Take Control of Passwords

Check for Updates
Make sure you have the latest information!
TidBITS Publishing Inc.
Take Control of
v2.1
Passwords
Mac
OS
X
d
n
o
in
c
e
S tion
Joe Kissell
edi
$10

Help Catalog Feedback
Blog Order Print Copy
Table of Contents

READ ME FIRST 4
Updates and More................................................................... 4
Basics ................................................................................... 5
Whats New in Version 2.1 ....................................................... 6
What Was New in Version 2.0................................................... 7
INTRODUCTION 8
PASSWORDS QUICK START 10
ASSESS YOUR PASSWORD NEEDS 11
Consider Your Risk Level.........................................................11
Use an Ounce of Prevention ....................................................13
LEARN PASSWORD BASICS 14

Understand Password Security.................................................14
Understand the Two Password Types ........................................17
Figure Out the Right Password Type .........................................18
Learn the Pros and Cons of Reusing Passwords ..........................20
Understand Optimal Password Length.......................................21
CHOOSE A PASSWORD STRATEGY 25

Strategy A: Rely (Mostly) on Technology...................................25
Strategy B: Rely (Mostly) on Your Brain ....................................28
Choosing a Strategy: Joes Recommendation .............................30
GENERATE GOOD PASSWORDS 32

Create Security Passwords ......................................................32
Devise a Pattern for Identity Passwords ....................................35
Use Password Assistant ..........................................................39
Take Action!..........................................................................41
UNDERSTAND MAC OS XS PASSWORDS 42

Login Passwords ....................................................................42
Master Password....................................................................49
Root Password ......................................................................52
Firmware Password ................................................................53
Email Password .....................................................................56
Wireless Network Password .....................................................56
File Sharing Password ............................................................57
Keychains .............................................................................58
2
USE KEYCHAIN ACCESS 62

Understand Common Keychain Types .......................................63
View Your Passwords..............................................................64
Change Access for a Password .................................................67
Add or Change Passwords .......................................................68
Delete Passwords...................................................................69
Change Your Keychain Password..............................................70
Change Keychain Settings.......................................................70
Change the Default Keychain...................................................71
Add or Delete a Keychain........................................................72
Add Notes to a Keychain .........................................................74
Repair Damaged Keychains .....................................................76
Solve the login Keychain Prompt Problem ...............................77
Use the Keychain Menu ..........................................................79
USE PASSWORDS ON THE WEB 80

Choose Good User Names .......................................................81
Fill Out Forms Automatically....................................................83
USE THIRD-PARTY PASSWORD TOOLS 88

1Password ............................................................................88
Other Password Generators.....................................................93
Other Password Managers.......................................................94
Biometric Devices ................................................................ 102
KEEP YOUR PASSWORDS SECURE 105

Avoid the Weakest Link Problem.......................................... 105
Use Wireless Networks Safely ................................................ 107
Change Your Passwords........................................................ 110
Recover Forgotten Passwords ................................................ 111
Back Up Your Passwords ....................................................... 113
Prepare an Emergency Password Plan..................................... 114
ABOUT THIS BOOK 117

Ebook Extras....................................................................... 117
About the Author ................................................................. 117
Authors Acknowledgments ................................................... 118
Shameless Plug ................................................................... 118
About the Publisher.............................................................. 118
Production Credits ............................................................... 118
COPYRIGHT AND FINE PRINT 119

FEATURED TITLES 120
1PASSWORD COUPON 121
3
Read Me First
Welcome to Take Control of Passwords in Mac OS X, Second
Edition, version 2.1.
If youre overwhelmed with too many passwords to remember or
concerned that your passwords may not be safe, help is on the way.
This book tells you everything you need to know about choosing,
remembering, and managing passwords of all kindswith special
attention to those used when accessing Web sites with a Mac, iPad,
iPhone, or iPod touch. This book was written by Joe Kissell, edited
by Caroline Rose, and published by TidBITS Publishing Inc.
Copyright 2009, 2010, Joe Kissell. All rights reserved.
If you have an ebook version of this title, please note that if you
want to share it with a friend, we ask that you do so as you would
a physical book: lend it for a quick look, but ask your friend to buy
a new copy to read it more carefully or to keep it for reference.
Discounted classroom and Mac user group copies are also available.
UPDATES AND MORE

You can access extras related to this book on the Web (use the link
in Ebook Extras, near the end of the book; its available only to purchasers). On the ebooks Take Control Extras page, you can:
Download any available new version of the ebook for free, or
purchase any subsequent edition at a discount.
Download various formats, including PDF andusuallyEPUB
and Mobipocket. (Learn about reading this ebook on handheld
devices at http://www.takecontrolbooks.com/device-advice.)
Read postings to the ebooks blog. These may include new information and tips, as well as links to author interviews. At the top
of the blog, you can also see any update plans for the ebook.
Get a discount when you order a print copy of the ebook.
4
BASICS
In reading this book, you may get stuck if you dont know certain
fundamental facts about using your Mac or if you dont understand
Take Control syntax for things like working with menus or finding
items in the Finder.
Please note the following:
Menus: Where I describe choosing a command from a menu in
the menu bar, I use a compact description. For example, to create
a new folder in the Finder, you choose New Folder from the File
menu; Id abbreviate this as File > New Folder.
Finding System Preferences: I sometimes refer to settings in
System Preferences that you may want to adjust. To open System
Preferences, click its icon in the Dock or choose Apple () > System
Preferences. In the System Preferences window, click the icon of the
pane whose settings you want to adjust. I refer to these panes with
an abbreviated notation such as the Network preference pane.
Finding an applications preferences: I often refer to preferences in an application that you may want to adjust. Dont confuse
an applications preferences with the system-wide settings found in
System Preferences.
To access an applications preferences, choose Application Name >
Preferences. For example, in Disk Utility, you would choose Disk
Utility > Preferences. Within some applications, all preference
controls appear in a single window. In others, a bank of buttons
is located across the top, or a list of categories along the side; in
those cases, click a button or category to display a pane with a
corresponding range of preferences. Instead of providing detailed
directions each time, I may use an abbreviated notation such as
go to the General preference pane.
Path syntax: I occasionally use a path to show the location of
a file or folder in your file system. For example, Mac OS X stores
most utilities, such as Terminal, in the Utilities folder; the path to
Terminal is /Applications/Utilities/Terminal.
A slash at the beginning of a path tells you to start from the
root level of the disk. Youll also encounter paths that begin with
5
~ (tilde), which is a shortcut for the current users home folder. For
example, if the person currently logged in has the user name joe and
wants to install fonts that only he can access, hell put them in his
~/Library/Fonts folder, which is just another way of writing /Users/
joe/Library/Fonts.
Volumes and partitions: I follow Apples terminology in referring to any disk or partition on a disk as a volume. So if a hard disk
has not been partitioned, it has just one volume. If a disk has been
partitioned, each partition is a volume.
Passwords and passphrases: You may sometimes hear the
word passphrase used instead of password; this implies a longer
set of characters, perhaps a series of words. For the purposes of
this book, I generally stick with the term password, with the understanding that its not necessarily a word as such but any string of
characters (which could, certainly, include a phrase).
iOS devices: The iPhone, iPod touch, and iPad (as well as, perhaps, future devices) all run Apples iOS operating system (known
as iPhone OS before version 3.2.1). In some contexts, I use the
shorthand iOS device to refer to any of these devices. Note,
though, that some apps I discuss here work only on some iOS
devicesso if I spell out device names, thats usually why.
WHATS NEW IN VERSION 2.1

In this minor revision, Ive updated the book to reflect the latest
information about Mac OS X 10.6 Snow Leopard, iOS devices,
1Password, and other third-party products. Among the most
significant changes are these:
Revised the discussion of 1Password (p. 88) to reflect the latest
version (3.x) at publication time, as well as current versions for iOS
Updated the list of Desktop Password Managers (p. 95) with the
latest facts, and added mention of the popular LastPass service/
software
Corrected information in Biometric Devices (p. 102) about using
UPEKs Eikon fingerprint scanners with 1Password
6
What Was New in Version 2.0

Version 2.0 was a major revision to the book, with many changes
scattered throughout. The book was thoroughly updated with
information on Mac OS X 10.5 Leopard, had all new graphics, and
contained numerous small corrections and adjustments.
Among the other significant changes were these:
A new chapter, Choose a Password Strategy, that outlines two broad
approaches to thinking about and using passwords
Division of the chapter previously titled Generate Good Passwords
into two parts: Learn Password Basics, which provides background
information, and Generate Good Passwords, about the nuts and
bolts of creating passwords (with or without the help of software)
Instructions on changing an administrator password even if you
dont have a Mac OS X Install disc in Reset an Administrator
Password
Coverage of password managers that sync data between your Mac
and iPhone or iPod touch in Use Third-Party Password Tools
A significantly expanded discussion of 1Password
Revised and expanded discussion of Other Password Managers
Information on using the UPEK Eikon fingerprint scanners in
Biometric Devices
Introduction
I have a love-hate relationship with passwords. Well, mostly hate. I
understand that passwords help keep my computer, my private data,
and my money safe, but for many years, every time I was asked to
come up with yet another password (for a Web site, a Mac OS X user
account, or any of a dozen other purposes), Id grumble. I felt, as many
people do, that it took too much mental effort to produce and remember all those passwords.
On the other hand, I didnt want to take the easy way outchoosing
a simple, memorable password and using it everywherebecause I
worried that I was putting my valuable information at risk. I didnt
want to sacrifice security for convenience.
In addition, I lacked a clear understanding of how to go about selecting
good passwords, and I was unsure what the security implications were
for each of the contexts in which passwords are required. For example,
Mac OS X requires passwords for a bewildering array of purposes:
logging in, securing a computers firmware, encrypting home folders,
checking email, connecting to MobileMe, and more. What are all those
passwords for? Do I need to use them all? What sorts of passwords can
I use in which places? Even computer geeks like me wonder about
these things.
I decided to get to the bottom of this whole password business once
and for all. This book is the result of my research and experiments. In
it, I show you how to choose good passwords without overtaxing your
brain. I explain when you need heavy-duty passwords and when you
can get away with less secure ones. I cover all the kinds of passwords
an average Mac OS X user will encounter, and describe how and when
to use them. And I discuss a variety of tools and methods you can use
to simplify your interactions with passwords. In short, this book
enables you to take control of your passwords once and for all!
To keep this book from being unreasonably long, Ive made some
assumptions:
Im writing for ordinary computer users, not technical wizards
or security experts. If youre looking for detailed information on
encryption algorithms or the like, this isnt the place.
Along the same lines, I assume that youre not protecting state
secrets or billion-dollar fortunes with your passwords. For that
sort of security, youll need more password mojo than I offer here.
Also, I only skim over certain topics related to passwords, such as user
accounts, wireless networks, keychain synchronization, and file sharing. For more information on these topics, I refer you to other Take
Control titles.
For this edition of Take Control of Passwords in Mac OS X, Ive taken
a long look at what has happened since the books original publication
in 2006. Ive significantly modified my thinking on a few topics,
adopted some new techniques, and begun to use hardware and software products that werent available when I wrote the first edition.
And Ive watched Mac OS X evolve through a couple of major revisions, seen Apple complete its shift to Intel processors, and witnessed
the birth and growth of the iPhone, iPod touch, and iPad. So Ive
updated the book with the latest in technology and my current advice.
This version of the book is written primarily for users of Mac OS X
10.6 Snow Leopard or Mac OS X 10.5 Leopard. Nearly all of this book
also applies to 10.4 Tiger, with some minor differences in wording and
the like, which Ive called out in most cases. However, I no longer cover
earlier versions of Mac OS X at all.
To keep up to date with any significant changes to this books advice,
click Check for Updates on the cover.
Passwords Quick Start

You can read this book in any order, since Ive included plenty
of cross-references to help you find the information you need.
However, I urge you to begin with Assess Your Password Needs
and read at least up through Choose a Password Strategy, to get
valuable background information that will help you understand
everything else better. Beyond that, skip to whichever part of the
book addresses the issues youre most concerned about.
Gauge the level of password security you likely need by reading

Assess Your Password Needs.
Read Learn Password Basics to learn the fundamentals of password
security, including the difference between passwords that truly
protect something and those that merely identify you.
Decide on the best overall approach to password management for
your needs: read Choose a Password Strategy.
Learn painless ways to create your own great passwords in Generate
Good Passwords.
In Understand Mac OS Xs Passwords, find out how to choose and
use all the major kinds of passwords in Mac OS X, including login,
firmware, and email passwords.
Read Use Keychain Access to learn about a tool Apple includes with
Mac OS X that lets you secure, repair, and optimize the keychains in
which your passwords are stored.
In Use Passwords on the Web, learn how to select, store, and fill in
user names and passwords for Web sites.
If the password programs included with Mac OS X provide too little
oomph, turn to more-capable utilities from other developers. See
Use Third-Party Password Tools.
Read Keep Your Passwords Secure for tips on protecting your
passwords from thieves and hackers.
10
Assess Your
Password Needs
Were all at different points on a continuum of password needs.
Although I do have strong opinions about passwords and do make
numerous recommendations in this book, I want to begin by putting
those opinions and recommendations in context. Only you can
decide which choices are best for you. To help you do that, Id like
to say a few words about ascertaining how much password-related
risk you have and how that should guide your decisions.
CONSIDER YOUR RISK LEVEL

I live in a major city, in close proximity to my neighbors. Although
there happens to be a police station on my block (making me feel a
bit safer), thefts and robberies are not at all uncommon in this area.
I own several computers, use wireless networks extensively, do most
of my banking and bill paying online, and work at home. On a daily
basis, automated programs try to infiltrate my computers to send
spam, run chat servers, and scan for personal information. In short,
when it comes to the kinds of things I use passwords for, my level
of risk is fairly high. I have excellent reasons to take significant precautions with my computers and with the resources they access
everything from my bank accounts to the servers that keep my
business online.
In contrast, consider a hypothetical person Ill call Scott. Scott lives
in a rural area where the biggest crime in the last year was someone
running a red light. People in Scotts community dont lock their doors,
and their home security systems are noisy dogs. Although Scott surfs
the Web frequently, its only for recreation; he does his banking in person or over the phone and pays his bills by mail. He has a single Mac,
and no particular harm would come from a stranger looking at all the
files on his hard disk or reading his email. Scotts risk level is extremely
low, and therefore he has no need to take precautions that in my case
would be common sense; for Scott, theyd be unnecessary effort.
11
Most of the recommendations in this book are based on what I do

personally. I err on the side of caution; my anxiety level about protecting my money and my information is based on past experience and the
facts of my situation. I feel confident that the amount of effort someone would have to expend to figure out my passwords, get past the
security measures Ive used, and access my accounts is so far out of
proportion to what they could gain from it that Im as safe as I need to
be. By using a few simple techniques, Ive made the process of creating
and using good passwords reasonably easy; for me, thats the right
trade-off between convenience and security.
Your situation may differ. On the one hand, you might be charged
with protecting highly confidential records or managing vast sums
of money. You might live or work in an especially insecure place. You
might have well-funded enemies who are intent on destroying your
reputation or your business. If so, you should use the strongest and
most paranoid options I offer; the extra effort, in your case, is justified.
On the other hand, you might be more like Scott. You might have little
to lose, and it might be almost unthinkable that a stranger would get
physical access to your computer. Youd suffer, at worst, minor inconvenience if someone got past your passwords. If this describes you, you
should opt for the simplest and least awkward options.
In any case, I want to make it very clear that its up to you:
If you feel that some of my recommendations are inappropriate
for your situation, please dont hesitate to ignore (or modify) them.
Choose a shorter or more memorable password than what I suggest. Use the same password in more than one place. Keep your
passwords written down in a notebook beside your computer.
Or, at the other extreme, memorize a long list of insanely complex
passwords and dont entrust them to any other person or machine.
Just make your decisions carefully and thoughtfully after considering the safety factors I describe and your specific situation.
Having said that, I should point out that the level of risk you perceive
and your actual level of risk may be two different things. Ive known
lots of people who didnt think they needed to back up their hard disks
until theyd lost their data somehow, and people who didnt take out
adequate insurance until after theyd suffered a physical loss. The same
thing is true when it comes to your passwords; threats can come
12
from unexpected placesand your password needs could change

unexpectedly. For example:
A vengeful ex-spouse who knows your passwords decides to clean
out your bank account or send nasty email messages in your name.
Someone watches over your shoulder as you type the password for
your bank account at a computer in the library.
Your computer spends most of its time in a college dorm room,
where people come and go frequently, and someone decides to take
the opportunity to access your student records.
A geeky neighbor hacks into your Wi-Fi network and starts reading
the email you send and receive.
I mention these things not to frighten you but to help you think soberly
and sanely about risks. If youre unsure how easily someone could
access one of your password-protected accounts or how much damage
they could do if they did, it pays to be more cautious.
USE AN OUNCE OF PREVENTION

