Old Passwords Perhaps upon reading this book you realize that all your existing passwords are terrible, and you’re committed to choosing and using good passwords from now on. Fantastic—but what about all those existing passwords, which can easily number in the hundreds? How do you go about changing them all? There’s no quick or easy way; however, I can offer a few words of advice: • Don’t feel you have to change all your passwords at once. A better approach is to change passwords as you use them. • Consider using a heavy-duty password manager such as 1Password or Web Confidential, which can make generating and storing passwords much easier. • If you already use Safari’s AutoFill feature for user names and passwords in conjunction with your keychain, consider turning off the feature temporarily so that you’re reminded of each password you must change. After changing each password, update the corresponding entry manually in Keychain Access.

RECOVER FORGOTTEN PASSWORDS Because a major goal of this book is to teach you how to remember passwords—and use various tools to remember them for you—I hope that you’ll seldom if ever find yourself unable to recall a password. But it does happen. For example, if you’ve recently chosen a new password for a Web site and stored it safely in your keychain, you might have trouble recalling it when you’re on vacation and attempting to log in to that site from another computer. If you’re facing a lost password, there’s usually a solution available— but not always. Here’s an overview of what you can try: • Web passwords: Almost every Web site that employs passwords has an automated mechanism for dealing with forgotten passwords. Usually, this is in the form of a “forgot my password” link. When 111

you click this link, the site might provide you with your password hint (see the sidebar Take (or Leave) a Hint) or ask you verification questions (see the sidebar Verification Questions). More frequently, though, it will email you either your password or a special URL that will enable you to reset your password and choose a new one. If you don’t see such a link, and if the site’s FAQ page has no instructions for dealing with lost passwords, contact the company’s technical support department for help. • Login passwords: If you know the password of the original administrator on your computer, you can reset any other user’s password (consult Reset an Administrator Password). Also, you can reset any login password if you know the Mac’s master password (read Use Your Master Password). If no master or administrator password is available, you can reset the password for the computer’s default account (refer to the second set of steps in Reset an Administrator Password). • The vault is sealed: If a user has FileVault enabled, only that user’s password or the master password can unlock the FileVault data. If both passwords are lost, recovery is impossible. • Master password: I know of no way to recover a forgotten master password, but you can remove it altogether. To do so, in the Finder, navigate to /Library/Keychains. Drag the two FileVaultMaster files to the Trash and enter your administrator password when prompted. • Root password: Any administrator can reset the root password. To do so, open Terminal and enter sudo passwd root. Enter your administrator password and then a new root password (and confirm it when prompted). • Firmware password: To reset the firmware password, see the sidebar The Too-Open Firmware Password. • Email passwords: If you forget your email password, contact your email provider’s technical support department for assistance.

112

• Network passwords: Your system administrator should be able to tell you the password for any network volume or help you reset your password to a new value. • Wireless passwords: If you own the wireless gateway whose password you’ve forgotten, follow the instructions that came with it to erase its settings and reconfigure it from scratch. If it’s someone else’s gateway, ask that person. • Keychain password: I know of no way to recover a forgotten keychain password. You can, however, create a new keychain, set it as the default, and delete your old one.

BACK UP YOUR PASSWORDS Consider this nightmare scenario: you’ve carefully created hundreds of nicely random passwords and stored them in your keychain so that you don’t have to remember them all. But then your hard disk crashes and your keychain is damaged. Or your computer is stolen. Or any of a dozen other catastrophes occurs. Your keychain is lost—and with it, all your passwords. You can reconstruct the lower-security identity passwords, but the best and most important ones may be gone permanently. Unless you have a photographic memory, the best defense against all these situations is a good backup. If you keep your passwords in your keychain, all you need do is make a copy of your ~/Library/Keychains folder; if you use a third-party password manager, make a copy of the file it uses to store your passwords. If you use Time Machine or create bootable duplicates of your entire disk using a program like Carbon Copy Cloner or SuperDuper, your keychains are backed up automatically. If you use other backup software, be sure your keychains are among the files being backed up. For safety, make sure the backup data is encrypted and store your backup offsite. An ideal place is your iDisk (if you’re a MobileMe member) or another Internet server. If you store your backups on a hard disk or similar medium, be sure to keep a copy in a safe place outside your home or office.

113

Tip: I cover all the details of backing up your data—not just your keychains—in my comprehensive book Take Control of Mac OS X Backups. Or, for a simpler approach, read Take Control of Easy Mac Backups.