You know the old saying: an ounce of prevention is worth a pound
of cure. If theres one concept I want you to take away from this book,
its this: you can achieve a tremendous amount of security with surprisingly little effort.
For example, coming up with and remembering lots of passwords,
although it may seem daunting, is actually not hard at all. In most
cases, you can let your computer generate and remember passwords
for you, requiring no thought whatsoever. Alternatively, if you follow
my suggestions for using patterns, you can almost instantly come up
with (and recall) strong passwords whenever theyre neededeven if
you dont have access to the computer you normally use.
Either way, the difference in effort between low security and high
security is often tiny. When it costs so little to gain so much peace
of mind, you may choose to take greater precautions than you might
need, in the hope of saving yourself significant problems later.
13
Learn Password Basics

A goal of this book is to teach you how to choose good passwords.
All passwords are not created equal; you should understand a bit
about how passwords work and what makes one password better or
worse than another. The circumstances in which a password is used
also have implications for its security. Even if you ultimately rely on
a password generator to make good passwords for you, you should
be aware of things like how the number and types of characters
correspond to the level of security provided.
UNDERSTAND PASSWORD SECURITY

Before you can choose an appropriately secure password, you should
know the basics about how passwords work. Imagine that you need
to protect something valuable from a hypothetical thief who wants to
get to it, and that a password functions as the lock that stands between
the thief and your valuables. For starters, lets say the password is just
a single character, limited to digits (0 through 9). No matter which
password you chose, its clear that any thief could figure it out in a
maximum of ten triesmeaning its not very secure.
Suppose, though, that the single-character password could use not
only digits but also all 26 letters in the English alphabet. Then there
are 36 possible passwords, which is more secure because it would take
significantly more tries to guess the right characteralthough the thief
might, of course, get lucky and guess correctly sooner rather than later.
Next, imagine a case-sensitive context, in which capital letters and
lowercase letters count as different characters, so that if the password
is A, entering a wont work. Now there are 62 possible passwords.
Add the option of using any of 33 common punctuation characters
(such as #, %, or /) and the number of possible combinations rises to
95. Although statistically this is a far cry from the original 10, it still
wouldnt take terribly long to try 95 characters, especially if the thief
used a computer to try them all instead of entering each one manually.
14
But add a second character to the password, and the number of options
goes way up, to 9,025 possibilities (95 x 95). With eight characters in
the password, the number of possible combinations rises to
6,634,204,312,890,620 (958)!
Of course, a thief doesnt have to type all these combinations manually.
A determined culprit might resort to a brute force attack, in which a
computer generates and attempts every possible combination of characters in sequence. Brute force attacks can take a long time but are
guaranteed to succeed eventually.
However, eventually could be so long that you need not worry. If the
thief used a very fast desktop computer that could check ten million
passwords per second, and if your eight-character password contained
alphanumeric and punctuation characters (95 possible choices for each
character), it could take up to 21 years for the computer to guess it
though on average it would take half that time (since the correct password probably wouldnt be the very last one it tried). If the thief had a
large supercomputer (or a thousand fast desktop computers networked
together), this time would drop to a little more than a week. But if you
added just one more character to the password, even a supercomputer
would need nearly 4,000 years to figure it out! (I say more about the
computational effort required to crack passwords ahead, in Length of
Random Passwords.)
So for all practical purposes, a nine-character password with alphanumeric and punctuation characters is effectively uncrackablebut
only if its random, because thieves (and their computers) are likely to
try more predictable passwords before deploying a brute-force attack.
Most of us dont select completely random passwords, though, because
theyre hard to rememberbut easier-to-remember passwords are also
easier to guess. For this reason, you would be unwise to choose as a
password the name of your spouse, pet, or best friend. Similarly, using
common numbers (your date of birth or anniversary, your phone number, your Social Security number) is a bad idea, because those strings
of characters may be among the first a thief would try.
Another common tactic (employed in both manual and computergenerated attacks) is to try sequences of characters that form easyto-remember patterns on your keyboard. For example, the string
15
rfvujm may appear random at first glance, but its made by pressing
two parallel diagonal rows of keys on an English QWERTY keyboard.

Any such pattern makes a password less secure.
If those simple attempts fail, a thief might move on to a dictionary
attack, in which a computer runs through every word in a long word
list as a possible password and then, failing that, tries combinations
of words. (Despite the name, a dictionary attack isnt necessarily
restricted to words from a real dictionary; it can include slang, misspellings, non-English words, and other common combinations of
characters.) Since youre far more likely to choose a password using the
word dog than the string ogd, chances are that this approach will yield
results faster than a brute-force attack.
A typical dictionary attack in a case-sensitive context might start with
words in all-lowercase letters (since theyre the easiest to type) and
move to capitalized and then all-capital words. Later it might try words
in combination with numbers, but trying every combination of lowercase and capital letters for every word makes the attack much more
time-consuming.
Taking all this into consideration, you might choose an entirely random combination of characters, such as 8hj#1Qf9. No thief would ever
guess it, and a computer would have to resort to a hopelessly long
brute-force attack. But such an odd mixture of characters might be
hard for you to remember, so youd be tempted to write it down somewhere. If the thief were to find it written down (or stored in a file on
your computer)and hed surely search thoroughlyhed be able to
break in almost instantly.
D!cti0n@ry: Modern dictionary attacks also try common variations on standard spellings, such as replacing a with @ and E with 3.
What should you take away from this discussion? When choosing a
password, keep in mind the following:
Never use names or numbers that are obviously connected to you.
Avoid words that can be found in a dictionary (any dictionary).
If a password is especially easy to type or forms a pattern on the
keyboard, its not secure.
16
Longer passwords are more secure than shorter passwordsand

more secure still if theyre random.
If you write down your passwords, keep the paper on which theyre
written in a safe place, and jumble the characters in a memorable
way to slow down anyone who might find your list. (I discuss
writing down passwords further in Strategy A: Rely (Mostly) on
Technology and in Prepare an Emergency Password Plan.)
Always use a combination of all the character types available for the
password. (But dont worry, these passwords arent as hard to create
or remember as you might think, even if youre generating them
manually; read Create Security Passwords and Devise a Pattern for
Identity Passwords for more details.)
Character study: Some programs and Web sites exclude punctuation from the allowable character types, while others accept foreignlanguage characters (such as or , which you can enter using
Option-key combinations on a Mac). When choosing a password, find
out which types of characters the system supports, and use all available types. However, I suggest avoiding the space character and the
' and " characters (single and double straight quotation marks),
which can confuse some computer systems.
UNDERSTAND THE TWO PASSWORD TYPES

Passwords fall into two broad categories: those designed to secure
something (as in our ongoing example in the previous section) and
those designed to identify someone. Although this distinction is often
subtle, its something you should understand before delving into the
nuts and bolts of working with passwords.
Security Passwords
When most of us think of passwords, we assume their function is to
protect something, such as information (email or documents), access
(programs on a computer or entry to a building), or money (a bank
account or other assets). Many passwords do serve such a purpose; I
refer to these as security passwords. Like a key to a safe or a building,
this sort of password enables the holder to reach whats inside.
17
Also like a key, a password can be lost (forgotten) or stolen (discovered), and if hidden it can be found. An otherwise terrific password has
no value at all if it falls into the wrong hands. Likewise, just as a lock
can be physically broken if someone has no key, some kinds of information in the virtual world can be accessed without a password by
cracking, or circumventing security systems with clever programming
or manipulation. So it pays to bear in mind that choosing an excellent
password is only one part of keeping something secure.
That said, I cant overstate the importance of choosing security passwords wisely. Just as you wouldnt protect a bank vault with a suitcase
padlock, you shouldnt take unnecessary risks with your electronic
valuables by using an insecure password.
Identity Passwords
Of the hundreds of passwords Ive created, most exist not to protect
anything but merely to identify me. For example, say I register for
a free account at the New York Times Web site so I can read news
stories there. The site asks me to supply (among other things) a user
name and a password. My user name might be my real name, a variation, or a nicknamesomething someone else could guess. To ensure
that only I can log in with my user name, the site asks for a password:
information that only I know. (They may do this for several reasons,
one of which is to verify that only people who have agreed to their
terms of service get access.) I call such passwords identity passwords.
This type of password doesnt necessarily protect anything. Someone
who guessed or stole my New York Times password could log in as me
and read articles, but not drain my bank account or access my email.
For this reason, in most cases identity passwords need not be as
strongas difficult to guess or breakas security passwords. The
loss or inconvenience you might suffer if someone discovered your
identity password would, in most cases, be extremely minor.
FIGURE OUT THE RIGHT PASSWORD TYPE

When the time comes to create a password, your first step is to
consider its purpose: security or identity. This is trickier than it
sounds, because all security passwords also help identify you, and
some passwords that seem only to identify you turn out to protect
18
information too. (However, if you decide to follow Strategy A: Rely

(Mostly) on Technology, as I describe later, this decision is mootall
passwords can be equally secure.)
Consider the following guidelines:
If the resource accessed with the password involves money in
any way, its a security password. Examples include bank accounts,
PayPal, eBay, Amazon.com, the iTunes Store, tax preparation
services, utilities, and any online merchant.
If the password gives you access to private data, its a security
password. Examples include: email accounts; your Mac OS X
administrator account; third-party password utilities; social networking, dating, or job-hunting Web sites; network servers; and
AirPort networks.
If a Web site asks you to choose a user name and password only,
its clearly looking for an identity password. The same is true if a
site collects only general demographic information (your ZIP/postal
code, age range, gender, and similar facts).
Sites that ask for your real name, your email address, or both are
ambiguous. Ask yourself whether you would care if your name and
email address were posted publicly on the site if your password
were to be guessed. If the answer is no, consider it an identity
password; otherwise, its a security password.
If a Web site asks for your postal address, phone number, mothers
maiden name, date of birth, or anything else that specifically
identifies you, you should use a security password.
Some Web sites that store only your user name and password today
could, in the future, expand to provide new services and begin storing additional information about you. Of course, you cant always
predict this in advance, but if you have any suspicions or doubts
about what data the password may protect, consider using a security password instead of an identity password.
19
LEARN THE PROS AND CONS

OF REUSING PASSWORDS
A friend of mine had to supply the password for her Mac OS X login
account to a technician repairing her computer, which concerned her
greatly because it was the same password shed used in more than 100
other places. Although that particular technician was trustworthy, the
sad truth is that plenty of people arent. Someone else learning that
password might have used it to access all sorts of private information,
perhaps even stealing my friends identity and making fraudulent
purchases in her name.
You might decide that you should never use the same password in
more than one place, because varying your passwords greatly limits
the damage that can occur if someone learns any single password. At
the other extreme, you might decide to keep only certain (especially
important) passwords unique, while freely using a single identity
password that could result in little trouble if it were compromised.
I grant that coming up with an endless series of completely new
passwords is a hassle that no one should endure. On the other hand,
suppose you have a single password thats used in 100 relatively
unimportant places, and that password somehow becomes public.
Most likely youll still want to change it, because some neer-do-well
with too much time on his hands could do unpleasant things like posting bulletin board messages as you, bringing the wrath of media giants
on you by violating their service agreements, and so on. To avoid all
such consequences, youd eventually have to go to 100 different Web
sites and enter a new password on each one. That, too, is a hassle no
one should endure.
I advocate a compromise approach:
For identity passwords, I suggest that you either use a password
utility (as I discuss in Use Third-Party Password Tools) or follow a
pattern for creating passwords (described later in Devise a Pattern
for Identity Passwords) so that all your passwords are different
while still being easy to create and remember. A pattern-based
system requires almost no expenditure of brainpower after you
devise the initial template, making it virtually as easy asbut much
safer thanreusing one password everywhere.
20
Security passwords require more care, but youll have fewer of

them, so there will be less to remember; I discuss how to deal
with them (even without a password management tool) in Create
Security Passwords.
UNDERSTAND OPTIMAL
PASSWORD LENGTH
Having read Understand Password Security, earlier, you may be thinking that you should construct and memorize completely random 64character security passwords to thwart any cracking method available
to current or hypothetical future computers, but thats probably
unreasonable. Consider these factors:
The value of what youre protecting. If the treasure is someones
life or millions of dollars, for example, an insanely long password
is worth it. But if youre protecting only $100 in your checking
account, the effort of memorizing and entering such a long password is out of proportion to its value.
The likely effort someone would be willing to expend to break your
password. The people who have the computing resources to crack
a long, random password within a reasonable period of time arent
going to waste their effort unless they have something significant
to gain, and that may not include anything on your computer.
In other words, theres a range within which a password is adequately
secure for ordinary mortals but not so complex that youll never be
able to memorize itor that it will take too long to enter.
The important thing to remember is that length alone does not a
secure password make. As I described earlier, using characters from
a wider palette makes shorter passwords more secure, while using
guessable patterns makes longer passwords less secure. So there
are trade-offs. The fewer kinds of characters you include and the
less random it is, the longer your password must be; the broader
the character range and more random it is, the shorter it can be.
21
Touch typing: Most password fields display only bullet or asterisk

characters as you typenot your actual passwordso that someone
looking over your shoulder cant see what you enter. For this reason,
it pays to choose passwords that you can easily type accurately without being able to see them, and this can become tricky with long,
multiple-word passphrases, especially if they include seldom-used
special characters. This is one more reason why a shorter (but more
complex) password may be better than a longer one.
Length of Random Passwords

I performed some rough calculations to figure out how long it would
take to break random passwords of various lengths and character
ranges. For example, with a password containing a mixture of capital
and lowercase letters and numbers, a single desktop computer could
guess a six-character password in about an hour and a half; a supercomputer could do it in less than 6 seconds.
In Table 1 (shortly ahead), I list several character ranges and for each
one, the number of characters at which a password becomes long
enough that it would take an attacker at least twice as long as my total
life expectancy to test all the possible combinationsmeaning that,
on average, the probability of a given password being cracked while
Im still alive approaches zero. For a medium-security password, I
base this hypothetical statistic on an attack by a single well-equipped
hacker; for a high-security password, I base it on an attack by a massive supercomputer (or a botnet, a network of hacked computers
working together as a single attacker). Either way, I figure that if the
attacker cant crack my password during my lifetime, its as safe as it
needs to be.
Ive highlighted the row in the table that shows the alphanumeric
character ranges because these characters can be used safely in virtually any password. Although I encourage you to use punctuation and
special characters when you can, and doing so can result in shorter
passwords that are just as secure, the sweet spot for your average
random password turns out to be 10 or 11 characters.
22
Table 1: Recommended Lengths for Random Passwords

Character Ranges
Used in Password
Recommended
Recommended
Password Length for Password Length
Medium Security
for High Security
09
17
20
az
12
14
az, 09
11
13
az, AZ
10
12
az, AZ, 09
10
11
az, AZ, 09,

punctuation[1]
10
az, AZ, 09,

punctuation[1],
special characters[2]
[1]
Punctuation includes the 32 visible characters that can be typed on a

standard Mac keyboard (using the U.S. English layout) without modifier
keys or with the Shift key only (! @ # $ % ^ & * ( ) _ + - = ` ~ [ ] { } \ | ; : '
" , . / < > ?), plus the space character. However, some systems cant handle
spaces or single or double quotation marks (' or "), so I suggest avoiding
those.
[2]
Special characters, sometimes known inaccurately as high ASCII or

upper ASCII, are the 126 characters that, on a standard Mac keyboard
(using the U.S. English layout), can be typed using the Option key with
other keys:
/ fi fl ,