PREPARE AN EMERGENCY PASSWORD PLAN Suppose you’ve chosen excellent passwords and stored them only in your keychain (or in your head), but then you’re in a terrible accident. While you lie unconscious in a hospital bed, your spouse, employer, or attorney urgently needs access to something protected by those passwords—a bank account, insurance records, your email, or whatnot. We don’t like to think about such eventualities, but they do occur. If you become incapacitated or die, how will someone else be able to reach your password-protected data? I can suggest several alternatives you might consider: • Keep a list of important passwords in a safe deposit box, and make sure a trusted loved one has the key. But remember: your passwords are now only as safe as any key to that box! • Use your keychain (or other password manager) to store your important passwords, and ask your loved one to memorize your keychain password. Be sure this person knows how to unlock it, too! (A periodic practice run is a good idea.) One downside to this approach is that if your computer is lost, stolen, or damaged, your keychain—and all the passwords inside it—will be inaccessible. • Write down your important passwords (or just your keychain password) in an extremely obscure location, but one that both you and a loved one can easily remember. Of course, there’s no guarantee that a thief wouldn’t stumble on it, but if you’re clever enough, you can minimize that risk. Here are some examples: ◊

Open your favorite book to the page corresponding to the last two digits of the year you were born (or some other memorable date). Lightly, in pencil, write the password vertically on the inside edge of that page, near the spine. 114



Write the password on a recipe card, in the middle of the most complicated recipe you can find. For example, if you have a recipe for mole sauce, it might include “1 tsp ground cinnamon; 1 tbsp s8#gUl4Bx5; 3 tbsp ground sesame seeds…”



Put your passwords in a notebook that you keep in a highly inaccessible box in your attic or basement, such as the one holding your holiday decorations.

• Use a simple cipher or code to write down your passwords. For example, substitute the next higher letter or number for each character in your password (9t3vQd becomes 0u4wRe). Although this won’t stop a cryptanalyst, it will confuse or at least slow down most thieves. I want to reiterate that, in terms of security, writing down passwords always exposes you to a certain amount of risk. Realistically, however, in most cases this risk is fairly small; except in highly unusual circumstances, thieves will be far more interested in stealing your computer than in turning your office upside down to find a password. In general, the greater risk is having your passwords be inaccessible when you need them. Regardless of which tactic you choose (and no doubt you can be even more creative!), the key is to discuss your plan thoroughly with the person who would need access to your passwords in case of emergency, just as you would an insurance policy or a will.

115

Avoid Password Phishing Scams If you’re like most people, you’ve already received lots of email messages claiming to be from a bank or from PayPal, eBay, Amazon.com, or other sites that process financial data. The messages often urge you to “update” or “verify” your account, warning you that if you don’t, you’ll suffer dire consequences (such as having the account disabled). Sometimes they state that some item you didn’t order is about to be shipped and charged to your account. Invariably the messages ask you to click a link; if you do, you’re taken to a Web site that asks for your user name (or account number) and password. The Web sites, and the email messages leading to them, look authentic. They use the same fonts, logos, and layout that you’d normally expect from the company in question. The messages usually have a From address at the real company, too. But, in fact, the whole operation is a scam, designed to trick you into giving away your user name and password to criminals. (They’re fishing for information—hence the nickname “phishing.”) As soon as you enter your information, the people running the site will try to log in to the real bank or Web site with your information. With full access to your account, imagine the damage they can do: they can steal not only your money but also your identity. You can often tell if a message is a phishing attempt by looking at its source (in Mail, choose View > Message > Raw Source), where you can see the true underlying URL (which may be different from the URL in the visible link). In the source, locate the URL you’ve been asked to click, and you’ll probably see that it’s a numeric IP address (such as 123.45.67.89) or a misleading domain name (such as http://www.paypal-upgrade.net). When in doubt, don’t click a URL in such a message. If you think a company might legitimately want you to update your account for some reason—unlikely as that is—go to their Web site by typing the address into your browser. If, after logging in, you see no notices about needing to take any other action, you can assume the message was a phishing attempt.

116

About This Book Thank you for purchasing this Take Control book. We hope you find it both useful and enjoyable to read. We welcome your comments at [email protected].

EBOOK EXTRAS You can access extras related to this ebook on the Web. Once you’re on the ebook’s Take Control Extras page, you can: • Download any available new version of the ebook for free, or buy a subsequent edition at a discount. • Download various formats, including PDF and—usually—EPUB and Mobipocket. (Learn about reading this ebook on handheld devices at http://www.takecontrolbooks.com/device-advice.) • Read postings to the ebook’s blog. These may include new information and tips, as well as links to author interviews. At the top of the blog, you can also see any update plans for the ebook. • Get a discount when you order a print copy of the ebook.

ABOUT THE AUTHOR Joe Kissell is Senior Editor of TidBITS and the author of numerous print and electronic books about Macintosh software, including Take Control of Running Windows on a Mac and Take Control of Mac OS X Backups. He is also a Senior Contributor to Macworld, was the winner of a 2009 Neal award for Best How-to Article, and has appeared on the MacTech 25 list since 2007. Joe has worked in the Mac software industry since the early 1990s, including positions managing software development for Nisus Software and Kensington Technology Group. In his increasingly imaginary spare time, Joe likes to travel, cook, and practice t’ai chi. He lives in Paris with his wife, Morgen Jahnke, their son, Soren, and their cat, Zora. To contact Joe about this book, send 117

him email at [email protected] and include Take Control of Passwords in Mac OS X in the subject of your message so that his spam filters won’t intercept it.