Length of Non-Random Passwords

For non-random passwords, youll need even longer strings. If your
password uses names and words from a dictionary (even assuming
that you choose multiple-word phrases), youll need 28 characters
to get the same (medium) level of security as a 10-character random
alphanumeric password, and 33 characters to get the higher level
of security provided by an 11-character random password.
23
Pronounced differences: Some people prefer pseudorandom

pronounceable passwords, which arent actual words but can be
sounded out as a memory aid. (In fact, the Mac OS X Password
Assistant offers pronounceable passwords with its FIPS-181 option.)
These passwords arent vulnerable to dictionary attacks but are
easier to crack than truly random passwords. Examples of pronounceable passwords are peilajooseft and imdudabondif. With
this type of password (assuming only lowercase letters), youd
need 14 characters for medium security and 17 for high security.
If ease of memorization is important to you, by all means go with a
longer but non-random password. But if you want to save yourself
some typing (and have fewer characters to memorize, even if theyre
harder to learn), choose a shorter, random password.
24
Choose a Password
Strategy
If you read the preceding chapter, you know about the difference
between identity passwords and security passwords, as well as how
long and complex passwords should be in order to avoid manual
or automated attacks. But when it comes to the nuts and bolts of
creating and using these great passwords, many people get stuck
between wanting an unguessable password on the one hand, and
wanting a memorable password on the other. These two goals arent
contradictory, though. You only need a good strategy.
In my view, the many methods of creating and using passwords
can be distilled into two broad approaches. In one, you rely primarily on technology to generate, store, and enter passwords for you
(although you must also take a few steps to remember certain passwords and perform some other tasks). In the other approach, you
assume that your brain will do most of the work of creating and
entering passwords, though you may use software tools to help you
with certain tasks (for example, selecting random characters).
Before you worry about the details of how to construct passwords,
its good to have in mind what your overall approach will be. Then
you can choose appropriate tools and techniques and not concern
yourself with those that dont apply to your strategy.
STRATEGY A:
RELY (MOSTLY) ON TECHNOLOGY
One approach to dealing with passwords is to decide up front that
youll let the computer do as much of the work as possible. Youll use
one or more programs to generate passwords for you automatically
(most likely long, complex, random passwords), to securely store
those passwords, and to enter them for you in most cases. I call this
approach Strategy A (A for automated!).
25
A great thing about Strategy A is that you need not make a distinction
between identity passwords and security passwords, or fret over the
minimum length and complexity for various passwords. Since theyre
all generated by software anyway, you can make all your passwords
equally secure.
Even if you choose to rely on technology, though, youll still need to
put your brain to work from time to time. For example, there are some
passwords that, by their nature, cant be entered automatically, such
as your keychain password (see Keychains) and your Macs Firmware
Password, if youve set one. Since you must remember these passwords, you might prefer to create them manually too, using one of the
methods I describe in Create Security Passwords.
If you have hundreds of passwords stored on your computer (presumably in a safely encrypted form), it behooves you to back them up
liberallythat is, frequently, in multiple ways, to multiple destinations.
If all your eggs are in one digital basket, you could be setting yourself
up for a world of hurt. Consult Back Up Your Passwords.
In addition, you may encounter situations when youre away from your
main computer but still need a password. For instance, you may want
to check your email from a public computer while youre on vacation,
or log in to PayPal to transfer money while youre at a friends house.
In cases like theseor when your computer is in the repair shop or
otherwise inaccessibleyou need an alternative means of viewing your
passwords. For some people, this could be an iPhone or iPad app that
syncs to a password management utility on your Mac. For others, a
better choice may be a Web-based password manager or an encrypted
Web page such as the one 1Password can create.
Dual-purpose backups: If you use a backup method that stores
your data in an encrypted, Web-accessible form using a program
such as Backblaze, SugarSync, or SpiderOak, your backup itself can
potentially serve as a means of remotely accessing your passwords,
as long as theyre stored in a format you can read on another
computer.
As an extra precaution against getting stuck without a password, you
might write down your most crucial passwords and keep them on your
person always. To keep them safer in case someone steals your wallet
26
or otherwise stumbles on them, jumble them according to a method

you can easily rememberfor example, writing them backwards or
writing down the next higher letter or number for each character.
To put it all together, Strategy A includes the following elements:
Random password generation: Use software to create all your
passwords. See Use Password Assistant, 1Password, and Other
Password Generators.
Secure password storage: Use your keychain (see Keychains),
1Password (see 1Password), some other tool (see Other Password
Managers), or a combination of these to store all your passwords in
an encrypted form.
Automatic password entry: Using your keychain (in conjunction with applications that support it) or a third-party password
manager, let your Mac enter your passwords as needed. See Safari,
1Password, and Use Passwords on the Web.
Rigorous backups: You can never have too many backups of your
passwords. Whether you use Time Machine, CrashPlan, Carbon
Copy Cloner, or any of 100 other programs, make sure your passwords are thoroughly and frequently backed up.
Remote accessibility: Make sure you can get at your passwords
in one way, or preferably several ways, when youre away from your
main computer. This could include any or all of the following:
A mobile app: Many Mac password managers have companion

apps for the iPhone, iPod touch, iPad, or other mobile gadgets
that enable you to keep your private information in sync with
your computer and safely encrypted. If you carry such a device
with you all the time, one of these may be the path of least
resistance. See 1Password and Other Password Managers.
A Web-based password manager: Although password

managers hosted on Web servers arent as flexible or convenient
as programs that run directly on your Mac or mobile device, they
do enable you to get at your passwords easily wherever you have
an Internet connection. See Web-Based Password Managers.
27
An encrypted Web page: 1Password lets you export your

passwords as a special encrypted Web page that you can put on
your own server, your MobileMe iDisk, a USB flash drive (see the
next point), or somewhere else where you can access it remotely.
Unlike Web-based password managers, this solution requires no
software to be running on the server. See 1Password.
A portable app: If you dont want to carry an iPhone or other

small computer with you, you could put your passwords on a
tiny USB flash drive that you keep on your keychain or in your
pocket. Several password managers that run on multiple platforms are designed to be stored on, and run directly from, these
drives. See Portable Password Managers.
A cheat sheet: I suggest making a short list of the top five or ten
passwords you rely on the most and which you might be unable to
remember when you most need theman emergency or a trip in
the distant future, for example. This list might include passwords
for your email account, keychain, bank account, or anything else
thats especially important. Be sure to modify the passwords on this
list in some easy-to-remember way so that they wouldnt be immediately useful to anyone who happened upon them, and keep this
list with you at all times (in your wallet, for example). Also include
on the paper the URLs for any online locations where youve stored
the rest of your passwords.
STRATEGY B:
RELY (MOSTLY) ON YOUR BRAIN
A different approach to password management is to forgo automated
solutions and put your confidence primarily in your brains computational and memory capabilities. This strategy costs nothing, doesnt
require you to install or learn any software, isnt affected by bugs or
program revisions, and protects you from the risk of a lost or stolen
gadget. It does, however, require considerably more thought and effort
than Strategy A. If you want to be entirely in control of your passwords
yourselfrather than putting your computer in controlStrategy B
(B for brain!) is the way to go.
28
You may, of course, choose to employ a bit of technology here and

there for the sake of convenience. For example, if you decide to come
up with a random password, you might use a password generator to
offer suggestions (see Use Password Assistant and Other Password
Generators), because randomness isnt something human brains are
good at. You may also decide to use your keychain or other password
manager to store a few carefully chosen passwords, simply to save
yourself the bother of retyping them all the time. But this would be
in addition to, rather than instead of, keeping them in your head.
Unless you have a photographic memory or enjoy the mental challenge
of learning and regurgitating complex strings of characters on demand,
Strategy B requires you to use mnemonic techniques. That is, you must
come up with patterns or other methods that enable you to create passwords that appear to be random but that you can recall or reconstruct
when needed. (I describe some of these techniques in Create Security
Passwords and Devise a Pattern for Identity Passwords.) Even so, for
the average person this strategy may tend to break down a bit once
your password list grows into the hundreds, and in any case its worth
writing down at least your most important passwords and keeping
them in a secure place.
Limitations of the brain also mean that the distinction between
identity and security passwords becomes much more important with
Strategy B. Because a passwords security increases with its randomness and length, you want your most important passwords to be as
random and long as feasible. But because longer and more random
passwords are harder to remember (and to associate with a particular
resource), youll inevitably want to follow a simpler system for creating
identity passwords, which will probably be much more numerous.
To summarize, Strategy B involves the following:
Identity and security passwords handled differently: For
security passwords, choose long(ish), random(ish) passwords that
a machine or another person wouldnt easily be able to guess (see
Create Security Passwords). For identity passwords, use a pattern
(read Devise a Pattern for Identity Passwords). Either way, the
process is normally manual, perhaps supplemented by suggestions
from a program for more secure applications.
29
Non-volatile CRAM (cerebral random access memory)

storage: Learn your passwords using rote memorization,
mnemonic clues, or the template that you reuse for identity
passwords.
(Mostly) manual password entry: Type your passwords
manually when neededthough you might use your keychain or
a password manager occasionally for convenience. Read Keychains
and 1Password.
A cheat sheet: Even if you trust your memorization skills
implicitly, you could someday be in a situation where stress, the
impact of a falling coconut, or some other random occurrence
prevents you from remembering a crucial password. So as in
Strategy A, I suggest keeping a short list of your most crucial
security passwords with you all the timeperhaps obfuscated
slightly to prevent them from doing a thief any good.
CHOOSING A STRATEGY:
JOES RECOMMENDATION
I used Strategy B for many years, and it worked reasonably well for me.
But my list of passwords grew dramatically over time, and as password
management software evolved I began to realize that I was putting
myself to a lot of unnecessary work and aggravation, while at the same
time taking shortcuts that led to many of my passwords being less
secure than they should have been. So I gradually shifted to Strategy A.
Today, 100 percent of my passwords are generated by software, and
perhaps 99 percent are stored and filled in automatically as needed.
I use my brain to store the remaining 1 percent or so, and Ive taken
precautions to ensure that I never get stuck without access to a needed
password.
My use of Strategy A reflects a certain amount of faith in technology
and in a few very smart software developers in particularI trust that
the methods I use to store and retrieve passwords will still work years
from now and with new versions of the applications that I rely on,
although I do have alternative means of getting at my passwords if
necessary. (See the sidebar Should You Trust a Password Manager? for
further discussion on this point.) It also reflects a degree of paranoia
30
(or perhaps I should say prudence) on my part: I assume that my

passwords are going to be attacked sooner or later, and that short,
simple, or obviously pattern-based passwords wont provide adequate
security. Because I have so many hundreds of passwords, relying on
technology prevents me from feeling overwhelmed or insecure.
However, if you have only a handful of passwords (say, a few dozen)
to keep track of, or if your risk level is much lower than mine, then
using software to create and manage all your passwords is probably
overkill. And if you dont share my faith in technology, youll want to
stick with a tried-and-true method thats guaranteed to keep working
indefinitely. In these cases, Strategy B is the smarter choice.
31
Generate Good
Passwords
Earlier chapters of this book discussed the principles that govern
a passwords security and the general strategies you might employ
to manage your passwords. Now its time to get down to specifics:
how do you go about constructing a secure yet memorable password? And what special techniques can you use for the seemingly
endless number of identity passwords most of us must maintain?
If youve decided on what Im calling Strategy Ausing automated
tools to create and store passwordsyou can skip lightly over most
of this chapter. However, even the most technologically dependent
person may have to set good passwords manually from time to time,
and you should be familiar with some of the basic methods for doing
so. Toward the end of this chapter, I also introduce you to Password
Assistant, a feature built into Mac OS X that can help you create
passwords of several types, with varying length and complexity.
In this chapter, I sometimes refer to passwords that I havent discussed in detail yet, such as the login and firmware passwords, as
well as the password for your Mac OS X keychain (itself a password
repository); I get into details about these passwords later.
CREATE SECURITY PASSWORDS

Taking all the previously discussed facts into account, Id like to make
suggestions for creating security passwords. (In the next section, I give
advice for identity passwords.)
When faced with the need to create any new security password, ask
yourself this question: Will I ever need to remember it on my own?
The answer may not be as obvious as you think.
On the one hand, the Mac OS X keychain can remember passwords
for you (see Keychains), and third-party Mac OS X and iOS tools can
help too (see Use Third-Party Password Tools). If a certain password
32
will be used only when you have access to such a program, you neednt
also store it in your brain. (You may, however, need to give another,
trusted person access to such a password; read Prepare an Emergency
Password Plan for details.)
On the other hand, as mentioned earlier, you may find yourself in a
situation where you must recall a password without help. If you have
not committed important passwords to memory, such a situation can
leave you stranded (but see Strategy A: Rely (Mostly) on Technology
for more advice). In addition, you must remember your Mac OS X
login, firmware, and keychain passwords, since you may not be able
to access your computer until youve entered them!
So, choose one route or another for creating security passwords:
The random route: If youre sure you can let the computer
remember a security password for you (or if youre willing to
memorize it by rote), use Password Assistant (see Use Password
Assistant) or another password generator (see Use Third-Party
Password Tools) to create a random 10- or 11-character string that
includes numbers and capital and lowercase letters, and store it
in your keychain or other password manager. Choose the length
according to your desired level of security (per Table 1) and the
restrictions on password composition (see Table 2, shortly ahead).
The non-random route: If you might need to recall a security
password yourself, use one of the following techniques (or devise
something comparable) to create a secure yet memorable password:
Use Password Assistants Memorable type to create a password

thats at least 17 characters long. (Some other password generators have comparable options.) You may think that 17 characters
is a lot to remember, but youll easily recall passwords like
Turkish1%teenaged, Bronx18\munches, or send78*obediently.
Create a 10- or 11-character string that appears to be random

but that has an underlying pattern that only you know. For
example, start with a movie quote you like, and write down the
first letter of each word. So, No matter where you go, there you
are becomes nmwygtya. Insert numbers within the string; for
example, since this quote is from a movie released in 1984, you
might have nm1wy9gt8ya4. Finally, capitalize some letters, such
33
as the vowels or the first and last letter: Nm1wy9gt8yA4. (For

more ideas on creating pseudo-random passwords, see the next
section, Devise a Pattern for Identity Passwords.)
Whichever procedure you follow, note that not all character types can
be used in all situations; Table 2 lists some of the restrictions.
Table 2: Password Restrictions
Password
Restrictions
More Information
Login
Avoid special characters
(including
typed using Option key.
administrator)
http://docs.info.apple.com/
article.html?artnum=302231
Firmware

For PowerPC Macs, also
avoid the capital letter U.
AirPort 3.0 or
later

WEP passwords (but not
WPA passwords) should
have either 5 or 13 characters (5 for 64-bit WEP,
13 for 128-bit WEP).
WPA passwords can have
8 to 63 characters (or 64
hexadecimal digits).
Keychain
None
Master
None
Root

Web sites
Varies by site. In general,

youre safe with az, AZ,
and 09; some sites
require a combination of
letters and numbers, some
restrict password length.
34
DEVISE A PATTERN FOR

IDENTITY PASSWORDS
For passwords that serve only (or mainly) to identify you, I suggest
building them out of two components: one thats always the same
and another that varies from one place to the next. To use a trivial
example, if you needed one password to open a door and another to
open a safe, you might take your recurring personal segment of a1b2
and add it to door and safe to get a1b2door and a1b2safe. (But those
are not good passwords; read on to see how to overcome that problem.) Each component of a good identity password appears to be
random, as does the password as a whole, but in reality they follow
a pattern that makes it easier for you to remember them.
Dont Panic!
The advice here may seem like too much effort for too little gain.
But its not difficult: you go to the small effort of creating two patterns just once, and then, after you use them a few times, theyre
burned into your memory and their use becomes automatic.
In fact, it can be even easier than that! As I explain later in
Keychains, Use Keychain Access, and Use Third-Party Password
Tools, in most cases your computer can remember passwords for
you, and if you prefer, it can create the passwords too, requiring
almost no effort on your part. You may, however, fall back on the
techniques described here when you need to remember passwords
without the aid of a software toolso dont skip this section even
if you plan to let your computer remember your passwords.
Whatever you do, resist the temptation to take the lazy way out
and reuse just one password everywhere. You might get lucky and
encounter no problems, but Id be irresponsible if I suggested it
was safe or wiseeven for these low-security identity passwords.
Password Part 1: Your Personal Segment

Lets begin with the part of the password that will be the same each
time its used. It should follow the guidelines mentioned earlier, such
as avoiding words in a dictionary and numbers someone might guess,
and mixing numbers with capital and lowercase letters. But it need not
be longfive to seven characters should be plenty.
35
If you want to generate a completely random set of characters and

dont mind memorizing it, thats fineand for help doing so, you can
use Password Assistant (see Use Password Assistant, a bit later in this
chapter). But to make memorization easier, I suggest obfuscating a
familiar string. There are innumerable ways you might do this; here
are a few strategies, to give you some ideas:
Start with a wordideally one thats obscure or from a foreign
languageand replace the vowels with numbers. For example, if
the word is aquatic, you might replace the vowels with consecutive
numbers, to get 1q23t4c, or reverse the numbering to get 4q32t1c.
Or use 1 for a, 2 for e, and so on: 1q5lt3c.
Instead of starting with a word, use the first letter of each word in
a phrase you can remember (such as a movie, book, or song title).
For example, The Long, Dark Tea-Time of the Soul could become
TLDTTotS. Play with the case of the letters to disguise their origin.
Reverse the order of any word or numerical string you choose, to
obfuscate it further. Instead of aquatic, choose citauqa; instead of
90210, choose 01209.
Intersperse a string of numbers with a word to disguise where both
came from. If your favorite movie is Star Wars and you remember
that it was released in 1977, you could produce strings like s1t9a7r7
or (in combination with reversal) 77sraw91.
To mix case, capitalize all the consonants (aQuaTiC), all the vowels
(AqUAtIc), every third letter (aqUatIc), the first and last letter
(AquatiC), or some other combination you can remember.
Combine several of these techniques. If you start with A rolling
stone gathers no moss and use the first letters, you get Arsgnm.
Replace the vowel with a number, and you get 1rsgnm. Capitalize
every other letter to get1RsGnM. Reverse that and its MnGsR1.
These are only a few of the techniques you can use to devise a pattern
that appears to be a random string of letters and numbers and yet is
easy to remember (or at least easy to reconstruct, even if it doesnt roll
off your fingertips). Before moving on, take a few minutes to come up
with a five-to-seven-character string to use as the unchanging part of
your identity passwords. It will become easier to remember as you get
into the habit of using it.
36
Shared Passwords
You may have to come up with passwords for other people
(coworkers or family members, say) or create a single password
that will be shared by several people (such as the password for
a shared network volume). In these cases, you should not follow
the patterns you use for your own passwords, because that
reduces their security. Come up with a separate pattern for any
password that must be shared and used regularly by other people.
Password Part 2: The Usage-Specific Portion

The second part of your identity password is specific to the place in
which its used. The idea, as with the first part, is to follow a pattern
so that it takes little or no mental effort to figure out what a given
password should be, while obscuring that fact from someone who
might obtain one of your passwords and try to guess the rest.
Lets say that my personal password segment is 9t3vQd (and that,
as random as it looks, its actually based on a pattern I can easily
recall). If I want to use this to create a password for the New York
Times Web site, I could make it 9t3vQdNYT or NYT9t3vQd. The
problem, though, is that the NYT part of the password is pretty
obvious. A hacker learning this password and noticing the origin of
NYT might guess that CI9t3vQd could be used to access my account
at Cooks Illustrated. (Great recipes are a hot commodity, you know!)
The goal, then, is to come up with a usage-specific pattern thats
immediately obvious to you, so that you can instantly reproduce
a password simply by looking at the name of the Web site or other
resource, yet other people wont be able to decode your pattern easily.
Many of the tricks for creating the personal password segment could
apply here, but the system needs to work equally well with single short
words, long phrases, varying capitalization, and so forth. Once again,
Id like to offer a few suggestions to spark your creativity:
Take the last six characters of the resource and reverse their order;
put the first three in the middle of your personal segment and the
last three at the end. So, if your personal segment is 9t3vQd and
the password is for the New York Times, youd take the last six
characters (ktimes), reverse them (semitk), put the first half in
the middle of your password (9t3semvQd), and put the other half
37
at the end (9t3semivQditk). If the resources name has fewer than

six characters (for example, Pogo.com), add zeroes (or some other
character) to each half to pad it (9t3og0vQdop0).
Count the characters in each word of the resources name (New
York Times = 345), and add up the digits (3 + 4 + 5 = 12). Append
all those numbers to your personal segment (9t3vQd34512). If you
have too few characters to make a password of your desired length,
add zeroes (or some other character) to the beginning of the string
to pad it (ZZ9t3vQd34512).
Using only the vowels in the resources name, add half (up to three)
to the beginning of your personal segment and the rest to the end.
(I recommend, for this purpose, counting w and y as vowels!) For
the New York Times, youd use the letters e-w-y-o-i-e. Put the first
three at the beginning of your personal segment and the other three
at the end: ewy9t3vQdoie.
Whether you use one of these techniques or devise your own, the key
is to be consistent. If you always use the same strategy to derive your
password, remembering the password for any given site will be a cinch.
But if you change the rules sometimes, youll have a hard time remembering your passwords. Decide up front whether youll base Web site
passwords on the sites name or its URL and whether youll include
elements like the, of, www, and .com in a password derivation.
Using the system I describe here, you can be relatively confident that
anyone who discovers one such password wont be able to divine the
passwords for any other of your accounts without considerable effort
and luck. However, if someone were to discover two (or more) of these
passwords, the job would become much easier. If you learned that my
New York Times password is tkro9t3vQdywen and my Cooks
Illustrated password is llis9t3vQdkooc, youd immediately notice the
common pattern, drop out the middle, and arrive at tkroywen and
lliskooc, which are easily decoded. This is one reason I recommend
against using this type of pattern for security passwords.
Warning! Please dont use the example passwords in this book! Lots
of other people have read it too, so those passwords are easy to guess.
Likewise, never use a password that appears in any book or movie;
hackers make a hobby of collecting, and trying, those passwords.
38
USE PASSWORD ASSISTANT

Hidden behind an obscure icon in a few Mac OS X dialogs is a useful
tool called Password Assistant. It can help you generate various kinds
of random passwords, with adjustable length and character type. It
even shows you how secure each option is. Its a shame Apple didnt
make it more accessible, but even that problem is easily solved (see
Password Assistant under Other Password Generators).
Note: Password Assistant is just one of many automated password generators; see 1Password and Other Password Generators.
Whenever you see the

button by a password field, you can click it
to display Password Assistant. Among the half-dozen or so places you
can find this button are: the dialog that appears when you create a user
or change a users password in either the Finder or the Accounts preference pane; the dialog for adding or changing a master password in
the Security preference pane; and the login window when you reset a
users password.
When you click the
appears.
button, a small, floating window (Figure 1)
Figure 1: Password Assistant creates several kinds of passwords for

you and gives you a visual indication of any passwords strength.
As soon as you open this window, a password suggestion appears.

Changing any of the options immediately results in a new suggestion.
39
The options you can adjust are as follows:

Type: From this pop-up menu, choose the type of password you
want. In this context, type refers to both the range of characters and
the way the password is constructed. Your choices are:
Memorable: The default setting, Memorable combines

multiple words (from a dictionary) with numbers and one
punctuation character.
Letters & Numbers: This choice includes numbers and capital

and lowercase letters.
Numbers Only: This is the least secure option, which in my

opinion you should always avoid.
Random: This option includes capital and lowercase letters,

numbers, and punctuation characters, but not characters you
type using the Option key.
FIPS-181 compliant: FIPS-181 is a standard used by the U.S.

Department of Commerce to create (mostly) random yet pronounceable strings. It uses only lowercase letters.
Manual: Enter your own password, and Password Assistant

indicates its quality.
To learn about the relative strength of these types, see the sidebar
Strength in Numbers (and Letters), shortly ahead.
Suggestion: As soon as you change the Type or adjust the Length
setting, the Suggestion field offers a suggested password meeting
your criteria. If its not to your liking, you can click the arrow at the
right of the field to open a pop-up menu with more choices. If those
arent enough, choose More Suggestions from the pop-up menu.
Length: Drag this slider left or right to adjust the length of the
passwords generated. The minimum is 8 characters and the maximum is 31 (though if you enter a shorter or longer password
manually, Password Assistant still measures its quality).
Quality: This gives a rough estimate of the passwords quality.
If the bar is more red or yellow than green, the password is less
secure; if its mostly or all green, its more secure. A longer green
bar is more secure than a shorter green bar. The method used to
40
assess quality is rudimentary and imprecise, and it doesnt take into

account issues picked up by the Tips field (explained next). Still, its
useful as a quick indicator of a passwords approximate strength.
Tips: This area makes suggestions regarding how the password
currently in the Suggestion field can be improved. For example,
if you enter only lowercase letters, the Tips area says, Mix upper
and lower case, punctuation, and numbers.
Strength in Numbers (and Letters)
If youre curious to know what it takes for a password to get the
Quality indicators highest rating (a full green bar), heres how the
various password types stack up:
Memorable: 21 characters
Letters & Numbers: 20 characters
Numbers Only: 39 characters
Random: At least 18 characters; sometimes requires 20
FIPS-181 compliant: 28 characters
Manual: Depends on characters chosen, but a minimum of 17
In other words, Random (or a carefully chosen Manual password)
gives you the highest ratio of security to length, and Numbers
Only gives you the lowest. (Even 17 characters is much longer
than most of us need; my point here is merely to illustrate how
Password Assistant judges the quality of various password types.)
However, even a password with the highest possible rating can
be insecure. For example, abcdABCD1234!@#$ fills up the green
bar, but because those characters follow an easy-to-type pattern
on the keyboard and arent mixed up in any way, the Tips field
(wisely) says, This is too simplistic or systematic.
TAKE ACTION!
Having read this chapter, you may now be thinking that a lot of your
existing passwords could stand some improvement. If so, use what
youve learned here to replace them with better passwords today. Of
course, if you have hundreds of bad passwords, changing them all is
not an easy project; for advice, see the sidebar Update Old Passwords.
41
Understand Mac OS Xs
Passwords
In the course of using Mac OS X, youll often encounter the need
for passwords: when you set up a new computer, install new software, connect to a wireless network, and more. Many Mac users
become aggravated at having to type passwords so often. Because
such frequent demands to enter a password are annoying, they
might lead you to choose less secure passwords so that theyre easier
to enter. Apples perspective is that requiring passwords regularly
helps keep your computer and its data safe and secure. In this
chapter, I discuss the various situations in which passwords are
needed in Mac OS X, how to enter and change them, and how secure
they should be.
Change the locks: Many passwordsincluding all the ones
described in this chapterare case-sensitive, which means that
if you accidentally have the Caps Lock key activated, youll type
an incorrect password. Some Mac OS X password dialogs display
a symbol next to the password field when Caps Lock is activated.
On a laptop, the Num Lock key can also lead to typing incorrect
passwordsthough no visual cue appears. If your password is
repeatedly rejected and youre sure youve typed it correctly, make
sure both Caps Lock and Num Lock are deactivated.
LOGIN PASSWORDS
Every computer running Mac OS X has at least one user accounta
means of identifying the person using the Mac at any given time. In
the Accounts preference pane, you can set up additional users if you
like. Each user gets a separate virtual (and private) space in which to
work; this includes access to the users own preferences, documents,
and Finder settings. The password for a user account is called the login
password. Its what you use to log in, thus gaining access to your personal space, but it has other uses too (as I explain a bit later).
42
Basic training: For more detailed information, consult Kirk

McElhearns Take Control of Users & Accounts in Snow Leopard.
When you set up a new Mac or install Mac OS X for the first time,
youre asked to enter your real name, a user name (typically shorter
than your real name; all lowercase and without spaces), and a password. In so doing, you set up a user account for yourself with administrator privilegesmeaning that you have the authority to add and
delete other user accounts, make changes anywhere on your disk, and
install and run any application. Each Mac has one or more administrator accounts. The login password for such an account is also known as
an administrator password. Mac OS X asks you for an administrator
password when you take certain actions that can have far-reaching
consequencesfor example, installing or using software that makes
changes to the /Applications, /Library, or /System folder.
How Many Administrator Accounts?
As an administrator, you can give other users administrative
privileges (by checking Allow User to Administer This Computer
at the bottom of the Password view in the Accounts system
preference pane). Because administrators could inadvertently
make changes that would erase important data or prevent the
computer from working properly, some experts suggest avoiding
administrator accounts for day-to-day use. (In my opinion, using
an administrator account as your main account is reasonable if
youre the computers only user, and it is only slightly less safe
than using a non-administrator account.)
Even if youre the only one using your Mac, I strongly recommend
setting up a second administrator account, with a different password, for your own use. You can log in with this second account
for troubleshooting or, should your computer ever require service,
you can supply the second user name and password to the repair
shop instead of divulging your main password.
43
Choose and Set a Login Password

Your login password not only identifies you but also protects a variety
of resources (such as your personal files), so its clearly a security password. This implies that it should be at least 10 or 11 characters long
and should follow the rules for secure passwords (see Create Security
Passwords, earlier). However, if you use a different password for your
keychain (read Keychains), you can get away with a somewhat less
secure login passwordand you may want to do this, because youll
be entering it often and because administrator passwords can be circumvented so easily (see Reset an Administrator Password, a few
pages ahead).
To change your login password, go to the Accounts preference pane,
click the lock icon, at the lower left, to authenticate (identify yourself
with a user name and password), and select your name in the list on
the left. Click Change Password, fill in the appropriate fields, and click
Change Password again.
Take (or Leave) a Hint
When you select a login password, Mac OS X provides a field in
which you can enter an optional password hint. Many Web sites
offer a similar field (sometimes required). If you forget your password, you can look at the hint and it might jog your memory.
While I appreciate the potential usefulness of hints, I dont use
them myself if I dont have to, and I recommend that you avoid
them too. Hints cut both ways: if they can help you remember
your password, they can also help a hacker (or, say, a disgruntled
employee or ex-boyfriend) learn it. In my opinion, hints considerably reduce the security of passwords.
If you use a password infrequently and feel so nervous about
forgetting it that youre compelled to enter a hint, make the hint
obscure. For example, if you created the password t0SsFm061Fm
from the quote Thats one small step for man, one giant leap for
mankind, a hint like Apollo 11 quote or The Eagle has landed
is too obvious. On the other hand, something more remote, such
as Tranquility or Colberts icon, might be enough to trigger
recall without giving too much away. (And if you dont know what
I mean by those references, dont worry: thats the point.)
44
Use Your Login Password

You enter your login password when you log in to your Mac OS X
account (which may happen automatically when you turn on your
computer); this gives you access to all your personal files and settings
until you log out or turn off your computer.
Away from home: Entering an administrator password at login
doesnt unlock every protected resource for the entire time youre
logged in, as you might expect. You must, in general, enter it again
every time you do something that makes changes outside your home
folder (/Users/your-user-name). Note that if youre currently logged
in as a non-administrator and youre asked to supply an administrator password, you must also enter the administrators real name or
user name in the Name field.
The default settings for when your login password is required are not
very secure. For example, if you walk away from your computer for a
few minutes, someone else could sit down and access any of your files.
If you live alone in a house in the country, thats hardly a concern;
however, if you do most of your work on your laptop in crowded city
cafs, you probably want as much extra security as you can get. So,
given the environment in which you use your computer, you should
consider whether additional security is advisable.
Each of the following settings that you change from the default will
result in your being asked to enter your password more frequently,
but with a corresponding increase in security:
Sleep and screen saver: Normally, your login access remains
active when your Macs screen saver activates or when the Mac
goes to sleep; waking the Mac puts you back where you were before.
But you can require entry of your login password when the Mac
wakes from sleep or the screen saver deactivates, to make your data
safer if youre away from your Mac for a while. To require a password in both cases, go to the Security preference pane (and then, in
Leopard or Snow Leopard, to the General view) and check Require
Password to Wake This Computer from Sleep or Screen Saver.
If you use your Mac only in a setting where you neednt worry about
someone else walking up to it and accessing your accounts, leave
this disabled; in other situations, I recommend enabling it.
45
Three for all: Note that the next three options apply to all users on
the computer, not just your own account.
Automatic login: By default, Mac OS X logs you in automatically
when you turn on or restart your Mac. If your Mac is in a secure
place where no one but you can access it, thats probably fine; otherwise, its best to disable automatic login (so that the login window
appears every time the computer starts up). You can do this in the
Accounts preference pane: click the lock and authenticate with an
administrator password; then click Login Options and choose Disabled from the Automatic Login pop-up menu (in Leopard or Snow
Leopard) or uncheck Automatically Log In As (in Tiger). Or, open
the Security preference pane (and then, in Leopard or Snow Leopard, go to the General view) and check Disable Automatic Login.
In general, laptops should always have automatic login disabled; for
other computers, the choice depends on whether anyone you dont
trust completely has physical access to your computer.
Automatic logout: When your computer goes to sleep or the
screen saver activates, youre still logged in, and any applications or
documents you had open remain so (even if a password is required
when the computer or display wakes up); this can potentially
increase your vulnerability to certain kinds of network-based
attacks. To take security one step further, you can have Mac OS X
log you out automatically after a period of inactivity; all programs
running under your user account will quit. To activate this feature,
go to the Security preference pane (and then, in Leopard or Snow
Leopard, to the General view), check the Log Out After __ Minutes
of Inactivity checkbox, and enter the desired number of minutes
before automatic logout.
For most users, enabling this setting is unnecessary, but it may
be useful for computers kept in highly public places.
Secure system preferences: Several preference panes contain
settings that affect all users accounts and potentially have security
implications for all users. To make it harder for an unauthorized
user to modify these settings, you can require that an administrator
password be used to unlock each pane individually. (The default
setting is that unlocking one pane unlocks them all.)
46
To activate this feature, go to the Security preference pane and

check Require a Password to Unlock Each System Preferences Pane
(Leopard or Snow Leopard) or Require Password to Unlock Each
Secure System Preference (Tiger). The affected preference panes are
Accounts, Date & Time, Energy Saver, Network, Parental Controls,
Print & Fax, Security, Sharing, Startup Disk, and Time Machine
(and some third-party preference panes).
This setting is useful primarily for computers shared by many
people, such as in schools and libraries.
Keychain password: By default, your login password is used
as your keychain password, which means that your keychain is unlocked automatically when you log in (see Keychains). To prevent
this, you can change the keychains password. Because the keychain
password is particularly valuable, I recommend that all users
change it to be different from their login password.
Login window alternative: When the login window appears,
it normally lists all the Macs users, each with an icon; you can click
one of them and enter a password to log in. Alternatively, the login
window can display two empty fields, one each for user name and
password; this makes it harder to break in, because the intruder has
to guess not only a valid password but a valid user name as well. To
switch the login window from a list to name and password fields, go
to the Accounts preference pane, authenticate if necessary, and click
Login Options. Then select the Name and Password radio button.
Displaying the login window as name and password fields is a good
idea for laptops and for situations where more than a handful of
people have user accounts.
Password hints: After a user tries to enter a login password three
times in a row without success, Mac OS X displays that users password hint (if one was entered). Because these hints can also help
an attacker figure out someones password, you can disable their
display. To do this, go to the Accounts preference pane, authenticate
if necessary, and click Login Options. Then uncheck Show Password
Hints (Leopard or Snow Leopard) or Use Password Hints (Tiger).
As I mentioned in the sidebar Take (or Leave) a Hint, I suggest not
using password hints at all.
47
Reset an Administrator Password