AUTHOR’S ACKNOWLEDGMENTS I’d like to thank Caroline Rose for her outstandingly talented and speedy editing. The Take Control authors, editors, and hangers-on who reviewed this book showed their usual insight, helping to improve the text greatly. This book has been brought to you by the letters P (capital) and w (lowercase), the number 1, and the symbols $ and €.

SHAMELESS PLUG Although I write about computers as my day job, I have a great many other interests, which I write about on several Web sites, including Interesting Thing of the Day and my personal blog. You can find links to all my sites, a complete list of my publications, and more personal details about me at JoeKissell.com.

ABOUT THE PUBLISHER Publishers Adam and Tonya Engst have been creating Apple-related content since they started the online newsletter TidBITS, in 1990. In TidBITS, you can find the latest Apple news, plus read reviews, opinions, and more (http://www.tidbits.com/). Adam and Tonya are also parents to Tristan, who thinks ebooks about castles would be cool.

PRODUCTION CREDITS Take Control logo: Jeff Tolbert Cover design: Jon Hersh Editor: Caroline Rose Editor in Chief: Tonya Engst Publisher: Adam Engst 118

Copyright and Fine Print Take Control of Passwords in Mac OS X, Second Edition ISBN: 978-1-933671-67-3 Copyright © 2009, 2010, Joe Kissell. All rights reserved. TidBITS Publishing Inc. 50 Hickory Road Ithaca, NY 14850 USA http://www.takecontrolbooks.com/ Take Control electronic books help readers regain a measure of control in an oftentimes out-of-control universe. Take Control ebooks also streamline the publication process so that information about quickly changing technical topics can be published while it’s still relevant and accurate. This electronic book doesn’t use copy protection because copy protection makes life harder for everyone. So we ask a favor of our readers. If you want to share your copy of this ebook with a friend, please do so as you would a physical book, meaning that if your friend uses it regularly, he or she should buy a copy. Your support makes it possible for future Take Control ebooks to hit the Internet long before you’d find the same information in a printed book. Plus, if you buy the ebook, you’re entitled to any free updates that become available. Although the author and TidBITS Publishing Inc. have made a reasonable effort to ensure the accuracy of the information herein, they assume no responsibility for errors or omissions. The information in this ebook is distributed “As Is,” without warranty of any kind. Neither TidBITS Publishing Inc. nor the author shall be liable to any person or entity for any special, indirect, incidental, or consequential damages, including without limitation lost revenues or lost profits, that may result (or that are alleged to result) from the use of these materials. In other words, use this information at your own risk. Many of the designations used to distinguish products and services are claimed as trademarks or service marks. Any trademarks, service marks, product names, or named features that appear in this title are assumed to be the property of their respective owners. All product names and services are used in an editorial fashion only, with no intention of infringement of the trademark. No such use, or the use of any trade name, is meant to convey endorsement or other affiliation with this title. This title is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Because of the nature of this title, it uses terms that are the trademarks or that are the registered trademarks of Apple Inc.; to view a complete list of the trademarks and the registered trademarks of Apple Inc., you can visit http://www.apple.com/legal/trademark/appletmlist.html. 119

Featured Titles Click any book title below or visit our Web catalog to add more ebooks to your Take Control collection!

Take Control of Exploring and Customizing Snow Leopard (Matt Neuburg): Learn how to customize your Mac’s interface, navigate quickly around your disk, and use special features like a pro. $15 Take Control of iWeb ’09 (Steve Sande): Learn how to work effectively and creatively in iWeb, and get help with using third-party hosts and custom domain names. $10 Take Control of Mac OS X Backups (Joe Kissell): Set up a rock-solid backup strategy so that you can restore quickly and completely, no matter what catastrophe arises. $15 Take Control of Maintaining Your Mac (Joe Kissell): Find a commonsense approach to avoiding problems and ensuring that your Mac runs at peak performance. $10. Take Control of Running Windows on a Mac (Joe Kissell): With Intelbased Macs, it has become possible to run Windows software on a Mac, and with Joe’s advice, it’s easy! $10 Take Control of Safari 5 (Sharon Zardetto): Make the most of Apple's Safari, a Mac Web browser with many hidden and under-appreciated talents! $10 Take Control of Users & Accounts in Snow Leopard (Kirk McElhearn): Find straightforward explanations of how to create, manage, and work with—and among—user accounts. $10 Take Control of Your 802.11n AirPort Network (Glenn Fleishman): Make your AirPort network fly—get help with buying the best gear, set up, security, and more. $15 Take Control of Your Wi-Fi Security (Engst & Fleishman): Learn how to keep intruders out of your wireless network and protect your sensitive communications! $10 120