I have some good news and some bad news. The good news is that
if you forget your administrator password, you can reset it without
much difficulty; the bad news is that this fact makes administrator
passwords relatively insecure, because anyone else can do the same
thing. However, you can minimize this risk by setting a Firmware
Password and physically locking your computer with a security cable
(see the sidebar The Too-Open Firmware Password).
If you know the password of the administrator account that was
configured when Mac OS X was first installed (the original administrator, which Mac OS X sometimes treats in subtly different ways
from other administrators), you can change any other administrator
password with these steps (which work similarly for changing other
login passwords, though its generally best left to other users to change
their own passwords):
1. Log in as the original administrator.
2. Open the Accounts preference pane. If the lock icon is closed, click
it and enter your administrator password to authenticate.
3. Select an administrator and click Reset Password.
4. Enter (and repeat) a password, and optionally enter a hint.
5. Click Reset Password.
If your machine has just one administrator account (the original one),
you can reset its password as follows:
1. Put your Mac OS X Install CD or DVD in your optical drive and
restart with the C key held down (to boot from the optical disc).
Leave your troubles behind: Because this disc can be used to
bypass your administrator password, consider leaving it at home
when traveling with your laptop. But take another startup disc
(such as a third-party disk utility) with you in case of disk errors
that prevent you from starting your Mac.
2. Click through the language selection screen. Then choose Utilities >
Reset Password.
48
3. Select your usual startup disk. Then, from the pop-up menu below
the volume list, choose the user whose password you want to reset.
(Do not choose System Administrator (root), which represents an
entirely different account!)
4. Enter (and repeat) a new password, and optionally enter a hint.
Click Save, and then click OK.
5. Choose Reset Password > Quit and then Installer > Quit Installer.
Click the Reset button to restart from the hard disk.
Once youve done this, youll still be prompted to enter a password for
your login keychain (see Keychains, toward the end of this chapter). If
that password was the same as your login passwordmeaning it too is
forgottenyoull have to delete that keychain, make a new one, and set
that keychain as the default (see Solve the login Keychain Prompt
Problem).
Resetting an Administrator Password without a CD
or DVD
What if youve misplaced your Mac OS X Install CD or DVD,
or your optical drive isnt working, and you need to reset your
administrator password? Theres another option, although its
more convoluted. The procedure depends on what version of
Mac OS X youre using:
For Mac OS X 10.5 or later: Follow Apples instructions at
http://support.apple.com/kb/TS1543 under if you are unable
to log in.
For Mac OS X 10.4: Try the similar (but not quite identical)
directions at http://www.intelliot.com/blog/2005/02/mac-os-xpassword-recovery/.
MASTER PASSWORD
Mac OS X includes a security feature called FileVault, which encrypts
the entire contents of a users home folder so that all the data on the
machine is protected if the computer is lost or stolen. Like many other
Mac experts, Im unenthusiastic about FileVault. Its a great idea in
theory, but I find the implementation worrisome: its too easy for
49
something to go wrong that would result in the permanent loss of all

your data. However, the introduction of FileVault led to an interesting
and little-known password feature that could be useful even if you
dont use FileVault: something called a master password.
You configure FileVault in the Security system preference pane (in
Leopard and Snow Leopard, its in the FileVault view, as shown in
Figure 2). Before you can turn on FileVault for any user, an administrator must set a master password, which gives you a second way
to unlock your FileVault data in case you forget your regular login
password. What many people dont realize is that the master password
can be used to reset any users password, even an administrators,
regardless of whether that user has FileVault enabled. That makes the
master password an important safety net but also means its extremely
powerful, so it should be just as secure as any administrator password.
Figure 2: The FileVault view of the Security pane of System

Preferences lets you set a master password, which is used for more
than just FileVault.
50
Choose and Set a Master Password

When choosing a master password, use the same criteria that youd
use for any administrator passwordbut remember that if you forget
both the login password for a FileVault-protected account and the
master password, youre completely sunk. Even though you can reset
the login password associated with the account, doing so does not
unlock the accounts FileVault data.
To set the master password, go to the Security preference pane, click
FileVault (if youre running Leopard or Snow Leopard), and click Set
Master Password; to change it, use the Change button in the same place
(and enter the previous master password when prompted).
Although you can change the master password in the Security pane,
you cant remove it altogether here. If for some reason you want to
delete the master password altogetherwhich could be necessary if
youve forgotten ityou need to use Keychain Access to delete the
FileVaultMaster keychain; see Use Keychain Access for instructions.
Use Your Master Password

Once youve set up a master password, you can use it to reset any users
password; if the user has FileVault enabled, Mac OS X unlocks it upon
logging in with the new password. Follow these steps:
1. Display a login window, whether by restarting (if youve set Mac
OS X to open the login window on startup), choosing Login Window
from the Fast User Switching menu (if you have that option
enabled), or choosing Apple () > Log Out Your-User-Name.
2. Depending on how your preferences are set, click a users name in
the list or type the users real name or user name in the Name field.
3. Enter anything in the Password field and press Return. Assuming
you havent entered the correct password, the window shakes back
and forth to indicate no. Repeat this two more times.
4. After the third wrong try, the login window displays a password hint
if the user entered one; if so, enter something in the Password field
one more time and press Return.
If no password hint was entered, or after you try one more password
after being presented with the hint, the Password field changes to
Master Password (or in some cases simply Master). The hint for the
51
master password, if any, appears below the field. Enter your master
password here and then click Log In.
5. A warning appears, reminding you that changing a users password
creates a new keychain for that user (leaving the old keychain still
present and locked with its previous password). Click OK.
6. Enter (and repeat) a password, and optionally enter a hint. Click
Log In.
Mac OS X logs you in as that user and, if necessary, unlocks FileVault.
ROOT PASSWORD
Mac OS X is based on Unix, and in the Unix world the root user is
the most powerful user on the system, able to do anything up to and
including erasing the operating system itself. With a root password
(that is, the password for the user named root), you can do a tremendous amount of damage. For this reason, the entire root account is
disabled in Mac OS X by default.
Fortunately, almost anything you might need to do as the root user
can be done without enabling this account, as long as you have an
administrator password. And the vast majority of Mac users wont
even need root-user access at all, which is generally exercised only
in the command-line environment of Terminal. So I strongly suggest
that you do not enable the root account, no matter how geeky you are.
Rooting it out: If youre a tech-head working in a command-line
shell and need to log in as root, you can do so (even without the root
account being enabled) with sudo -s, entering your administrator
password when prompted. Be sure to type exit when you finish with
whatever tasks required root access.
If you absolutely must enable the root accountand Im speaking here
only to highly technical people who are certain they have a valid reason
for doing soyou can find instructions at http://support.apple.com/kb/
HT1528. If you do this, be sure to assign to the root user a password
thats different from, and at least as secure as, your administrator
password. (On single-user machines, you can safely use your administrator password as the root password.)
52
FIRMWARE PASSWORD
Because an administrator password can be circumvented relatively
easily (see Reset an Administrator Password), Apple provides additional security in the form of a firmware password. Unlike your other
passwords, this one is stored in the nonvolatile memory of a chip on
your Macs logic board, which means that you cant bypass it even if
you hook up a different hard drive or start from a CD or DVD.
PowerPC-based Macs use a system called Open Firmware; Intel-based
Macs have an analogous system called EFI (Extensible Firmware
Interface). The function of the firmware password is essentially the
same in both cases. No firmware password is set by default, but if you
specify one it has the following effects:
Most special startup modes are disabled that would normally be
activated by holding down one or more keys on the keyboard (such
as Command-S for single-user mode, T for target disk mode, C to
start from a CD or DVD, and Option to select a different startup
disk).
For Macs with PowerPC processors, accessing the Open Firmware
command prompt (by holding down Command-Option-O-F during
startup) requires entering the firmware password.
Holding down Command-Option-P-R during startup doesnt reset
the PRAM (parameter RAM), as it otherwise would.
In other words, the presence of a firmware password blocks most
of the paths someone might use to avoid or reset your administrator
password and get access to your computer and its contents. The downside is that if youre troubleshooting a problem that requires booting
from another volume, resetting the PRAM, or entering single-user
mode, youll have to disable the firmware password first, and then
restart to enable the special key sequences.
Choose and Set a Firmware Password

If you decide to set a firmware password, choose one thats not easily
guessed, but dont outdo yourself: its relatively easy for a hacker to
get past it (see the sidebar The Too-Open Firmware Password, shortly
ahead), and the aggravation youll suffer if you forget it could
53
be significant. Id opt for one or two words with some simple foils (see
Devise a Pattern for Identity Passwords) to disguise them.
With or without U: Because of a bug affecting Open Firmware
in certain PowerPC Macs, firmware passwords that contain the
capital letter U are not recognized. So avoid that character if you
have one of the affected models. For more information, consult
http://support.apple.com/kb/TA21330.
The tool you use to set, change, or remove a firmware password is
called Firmware Password Utility. For some reason, Apple neither
installs this along with Mac OS X nor offers it as a separate download
on its Web site. Instead, its provided on your Mac OS X Install or
DVD in the (normally hidden) /Applications/Utilities folder.
You can run it from the disc, but I recommend copying it to your
hard disks /Applications/Utilities folder to make it easier to find in
the future. To do this, insert your Mac OS X Install DVD, choose Go >
Go to Folder in the Finder, enter /Volumes/Mac OS X Install DVD/
Applications/Utilities, and click Go. The discs Utilities folder opens
in a new window; from there, you can drag Firmware Password Utility
to your hard disk.
To set your firmware password:
1. Open Firmware Password Utility.
2. Click Change.
3. Check the Require Password to Change Open Firmware Settings
checkbox.
4. Enter a password in the Password field; enter it again in the Verify
field. Click OK.
5. When prompted, enter your administrator password and click OK.
Your firmware password is now set; you can quit Firmware Password
Utility. The next time you restart, the password will be active and will
prevent startup from another volume or in a special mode.
54
The Too-Open Firmware Password

Setting a firmware password adds some security to your Mac, but
it provides no protection against an attacker whos knowledgeable
and who has physical access to your computer. Using a straightforward procedure, you can reset the firmware passworduseful
if youve forgotten the password, but unfortunate if your computer
falls into the wrong hands.
The most reliable way to defeat a firmware password, on a Mac
whose case can be opened conveniently, is to change the amount
of RAM in it. First, remove (or add) a RAM module, close the case,
and restart; during restart, hold down Command-Option-P-R to
reset the PRAM, and continue holding those keys down until you
hear the second startup chime. Release the keys and allow the
Mac to start up normally. (You can then, if you like, turn it back
off and restore the RAM to its earlier configuration.) You may also
need to open the Startup Disk preference pane and reselect your
preferred startup disk.
Most Macs have a slot for a security cable, such as the Kensington
MicroSaver, which enables you to physically attach your computer
to a desk or other sturdy object. Some Mac models are designed
in such a way that attaching a security cable also prevents the
case from being opened, making it that much harder to get
around the firmware password by changing the RAM. Security
cables are a good idea, but remember: they wont stop anyone
truly determined to get into a computer.
Interestingly, the MacBook Air, which lacks a security slot, also
has all its RAM soldered directly onto the logic board, so you cant
defeat the firmware password on that computer by changing its
RAM even if you can open the case. According to Apple, the only
way to get past a forgotten firmware password on a MacBook Air
is to take the computer to an Apple Store or authorized service
facility and let the technicians there work some magic.
55
EMAIL PASSWORD
Your email password may be one of your most valuable passwords.
Apart from the fact that your email may contain all sorts of interesting
personal information about you, consider that many Web sites use
email to remind you of your password if youve forgotten it. Someone
with access to your email account could click the forgot my password
link on a site where you have an account and simply read the resulting
message, thus learning a much more valuable password. For this
reason, I recommend choosing a very strong password for each of
your email accounts (including your MobileMe account, if any).
I must also remind you that even a secure password, if intercepted
in transit, is worthless (see Use Wireless Networks Safely). So take
every precaution to ensure that your email password remains private
especially when using public wireless networks. If your email server
offers secure authentication (such as MD5 Challenge-Response or
Kerberos), use that instead of the insecure Password methodand
note that this applies to both incoming (POP/IMAP/Exchange) and
outgoing (SMTP) email. Better yet, if possible, use SSL/TLS (Secure
Sockets Layer/Transport Layer Security) to encrypt both messages and
passwords traveling between your computer and the server.
In Apple Mail, you can change an accounts password by choosing
Mail > Preferences, clicking Accounts in the toolbar, and selecting the
account from the list on the left. In the Account Information view, you
can set the password for the incoming mail server; to set the SMTP
password (and its authentication options), click the Server Settings
button. To change the authentication method for incoming accounts
and turn SSL on or off, go to the Advanced view.
WIRELESS NETWORK PASSWORD

If your Mac connects to the Internet using a wireless network, that
network may be protected with a password. If you own the AirPort
base station, Time Capsule, or third-party wireless gateway that
provides your Internet access, you can choose whether or not to use
a password on it (consult your gateways manual for instructions).
Assuming its a relatively modern device that supports WPA (Wi-Fi
Protected Access) or WPA2 encryption (see Use Wi-Fi Encryption for
56
details), enabling this feature is a good idea. Even in your home, you
cant assume your wireless network is safe; a neighbor or someone in
a car across the street could be monitoring your data, looking for passwords. (I discuss wireless security in Use Wireless Networks Safely.)
A second pass: Besides the password that protects the wireless
network, AirPort base stations and other wireless gateways have a
second password that protects access to the configuration options of
the gateway itselfusing Apples AirPort Admin utility, a third-party
tool, or a Web-based interface. This administrative password is also
quite important; someone who guesses it could change (or eliminate)
the wireless network password and thereby gain access to the whole
network. Learn more about these passwords in Take Control of Your
Wi-Fi Security by Glenn Fleishman and Adam Engst.
In general, you should follow the same procedure for creating a wireless network password that you would for any other security password
(see Create Security Passwords). Bear in mind that since you may need
to share this password with others in your household or office who use
the same gateway, it should be different from your other security passwords and shouldnt follow a pattern that might lead someone to guess
your other passwords.
FILE SHARING PASSWORD

In an office environment where you must connect to a stand-alone
file server, your network administrator will supply the password. But
if youre using Personal File Sharing to share files between computers
in your home or office, each user must have a password to access an
account on each shared computer. (In general, this means setting up
a user account for each user on each computer.)
Tip: To learn more about sharing files, read Glenn Fleishmans
book Take Control of Sharing Files in Snow Leopard.
If your computers have equal physical security, if your network is

wired rather than wireless, and if youve followed my other tips to keep
your login passwords safe, then these extra login passwords need not
be particularly secure; you have several other layers of security already
in place. However, if you have a wireless network, if one or more of
57
your computers is publicly accessible, or if you havent protected your

login passwords on all machines, opt for a higher-security password.
KEYCHAINS
Since the days of Mac OS 9, Apple has provided a system-wide repository for each user that stores all of that persons user names and the
passwords associated with them; this repository is called a keychain.
The idea is that instead of having to remember (and manually enter)
dozens or hundreds of user names and passwords individually, you let
the keychain remember (and enter) them for you. The keychain itself is
encrypted and protected by a password. By entering just that one password, you unlock all the passwords inside the keychain; the system
then hands them to applications, network servers, or other resources
as necessary. Not all applications that use passwords are designed to
support the keychain, but most do.
All chained up: Although I use the word keychain in the singular
(as does Mac OS X in most cases), you can have more than one
keychain. I discuss the variety of keychains, and issues involving
the use of multiple keychains, in the next chapter, Use Keychain
Access.
Whenever someone creates a user account, Mac OS X creates a
keychain named login for that account. (In some earlier versions
of Mac OS X, this keychain was given a name matching the users
short namefor example, johnsmith. If you had such a keychain in
the past and either updated Mac OS X or copied your user data from
one machine to another, your current keychain may still have that
name.) Normally, this is your default keychain, and the only one
youll interact with regularly.
Heres an example of how a keychain can work: Suppose you have two
Macs networked together, and one of them has File Sharing turned on.
When you go to the other Mac, the first Mac appears in the Finders
sidebar under Shared. You select its icon and click Connect. An authentication dialog (Figure 3) appears.
58
Figure 3: When you check Remember This Password in My Keychain

and click Connect, Mac OS X adds the user name and password to
your default keychain.
After selecting Registered User and entering a valid user name and
password for the computer to which youre connecting, you check
Remember This Password in My Keychain and click Connect. Behind
the scenes, Mac OS X makes a new keychain entry containing the
address of the Mac youre connecting to and the user name and password you need to connect to that Mac. Assuming your keychain is
unlocked, the next time the authentication dialog appears for this
server, its already filled in; you need only click Connect. (Had you not
checked Remember This Password in My Keychain earlier, you would
have been presented with blank Name and Password fields to fill in
manually.)
By default, your keychain password is the same as your login password. Upon login, if your keychain is named login (or has the same
name as your user name) and your login password is the same as
your keychain password, your keychain is unlocked automatically.
Of course, by default, Mac OS X also logs you in automatically when
you turn on your computer. In other words, unless you change those
default settings, your keychain is unlocked every time you turn on your
computernot a terribly secure situation! Therefore, unless you use
your computer only in a setting where other people cant physically
access it, I recommend changing your keychain password so that its
59
different from your login password (see Use Keychain Access) and
turning off automatic login (see Use Your Login Password).
Note: Your keychain interacts with most parts of Mac OS X, but
since you cant access it until youve logged in, it cant automatically fill in your login password or firmware password. You can
enter those passwords in your keychain manually if you want to,
simply to have a secure place to keep them.
Choose and Set a Keychain Password

Because your keychain protects all your other passwords, your keychain password should be the strongest one you havein other words,
at least as strong as any other password in the keychain. If your keychain password is less secure than it should be, you can change it in
either of two ways:
Change your login password (see Choose and Set a Login
Password). If your keychain password is identical to your login
password, changing your login password also changes your keychain password to match.
Change your keychain password independently (see Change Your
Keychain Password).
Use Your Keychain Password

Mac OS X adds user names and passwords to your default keychain
every time you enter them when the Remember Password in Keychain
checkbox is checked. You can also add them manually; see Add or
Change Passwords.
At login, Mac OS X tries to unlock your default keychain. If youve
created other keychains and the default keychain is not login (or
the one matching your user name), a prompt appears asking for the
default keychains password.
Even if your keychain unlocks automatically at login (because its
password is the same as your login password), you can still lock or
unlock it manually at any time, in either of the following ways:
If the Keychain menu appears in your menu bar, choose Lock
Keychain keychain-name (or Lock All Keychains) from that menu
60
to lock it; choose Unlock Keychain keychain-name to unlock it.

If this menu does not appear in your menu bar, you can add it; see
Use the Keychain Menu.
Open Keychain Access (in /Applications/Utilities). If the Keychains
list is not showing on the upper left in the window, click the Show
Keychains button at the bottom left. Select your keychain in this list;
then choose File > Lock Keychain keychain-name.
You can also set a keychain to lock automatically after a given period
of inactivity, when your computer goes to sleep, or both (see Change
Keychain Settings). In either case, Mac OS X will prompt you to unlock
the keychain the next time its required to access some resource.
Most of your interaction with your keychain will involve locking or
unlocking it, and agreeing (or not) to have various passwords stored
there. However, you can do a great deal more with your keychain using
the Keychain Access utility, which I cover next.
61
Use Keychain Access

Keychain Access, a utility included with Mac OS X, enables you
to add, delete, view, and modify keychains and their contents. That
may sound simple, but Keychain Access is surprisingly complex.
Because most of your interactions with keychains will be mediated
by Mac OS X or another application, you may never need to use
Keychain Access at all; if you do, your most frequent activity is likely
to be looking up passwords youve forgotten. However, you can also
use Keychain Access to do numerous other tasks, including these:
Add new passwords manually, or change existing passwords.
Adjust the degree of access that applications have to individual
keychain items.
Change a keychains password.
Modify a keychains settings, such as MobileMe synchronization
and automatic locking.
Add or delete an entire keychain.
Create and view secure notes (such as credit card information).
Repair damaged keychains.
Manage certificates, which verify the identity of a person,
company, Web site, or other resource.
In this chapter, I cover only the aspects of Keychain Access that
youre most likely to use in keeping track of your passwords.
Tip: If you havent already done so, read Keychains, in the
preceding chapter, for a description of what keychains are and
how they work.
62
UNDERSTAND COMMON KEYCHAIN TYPES

When you open Keychain Access, you may see one or more of the
following keychains:
FileVaultMaster: If youve enabled a Master Password, its stored
in the FileVaultMaster keychain.
login (or your-user-name): Each new users default keychain
is named login (or it may be named the same as the users short
name). You may have both a login keychain and a keychain with
your short user name.
System: Every installation of Mac OS X includes a system-wide
keychain by this name, used to hold certain passwords applicable
to all users on the machine.
Beat the System: Occasionally, the System keychain may not be
updated correctlyfor example, when the password for a wireless
network changes. When this happens, you may be prompted to
unlock the System keychain, but only Apple knows its password. If
you encounter any trouble with your System keychain, the easiest
solution is to delete it, which you can do without knowing its password; Mac OS X then recreates a fresh System keychain for you.
See Use the Delete Keychain Command.
System Roots (known as X509Anchors under Tiger): This
system-wide keychain holds certificates used to validate the identity
of Web sites, companies, people, and other resources.
Microsoft_Entity_Certificates or Microsoft_
Intermediate_Certificates: If you use Microsoft Entourage,
you may have a keychain by one of these names. For most users,
this keychain remains empty. Microsoft doesnt supply its password; if you encounter repeated prompts to enter the password,
delete this keychain (see Use the Delete Keychain Command) and
Entourage will recreate it the next time it runs.
In addition, third-party software packages (such as Adobe AIR) may
add their own keychains to this list.
63
VIEW YOUR PASSWORDS

Over time, as you fill out forms on Web pages, connect to file servers
and wireless networks, and use software that requires access to your
keychain, youll accumulate many passwords. You may occasionally
need to know a password (as opposed to having it entered for you),
so Keychain Access lets you view your passwords (Figure 4).
Figure 4: The main Keychain Access window lists all your password
items.
The passwords (along with certificates, secure notes, and other keychain items) appear in a list. As with most lists, you can click a column
heading to sort by that heading; click a second time to reverse the sort
order. If youre unable to locate a certain password by name, you can
use either or both of two shortcuts:
Click an item in the Category list on the left to show only items in
that category. (Note that Passwords has three subcategories.)
Enter part of a domain name, user name, or application name in
the Spotlight search field in the upper right of the window to look
for matching items. (Spotlight can see the items names and account
information, but not your passwords themselves.)
Once youve located the item that youre looking for, double-click it
to open it in a new window (Figure 5). The Attributes pane in this
window displays Name, Kind, Account, and Where fields for the item
(the latter being the application or URL where it applies), and an
optional Comments field. (These fields are all editable; see Add or
Change Passwords, later.)
64
Figure 5: You can view the password, or enter or edit password item
details, in the Attributes view.
To see the password associated with the item, check the Show
Password checkbox. In the access confirmation dialog that appears
(Figure 6), enter your keychain password and click either Always
Allow (to prevent this dialog from appearing again for this particular
item) or Allow (to display the password but require entry of your
keychain password if this item is opened again in the future). If these
options annoy or confuse you, see the sidebar Confirming Access,
following the figure.
Figure 6: This weird and annoying access confirmation dialog helps

keep your password items safe from intruders and wayward
applications.
65
Confirming Access
An access confirmation dialog appears any time an application
requests access to an existing password in your keychain and
the application is not already listed as one youve authorized to
use that password. This applies not only to Web browsers and
third-party utilities but also inside Keychain Access. Keychain
Access asks you to enter your keychain password each time;
other software may or may not require a password, depending
on a given password items access control settings (shown in its
Access Control view in Keychain Access).
Either way, this dialog is notoriously frustrating and puzzling. Why
should Keychain Access need my password again, since I already
had to enter it to unlock my keychain? And why would I not want
to grant myself permanent access to see or use the item?
In a nutshell: Apple is trying to close every possible security hole.
For example, perhaps Ive unlocked my keychain and, without
having turned on automatic keychain locking, walked away from
my Mac. Now someone comes along and opens Keychain Access.
Without having to enter my keychain password (again) to view
each item, this person could access all my passwords!
As for the Allow versus Always Allow choices in the access confirmation dialog, it comes down to how secure your Mac is. If you
take good security precautions and are confident that no one will
ever be able to view your keychain without your password, Always
Allow is a perfectly good choice. Its also the logical choice for Web
browsers, email clients, and the like, which use your passwords
frequently. However, if your computer is in a public (or insecure)
location or if you simply want to be extra cautious, go with the
safer Allow option. (Why Deny is there at all, I dont know; if you
have the password, I cant figure out why youd deny yourself
access. Deny functions more as a Cancel button.)
Update alert: When you grant a program access to your keychain

and then update that program, an alert may appear to confirm that
youre willing to give the new version access as well. The reason? If
a program were modified without your knowledge (by a hacker or a
virus, say), granting it keychain access could spell trouble. So if this
alert appears and you havent updated the application, beware!
66
CHANGE ACCESS FOR A PASSWORD

When you ask an application (such as a Web browser or email client)
to add a password to your keychain, you grant access for that application to use that password item whenever your keychain is unlocked.
(You dont give that application the liberty to use other passwords.)
If another application wants to use the same password item, you must
explicitly grant it permission using the access confirmation dialog. If
you click Always Allow, the applications name is added to that password items Access Control list.
To display the Access Control list, double-click a password item and
click Access Control (Figure 7).
Figure 7: The Access Control view lets you set which applications
can interact with this password item without asking for permission
each time.
The programs listed are the ones that have full access to that password
item. If you later change your mind and want to require a particular
program to ask for a keychain password each time it uses that password item, select the item in the list and click the minus
icon.
(Although you can also add applications in this window, I recommend
67
against it. A more cautious approach is to grant access only when an

application explicitly requests it.)
This view has two other options you should be aware of:
If Confirm Before Allowing Access is selected (the default), each
new application must ask your permission before accessing this
password item. With Allow All Applications to Access This Item
selected, no permission is required. I recommend always sticking
with the Confirm option.
Ordinarily, when an application (other than Keychain Access)
requests permission to use a password item, it presents an access
confirmation dialog without a Password field. In other words, its
assuming youre aware that your keychain is unlocked, and its
simply alerting you that an application is accessing your keychain.
If you want the application to require your keychain password too,
as extra security, check the Ask for Keychain Password checkbox.
Save me: After making a change in the Access Control view, click the
Save Changes button, enter your keychain password when prompted,
and click Allow.
ADD OR CHANGE PASSWORDS

If you like, you can manually add password items in Keychain Access:
choose File > New Password Item, fill in the fields, and click Add. I
recommend doing this only for passwords that cant be added to your
keychain automatically, such as a firmware password or your login
password.
To change a password, double-click that item, modify one or more
fields, and click Save Changes. Enter your keychain password and click
Allow. In general, avoid changing the Where and Account fields, since
doing so may prevent the item from working correctly in Web forms.
68
Using Multiple Keychains

Although Mac OS X uses several keychains, only one of them
(your default keychain) is normally used to store new user names
and passwords. An exception occurs when applications create their
own keychains. In general, however, there are few benefits to
creating multiple keychains for yourself, and working with more
than one keychain is typically more annoying than helpful.
If you have multiple keychains and want to combine them, you
can drag items from one keychain to another to move them; to
copy them instead, hold down Option while dragging. Be aware
that you may have to enter your keychain password for each item
you move, however. Once a keychain is empty, you can delete it,
but make sure one of your remaining keychains is marked as the
default (as indicated by a boldface name in the Keychains list); if
not, select the desired keychain and choose Edit > Make Keychain
keychain-name Default.
DELETE PASSWORDS
If youve canceled an account or for some other reason no longer want
your keychain to remember a password, you can delete the password.
Simply select it and either press Delete or choose Edit > Delete. Confirm the deletion by clicking the Delete button.
On Safari: Safari has its own interface for removing passwords:
choose Safari > Preferences, click AutoFill, and then click the Edit
button next to User Names and Passwords. Select an item in this list
and click Remove to delete it. When you delete the item in Safari, it
disappears from Keychain Access too. If you delete a password item
in Keychain Access, however, the change doesnt show in Safaris
AutoFill list until you quit and relaunch Safari.
Another reason for deleting passwords is duplicates. For example,
suppose you fill out a Web form with a user name and password and
ask Safari to remember them in your keychain; then the Web site
displays an error message and you realize you entered the wrong user
name. You try again, and this time you succeed. Now your keychain
has two separate entries, one for each user name you entered! If, while
69
scanning your keychain, you notice such duplicates, feel free to delete
the wrong one (usually the one with the earlier modification date). On
the other hand, having extra entries does no harm, because by default
Mac OS X uses the most recent entry for any given URL.
CHANGE YOUR KEYCHAIN PASSWORD

If you want to use a different password for your keychain than for login
(or simply want to change it periodically on principle), you can do so
easily. Select the keychain in Keychain Access and choose Edit >
Change Password for Keychain keychain-name. Enter the current
password, enter and verify a new password, and click the OK button.
Note: If youve backed up your keychains (as I hope you have!),
remember that those backup copies still use your oldand
perhaps less securepassword. If you want to delete backup
copies of your keychain in a way that they cant be recovered,
drag them to the Trash and then choose Finder > Secure Empty
Trash. Then be sure to make another backup as soon as possible!
CHANGE KEYCHAIN SETTINGS

Besides the password, you can change several other keychain-wide
settings, by choosing Edit > Change Settings for Keychain keychainname to open the dialog shown in Figure 8.
Figure 8: In this dialog, you can adjust several keychain settings.
Your options are as follows:

Lock after __ minutes of inactivity: To keep your keychain
unlocked the entire time youre logged in (or until you lock it
70
manually), uncheck this box. To force the keychain to lock when

your computer has been idle for a while, check the box and enter
the desired number of minutes.
Lock when sleeping: Even though you may have used the
Security preference pane to require your administrator password
when the computer wakes from sleep, that doesnt mean your keychain locks automatically when the computer goes to sleep (even if
the passwords for both are the same). To lock your keychain when
the computer sleeps, check this box.
MobileMe Sync: If youre a MobileMe subscriber, you can use
MobileMe to synchronize your keychain between computers. A
message in the dialog tells you whether or not keychain sync is
currently enabled; to change the setting, click the MobileMe Sync
button to open the MobileMe pane of System Preferences, go to the
Sync view, and make sure Keychains is selected. (If youre using
Leopard or Tiger, youll instead see a checkbox labeled Synchronize
this Keychain Using .Mac in the dialog; check this box to turn on
MobileMe keychain syncing.) The keychain containing your
MobileMe user name and password must be unlocked before any
keychain can synchronize with MobileMe.
Note: Although Ive successfully synced keychains between
Macs for years, Ive heard of some people having problems when
syncing keychains containing certificates that are specific to a
particular computer (such as the ones used for encrypted iChat
and MobileMe). Apparently in some situations, syncing keychains
can result in the wrong certificate being used on a given computer, resulting in failed encryption. Im unsure what circumstances
give rise to this problem, but I wanted to mention it to provide a
clue to troubleshooting in the unlikely event that you experience
certificate-related error messages.
CHANGE THE DEFAULT KEYCHAIN

The default keychain is the one in which Mac OS X stores new user
names and passwords when you check a Remember Password in
Keychain checkbox. In addition, this keychain opens immediately after
you log in, prompting you for your keychain password if the keychain
71
name is not the same as your user name. In the Keychains list in
Keychain Access, the default keychain is shown in boldface.
Unless you have a special reason for choosing otherwise, your default
keychain should be the one that matches your user name. If thats not
the case and you want to fix it, select your keychain and choose File >
Make Keychain keychain-name Default.
ADD OR DELETE A KEYCHAIN

To add a new keychain, choose File > New Keychain, enter a name for
the keychain, and click Create. Then enter and verify a password and
click OK.
Deleting a keychain is less straightforward, because Keychain Access
provides an obvious and a nonobvious way to do this, each with different effectsand the nonobvious way is what Apple recommends!
Use the Delete Keychain Command

If you want to delete a keychain, the obvious strategy would be to
select that keychain and choose File > Delete Keychain keychainname. When you do that, a mysterious dialog appears (Figure 9),
asking whether you want to delete just the references or both the
references and related files. Huh? What are references and files?
Figure 9: I just tried to delete a keychain. Whats all this file and
reference stuff? In most cases, you probably want to delete both.
In this context, only one reference (or one reference and one file, if
you click Delete References & Files) would be deleted, in spite of the
plural used in the button labels. Heres what they are:
The file is the actual keychain file on the disk. These files are stored
in /Library/Keychains (for system-wide keychains) or ~/Library/
Keychains (for user-specific ones).
72
The reference is an entry in an internal list that Keychain Access

maintains. This list determines which keychains appear in Keychain
Access (and which, therefore, are accessible for storing passwords).
But, crucially, you can remove a keychain from Keychain Accesss
list without deleting it from your disk. The usual reason for doing
this is that youve forgotten a keychains password but hope to recall
it later; you keep the file around just in case, but meanwhile you
remove it from Keychain Access since its not currently usable.
So, if youre sure youll never remember the password (or simply dont
want the keychain anymore), click Delete References & Files; otherwise, click Delete References.
However, thats not the end of the story. In some circumstances, if
you delete a keychainparticularly one created by Mac OS X, such as
login or Systemthe keychain still appears in the list (albeit with a
blank icon) even if you click Delete References & Files. That is, in some
cases, Keychain Access deletes the file but fails to delete the reference.
If this happens to you, you must use the Keychain List (as described
next) to delete the reference.
Use the Keychain List

Even though you might see a list of keychains in the main window
of Keychain Access, the application maintains another keychain list,
which serves another purpose. This special list shows all the keychain
references the program is tracking, even though some of them could
refer to files that no longer exist.
If you use the Keychain List to delete a keychain, you can be certain
that youll delete only the reference, not the file. On the other hand,
you can also be sure that the reference will indeed be deleted, which
it may not be from the main window.
To delete a keychain using the Keychain List:
1. Choose Edit > Keychain List to open the Keychain List (Figure 10).
73
Figure 10: Youll see this list after you choose Edit > Keychain List,
letting you add or delete keychain references.
2. Select the keychain you want to delete.

3. Click the minus
button.
The keychain disappears from both the Keychain List and the main
Keychain Access window.
If you later want to add a previously deleted keychain, do this:
1. Choose Edit > Keychain List.
2. Click the plus
button.
3. Navigate to the keychain file on your disk. Select it and click Open.
The newly added keychain file appears in both the Keychain List and
the main Keychain Access window.
ADD NOTES TO A KEYCHAIN

Your keychain is mainly for storing user names and passwords, but
you can use it to store any sort of data securelyfor example, serial
numbers or bank account numbers. Apple refers to any such free-form,
secure data as a note. In my opinion, Keychain Access is less convenient and flexible in this regard than most third-party password managers (see Use Third-Party Password Tools), but if you have modest
needs, it may be adequate.
74
To add a secure note:

1. Choose File > New Secure Note Item.
2. Enter a name for the note and the note itself.
3. Click Add.
To view a secure note:
1. Locate the note in the list. (To make this easier, you can click the
Secure Notes icon in the Category list on the left to display only
notesor enter part of the notes name in the Spotlight search field
to find matching items.)
2. Double-click the note to open a note window.
3. Check the Show Note checkbox (Figure 11). The standard access
confirmation dialog appears; enter your keychain password and
click Allow or Always Allow to display the note.
Figure 11: You can store free-form notes of any kind in a secure
note.
75
REPAIR DAMAGED KEYCHAINS

Keychain Access has a feature called Keychain First Aid (once a separate application) that can repair corrupted or damaged keychains.
A damaged keychain can result in a variety of symptoms, such as a
failure to connect to a wireless network, a server, or the MobileMe
service, even though the passwords are stored in your keychain and
youve connected successfully in the past. If you suspect a keychain
problem, using Keychain First Aid is a good first troubleshooting step:
1. Choose Keychain Access > Keychain First Aid (Figure 12).
Figure 12: Keychain First Aid, built into Keychain Access, lets you
repair keychain problems with a couple of clicks.
2. Enter your keychain password in the Password field.

3. Select the Repair radio button.
4. Click Start.
Keychain First Aid scans, and attempts to repair, all your keychains.
The bottom part of the window displays the log (a series of messages
about the repair process), noting any errors that were resolvedbut
most errors cause no problems for users, so dont worry about them.
76
In addition to this general-purpose repair, Keychain First Aid can

make several other modifications to your keychains. You can select any
or all of these by choosing Keychain Access > Preferences and clicking
First Aid. The options for modifying keychains are as follows:
Synchronize login keychain password: If this box is checked,
running Keychain First Aid prompts you for your current password
and then changes the password of the login keychain (or the keychain matching your user name; likewise where I refer to the login
keychain below) to be the same as your login password.
Using different passwords for your keychain and login is safer; if
your Mac is accessible by others, I suggest unchecking this box.
Set login keychain as default: With this box checked, when
you run Keychain First Aid, if the login keychain isnt already the
default, it becomes the default.
I suggest keeping this box checked.
Change login keychain settings: When this box is checked
and you run Keychain First Aid, the Lock After __ Minutes of
Inactivity and Lock When Sleeping checkboxes for the login
keychain will be cleared (read Change Keychain Settings).
If you prefer to have your keychain lock itself for extra security, this
box should be checked.
SOLVE THE LOGIN KEYCHAIN

PROMPT PROBLEM
Resetting the original administrator password using the Mac OS X
Install disc (see Reset an Administrator Password) does not change
the password for that users default keychain. As a result, Mac OS X
prompts you to unlock the login keychain (using your new password)
every time authentication is required. As long as you know the login
keychain password, this isnt necessarily a problemin fact, its more
secure if your default keychain has a different password from your user
account.
77
However, if you prefer to have the passwords match so that you dont
encounter the prompts, follow these steps:
1. Open Keychain Access (in /Applications/Utilities).
2. If the Keychains list is not showing on the upper left in the window,
click the Show Keychains button at the bottom.
3. In the list, locate the login keychain. Your next step depends on
whether you know the password for this keychain:
If its already unlocked, its password is the same as your login
password; follow Steps 46.
If its locked, click the lock icon to the left of the keychain name
to unlock it; if youre successful, proceed with Steps 46, otherwise follow Steps 710.
If you know your login keychains password:
4. Select the login keychain in the list.
5. Choose Edit > Change Password for Keychain login.
6. Enter the current password, enter and verify your login password,
and click OK.
If you do not know your old keychains password:
7. Select your old keychain in the list and choose File > Delete
Keychain login. Click the Delete References & Files button.
8. The old keychain will still appear in the list, but without its icon. To
remove this phantom entry, choose Edit > Keychain List. Select the
old keychain in this list and click the
button.
9. Choose File > New Keychain, name it login, and click Create.
Enter and verify your login password, and click OK.
10. Select the login keychain and choose File > Make Keychain login
Default.
Your new login keychain is ready for use.
78
USE THE KEYCHAIN MENU

Keychain Access contains one last option I want to tell you about: the
Keychain menu. With this menu enabled, you see a lock icon in your
menu bar. Clicking this icon displays a menu (Figure 13) that lets you
lock or unlock keychains quickly, among other tasks. To enable the
Keychain menu, choose Keychain Access > Preferences, click General,
and check the Show Status in Menu Bar checkbox.
Figure 13: The Keychain menu gives you a quick, system-wide way
to lock and unlock keychains.
79
Use Passwords
on the Web
If your experience is anything like mine, the vast majority of the
passwords you have to create and remember involve Web sites
in some way. Ive had to create passwords for discussion forums,
technical support sites, newsletters, social bookmarking sites,
photo-sharing sites, and many others. (Most of these are used
purely for identification, but a fewsuch as passwords for eBay
and PayPalinvolve money and thus require greater security.)
In all these, the common thread is that the site must keep track
of some information about me while enabling me to change that
information. For example, suppose Ive signed up to receive the
weekly TidBITS newsletter. To send me the newsletter, TidBITS
needs my email address, but my address could change. So I have a
TidBITS user name and password with which I can log in to a Web
page to change my address (among other tasks).
From reading Learn Password Basics and Generate Good Passwords
you already know most of what you need to know to come up with
passwords for any purpose, but Web sites introduce some additional
complexity. For example, theres the matter of needing to supply
user nameswhat should you pick? And what about those verification questions that enable you to reset a lost passwordare they a
godsend or a security risk? Theres also the surprisingly complex
question of whether, or how, to have your browser or another utility
fill in user names and passwords for you. (You can even, in certain
cases, get around the need to have any password at all.)
80
Secure Passwords on Insecure Pages

Web sites that ask for user names and passwords often use SSL/
TLS to encrypt the information traveling between your browser
and the site, as signified by a URL beginning with https:// and a
lock icon in your browser window. However, some poorly designed
Web sites dont use encryption on the page that requests your
passwordmeaning that your password is sent in the clear, even
though the information on succeeding pages is encrypted. If you
must access such sites, you can protect your password using a
VPN (see Use a VPN).
CHOOSE GOOD USER NAMES

I cant tell you how many hundreds of times some Web site or other
Internet service has asked me for a user namea special handle by
which Ill be known to that system. If youre playing a game or trying to
hide behind an imaginary Internet persona, I suppose having an identity
like BabelFish42 or StudlyWarrior can be fun, and I recognize that a
parent, teacher, politician, or celebrity may want to participate anonymously (or pseudonymously) on a Web site. But usually I have no need
or desire to disguise my identity. I already have a perfectly good name,
and I get irritated when my real name is somehow insufficient to serve
as a user namewhich is most of the time.
The most common issue I encounter involves the space character.
When selecting a user name, I used to try Joe Kissell first, but most of
the time that resulted in an error message saying that user names cant
contain spaces. Increasingly, Web sites automatically use your email
address as a user name, or at least permit you to do so; however, sometimes Ive had jwk@mac.com rejected on the grounds that user names
can contain only letters. In such cases I generally resort to joekissell,
which usually works (there apparently being only a few other people
with that exact name). But occasionally a site says that ten characters
is too long for a user name, forcing me to go with jwkissell or jkissell.
81
Having one user name that works for all sites would be ideal, but,
frustratingly, no combination of characters Ive found has been suitable for every single site and service. More frustratingly, some sites
are set up such that you can change any piece of information about
yourself except your user name. So, in cases where my user name is
my email address, I may be out of luck if my address changes.
Taking all this into account, allow me to offer some advice about
choosing good user names:
Pick a user name thats highly likely to be unique. Your email
address qualifies nicely; however, you may want to avoid using it
as a user name in these situations (though, unfortunately, you may
not be able to tell all these things in advance):
If it will be displayed publicly and you want to protect your

privacy
If a system prevents you from changing your user name after

the fact
If you change email addresses from time to time
Most people can make reasonable user names by combining their

first, middle, and last names or initials. As in my example earlier,
you might concatenate your first and last names (joekissell), first
initial plus last name (jkissell), or two initials plus last name
(jwkissell). Or try your first name and last initial (josephk). Which
one you choose depends on your taste and the likelihood that it will
be unique (too bad if your name is John Smith!).
Once youve selected a good user name, use it in as many places
as possible. Unlike passwords, user names need not be unique, and
trying to make them so is unnecessary work.
Have one or two backup user names in mind in case the first one
you try is unavailable or disallowed for some reason.
82
Verification Questions
Some Web sites, particularly those that deal with money, require
you to supplyin addition to a user name and passwordthe
answers to one or more verification questions. Sometimes you get
to choose which of several questions to answer (What was your
first pets name? In what city were you born? What is your
mothers maiden name?); other times youre asked to type in
your own question and its answer. On occasion Ive had to choose
and answer as many as three verification questions.
These questions are designed to help you prove your identity if
you lose or forget your password. The supposition is that only you
know the answers to these questions, so if you claim to have lost
your password and answer the questions correctly, your password
will be revealed (or reset so that you can choose a new one).
The problem with verification questions is that most of them are
too obvious. Your mothers maiden name and the town you grew
up in are not secrets. Theyre matters of public record, fairly easily
discoverable if someone is willing to do the research. If you maintain a blog, you might have mentioned things like your first pets
name at some point, making that information public too. Armed
with such facts, someone could steal your password.
If you can choose among several questions, choose those whose
answers are least obvious. If you can choose your own question,
make it as obscure as possible (something like What was the
middle name of my best friend in junior high school?).
FILL OUT FORMS AUTOMATICALLY

Every major Mac Web browser (as well as Safari on iOS devices)
can fill out forms automaticallyoften called AutoFill. This typically
includes not just your user name and password but also other information, such as your name, email address, street address, and phone
number. The details of how this works vary from one browser to the
next.
Some people consider AutoFill the greatest thing since sliced bread,
because it saves time and effort while reducing errors. Others feel
AutoFill is dangerous, because its easy to enter passwords and other
83
personal information accidentally. The browser itself may not be

secured against unauthorized use (allowing someone else to use your
passwords when youre not around), and a site with malicious code
might trick your browser into revealing a password it shouldnt.
Despite these concerns, I count myself among the fans of AutoFill
(especially for passwords), if used judiciously.
Safari
Safari has a particularly good AutoFill feature, which makes use of
the keychain for usernames and passwords, Address Book for contact
information, and a private cache for other form data.
To activate AutoFill:
1. Choose Safari > Preferences.
2. Click AutoFill.
3. To use the information in your Address Book card to fill in contact
information, check Using Info from My Address Book Card. To
store (and retrieve) user names and passwords using your default
keychain, check User Names and Passwords. To use Safaris cache
for filling in form data of other sorts, check Other Forms.
Once youve turned on AutoFill, Safari begins collecting information
as you visit Web sites and fill out forms. For example, the next time
you enter your user name and password at a site, Safari displays
the dialog shown in Figure 14.
Figure 14: When you enter a new user name and password on a
Web form in Safari, this alert asks if they should be stored in your
default keychain.
To save the information youve just entered in your keychain, click Yes.
If you dont want to save the information now but think you might
want to later, click Not Now. If you never want to store the information
84
for this site and dont want to be prompted to do so again, click Never
for This Website. Regardless of what you click, Safari then uses the
information you provided to log in to the site.
If you choose to store the information, the next time you visit that page
Safari automatically fills in your user name and password as soon as
the page loads. As for the other form data (such as contact information), you can fill it in automatically in either of two ways:
Choose Edit > AutoFill Form (or press Command-Shift-A). Safari
fills in as many fields as it can.
Begin typing in any of the fields (such as Name). Safari attempts
to fill in the rest of that field with matching data from your Address
Book card or Safaris cache. If you then press Tab to move to other
fields, Safari fills in all of them too.
Warning! Depending on the way a given form is designed, Safari
might not be able to fill in some of the fields, or might put the wrong
information in some of them. Be sure to check all the values before
submitting the form!
If you later want to remove any of the stored passwords, you can delete
them either within Safari (click the Edit button beside User Names and
Passwords, select an entry, and click Remove) or by using Keychain
Access (consult Use Keychain Access). To remove other stored form
data, follow the same procedure, except click the Edit button next to
Other Forms.
Tip: Safaris AutoFill feature is good, but its not without limitations. For example, it cant access fields in certain forms (such
as those on many bank Web sites), it has trouble when you have
more than one account per site, and it cant share its form data
with certain other browsers (such as Firefox). A utility called
1Password can solve these problems and more.
85
Other Browsers
Safari isnt the only game in town. Many people prefer other browsers,
such as Firefox, Camino, and OmniWeb. Heres what several thirdparty browsers offer in terms of AutoFill:
Camino: Camino saves user names and passwords in the keychain
(much like Safari). It can also fill in arbitrary forms with information from your Address Book card, but it cant fill in other random
form fields.
Chrome: Googles much-hyped browser also uses the keychain to
store passwords. It can fill in not only information from your own
Address Book card but also other addresses, and even credit card
information, that you enter yourself.
Firefox: Firefox stores passwords and form data in its own private
database. It automatically fills in forms, but only if youve already
filled out that particular form yourself previously; unlike Safari, it
cant fill in contact information on arbitrary forms.
Flock: Flocks AutoFill capabilities are the same as Firefoxs.
iCab: Like Safari, Camino, and Chrome, iCab can store user names
and passwords in your keychain. (You can also opt to store them
separately.) It can fill in other forms, too, but only after youve
manually entered form data in its Forms Manager window.
OmniWeb: OmniWebs AutoFill feature is in some respects even
better than Safaris. It uses the keychain and Address Book, but it
enables you to edit contact information right in the browser. It also
has an Autocomplete feature that can remember and rapidly fill in
up to 5000 different pieces of information on nearly any form.
Opera: Opera includes a feature called Wand that can fill in user
names, passwords, and a limited set of contact information. All the
information is stored in a proprietary database.
Note: When I say credentials in this book, Im referring to the
combination of a user name and passwordeverything you need
to identify yourself to a computer system.
86
Skip Registration with BugMeNot

Web sites require you to log in with a user name and passwords
for a variety of reasons. In some cases, as Ive mentioned, they
have a legitimate need to track information about you; however,
in other cases they ask you to register only so that they can add
you to a mailing list or collect demographic data. When the information you can access by registering is free, and when you derive
no benefit from being uniquely identified, the requirement to enter
a user name and password is annoying. Happily, you can in many
cases circumvent the need to register, by using a free service
called BugMeNot (http://www.bugmenot.com/).
It works like this: You go to the BugMeNot Web site and drag a
special link, called a bookmarklet, to your browsers bookmarks
bar or add it to your Bookmarks menu. Then, when you visit a site
that asks for a user name and password, you click the BugMeNot
link (or choose it from your Bookmarks menu). A window pops up
listing user namepassword combinations for that site that other
people have set up (sometimes using fake or disposable email
addresses); try one of these until you get access to the site. If
you use Firefox, you can even install an extension that gives you
access to the user names and passwords with a right-click (or
Control-click), making the process even easier.
Not all sites work with BugMeNot, and sometimes none of the
user namepassword combinations provided is valid. But if youre
concerned about your privacy or simply want to avoid creating
unnecessary passwords, its a great tool to have available.
87
Use Third-Party
Password Tools
Whats not to like about your keychain? Its nicely integrated with
Mac OS X and with most applications that use passwords, it protects
data with strong encryption, Apple includes a capable management
tool (Keychain Access), and you can use all this without purchasing
any additional software.
For all its virtues, Apples keychain system has some limitations,
and numerous third-party utilities have emerged to address them.
Among the limitations are the following:
Not all applications support the keychain (Firefox and Thunderbird, for example, rely instead on their own keychains). This
means you may have to store duplicate user name and password
information in multiple places.
Some Web sites, including many banking sites, have forms
designed to thwart browsers autofill mechanisms. They do this
to provide an extra layer of protection against password misuse,
but at the cost of your convenience.
Apple lets you synchronize your keychains with a MobileMe
account, but not view the keychains content online or using a
Windows computer, an iOS device, or another mobile device.
Password Assistant, Apples tool for suggesting new passwords,
isnt as flexible or convenient as it could be.
Dozens of password utilities exist for Mac OS X; Id like to call to
your attention the ones I consider most useful.
1PASSWORD
Let me get right to the point: 1Password (http://1password.com/) is
the best, most capable, and most flexible password utility on the Mac
by far. It includes an excellent password generator, stores and manages
88
all your passwords efficiently, is directly accessible from a wide range

of Web browsers, and even has outstanding companion apps for the
iPhone, iPod touch, and iPad. (A Windows version is available, too, but
its still in beta testing at publication time.) Although I describe other
options later on, I cant recommend them with much enthusiasm.
Unless you need some obscure capability that 1Password lacks or cant
afford the $39.95 cost (or $69.95 for a five-user family packand you
can save 20% with the 1Password Coupon at the back of this book), you
truly need not consider any alternatives.
So whats the big deal about this program? What makes it different
from all the other programs that can create, store, and fill in passwords? Well, at the risk of turning this discussion into an advertisement, let me list the unique features I appreciate most:
Extensive browser support: Safari, iCab, and OmniWeb can
store passwords in your keychain, and other browsers use proprietary databases that they dont share with any other applications.
But 1Password ties into nearly every popular browser (and a few
that arent so popular): Safari, Camino, Chrome, Firefox, OmniWeb,
DEVONagent, NetNewsWire, WebKit, Fluid, and iCab. That means
just one central set of passwords can be used in all your browsers.
True browser integration: Some other password managers
can send your credentials, in a rather clunky and unreliable fashion,
to a Web browser, but 1Password extends your browsers by adding
a menu and/or keyboard shortcuts. That means 1Password need
not be running in order to be used; I simply go to any Web page I
want to visit as I normally would, and when the need for a password
arises, I have commands at my fingertips to produce it. This is a
vastly simpler approach than what other password managers offer.
(However, see the sidebar Should You Trust a Password Manager?
a bit later in this section for some qualifications.)
Create, store, and fill with two clicks: When you get to a page
that asks you to create a password, you can use 1Passwords excellent password generator to produce a random password of any
desired length and complexity.
But whats more impressive is that you can create the password, fill
it in on the page (even on pages that require a second copy of your
password, for verification), and store it (along with your user name
89
and any other form data) in 1Passwords database for future use
all with exactly two clicks. One: choose Strong Password Generator
from 1Passwords integrated menu. Two (assuming you dont want
to change any settings from the last use): click Fillor press Return,
making it one click! It doesnt get any easier than that. Later, to
log back in to a page for which youve stored your credentials in
1Password, you can press a user-definable key combination to fill
them in and click the OK button (or Log In or other default button).
Multiple sets of credentials: Sometimes you need to store more
than one user namepassword set for a given domain, and in such
cases, Safari offers no way to choose between sets of credentials. But
in 1Password, its easy.
Credit card information: Securely store the account information
for any or all of your credit cards, and use any of them to fill in an
online order form with just one click.
And those are only a few of the highlights. 1Password has a long list
of other featuressecure note storage, password strength indicators,
automatic integrated backup, and wireless iOS device synchronization,
to name a few. It truly has everything you need in a password utility.
1Password is easy to use. It would take many more pages than I can
devote here to do justice to all its features, but I do want to highlight
two capabilities that I think are particularly important and relevant to
readers of this book.
iOS Device Support

If you own an iPhone, iPod touch, or iPadand especially if you
subscribe to my technology-reliant password management strategy
(see Strategy A: Rely (Mostly) on Technology)youll want to
synchronize your 1Password data with your mobile device to keep
the data with you at all times.
1Password has three iOS versions:
1Password for iPhone ($9.99)
1Password for iPad ($9.99)
1Password Pro ($14.99)
90
All three offer the same basic features, including strong encryption, onthe-go generation of new passwords, easy Wi-Fi syncing with your Mac
or via Dropbox (https://www.dropbox.com/), and integration with
Safari by way of a special JavaScript bookmarklet. The Pro version is
a universal app that features both iPhone/iPod touch and iPad user
interfaces, so you can save money if you have both types of device.
1Password Anywhere
Whether or not you carry a device in your pocket that can run a version
of 1Password, you may want to take advantage of a feature called
1Password Anywhere, which automatically saves all your credentials as
a secure Web page. By secure Web page I mean a single HTML page
containing all your data in a safely encrypted form, plus the necessary
JavaScript code to decrypt it when you supply your password. This
page is stored automatically in your 1Password keychain (a special folder that ordinarily looks like a file, but which you can open to display
its contents). That means you can store your 1Password data in a portable format, accessible from nearly any computer with a Web browser.
You dont have to do anything special to create this Web page; you
need only be sure you have mobile access to your 1Password keychain.
You might, for example, choose your Dropbox as the storage location
for your 1Password keychain file, or put a copy of the file on your Web
server or on a USB flash drive that you carry around with you.
To find out where youve stored your 1Password keychain, open
1Passwords General preference pane. The path to the keychain is at
the top of the pane. If you want to move the keychain to, say, your
Dropbox folder, click the Move button below the path.
Then, to access your secure data, do the following:
1. On a Mac, right-click (Control-click) the 1Password.agilekeychain
icon and choose Show Package Contents. (On any other platform,
1Password.agilekeychain appears as a folder already.)
2. Open the file 1Password.html. For example, double-click it to open
it in your default Web browser.
3. Enter your 1Password master password and click Unlock to view
your data. Click the lock icon in the upper-right corner of the window to relock it, or simply close the tab or window containing your
1Password data when youre done.
91
Should You Trust a Password Manager?

Having sung the praises of password managers generally (and
1Password in particular), I want to address a concern that more
than one Mac expert has raised: is it wise to become dependent
on a program to manage and fill in passwords for you, when the
developer could go out of business or some future Apple software
update could break that capabilityor when you might get stuck
without the software?
My answer to the not-getting-stuck part is to use features such
as iOS device syncing and secure Web pages to make your data
available when youre away from your computerand perhaps to
keep a cheat sheet of a few key passwords, too (as I describe in
Choose a Password Strategy, earlier).
As for a developer going out of business, thats always a possibility, of course, much as we all hate to see it happen. However, as
long as the program lets you export data in some standard format
(as 1Password doesin fact, it offers a few options, including
the Apple keychain format!), you can switch to another program
readily. So thats not a worry either.
Some password managers have used unsanctioned methods to
tie into browsers. For example, 1Password once used a technology
called input managers to provide automated password entry in
Safari. Although it worked well, Apple disabled this capability for
64-bit applications in Snow Leopard out of concerns for security
and stability. But Agile Web Solutions, 1Passwords developer,
simply adjusted to a more modern, officially supported technology
called scripting additions to provide the same features. Even in
the unlikely event that integration were to become impossible in
the future, a 1Password user could switch to another browser or
to Safaris built-in keychain support, or even to copy and paste
without tremendous grief.
Bottom line: Theres no good reason not to trust a program like
1Password. It doesnt hold your passwords hostage or limit you;
it only offers a convenienceand one thats highly likely to survive
over time.
92
OTHER PASSWORD GENERATORS

If 1Password isnt to your liking, you still have numerous choices when
it comes to programs that can create passwords for you:
Shared features: All the following utilities are free, and they all let
you set a passwords length and which types of characters it uses.
Arcana: Arcana generates random passwords made up of dictionary words, numbers, and punctuation, according to a pattern you
specify. For example, if you enter the pattern 4,p,5,n Arcana generates a password consisting of a four-letter word (4) followed by a
punctuation character (p), a five-letter word (5), and a number (n).
A given pattern can result in any number of random passwords.
http://www.tekuris.com/products/arcana
Make-a-Pass: This password generator comes as a Dashboard
widget, saving you the bother of launching a separate application.
http://andrew.hedges.name/widgets/
Mnemosyne: If youre afraid of forgetting a password, Mnemosyne can help by producing a password thats not strictly random,
but rather a random-looking hash: a string derived using a calculation involving your user name and an easy-to-remember phrase.
If you later enter the same user name, phrase, length, and character
types, Mnemosyne can recreate your password. Mnemosyne is also
available as an iPhone appfree with ads, or $0.99 without.
http://software.dibomedia.de/products/show/3
Password Assistant: If you like Apples Password Assistant but
you find it cumbersome to use outside of Keychain Access (or a few
other applications), codepoetrys Password Assistant is for you. This
tiny tool lets you launch Apples Password Assistant as a standalone application. This is my favorite password generator.
http://www.codepoetry.net/products/passwordassistant
RPG (Random Password Generator): RPG is a mostly
unexceptional password generator, but it includes an option to
specify any set of characters that must be included in or excluded
from your passwords. You can also create your own set of password
parameters, called schemas, for different uses.
http://www3.autistici.org/rpg/
93
Tip: If youre looking for something even more powerful, many of

the other password managers described just ahead also include
built-in password generators.
OTHER PASSWORD MANAGERS

Although Im especially fond of 1Password for Web forms, and of Mac
OS Xs built-in Keychain mechanism (see Use Keychain Access) for
passwords used elsewhere in Mac OS X, many other programs exist for
storing passwords, serial numbers, financial information, and other
sensitive data in a heavily encrypted database that can be opened with
a single password. When compared to Keychain Access, third-party
password managers typically offer features such as stronger encryption,
a greater variety of fields for each record, versions for both Mac OS X
and Windows, and syncing with handheld devices.
Merely storing passwords isnt enough, though. You must be able to
use them when you need them. Having to open a password manager,
find a password, copy it, switch to your browser, and paste ita
procedure some managers requireis too much effort. Slightly higher
on the usability scale are password managers that let you click a button
to launch a URL and even, in some cases, type or paste your credentials on the resulting Web page. (Even thats too cumbersome, in my
opinion, because it forces you to switch between programs constantly.)
Although none of the tools in this section has the degree of integration
or usability of 1Password, each has a redeeming feature that makes it
worthy of mentionfor example, syncing with handheld devices or
Windows software, or accessibility in some unusual manner.
Ive divided this topic into three categories:
Desktop Password Managers are stand-alone Mac OS X programs
(which may, in turn, sync with other applications or devices).
Portable Password Managers are applications designed to be stored
on, and run directly from, a USB flash drive (perhaps even
on multiple operating systems).
94
Web-Based Password Managers keep all your password information

on a Web server, making them accessible from almost anywhere.
(For more about how to make sure your passwords are available
when and where you need them, read Strategy A: Rely (Mostly) on
Technology, earlier.)
Desktop Password Managers

Mac OS X password managers with potentially useful features include:
Data Guardian: Available for Mac OS X, Windows, and iPhone
or iPod touch (but not as a native iPad app), Data Guardian uses
heavy-duty 448-bit Blowfish encryption. It has a template-based
password generator: you specify a pattern of letters, numbers, and
special characters and create passwords that fit the pattern. An
Export feature copies selected records to your keychain so that
Safari (but not most other browsers) can use them to autofill. This
is a one-way copy from Data Guardian to your keychain; if you
change the keychain and resync, your new keychain values are overwritten. Data Guardian can also send credentials to FTP programs
and other Internet clients in certain scenarios.
http://www.koingosw.com/products/dataguardian.php (Mac or
Windows version, $19.95; iPhone version, free)
info.xhead: This all-purpose snippet keeper holds notes, bank
account information, passwords, and any other text-based data you
care to throw at itall protected with 448-bit Blowfish encryption.
It can also, with one click, open a URL in Safari, enter your credentials, and submit a form. However, as with most other password
managers in this section, it doesnt give you direct access to your
passwords from within your Web browser.
http://www.xheadsoftware.com/info_xhead.asp (Single license,
$25; Family Pack, $40)
Keeper: This tool stores passwords, notes, and other text, syncs to
an iOS device, BlackBerry, or Android phone, imports and exports
data in a variety of formats, and features a password generator and
basic autofill capabilities.
http://www.callpod.com/products/keeper_desktop (desktop
version, $29.99 per year for two computers; mobile versions, free)
95
LastPass: This unusual, hybrid password manager could be

classified as a portable or Web-based manager. It comes in versions
for almost every imaginable platform (including iOS) and can be
accessed via a Web browser without any software. But I think that
as a Mac user you get the best experience with the LastPass plugin
for your favorite browser (Safari, Firefox, or Chrome), which makes
it function more or less like a desktop manager.
In much the same way as 1Password, LastPass can record passwords as you enter them in Web forms; it then encrypts them
locally and stores them (still encrypted, naturally) on the LastPass
servers, enabling the service to sync your passwords across devices
and platforms. The next time you visit a site for which youve stored
credentials, you can use a browser plugin to autofill them, or access
them in numerous other ways. LastPass has oodles of features,
including a password generator and secure notes, and its reasonably easy to usealthough I find the user interface to be somewhat
clunky, especially compared to 1Password.
https://lastpass.com/ (free; some features and platforms, including
iPhone, require $1-per-month Premium subscription)
Passpack: Passpack is a Web-based service for storing confidential
information, but it also comes in a desktop version (based on Adobe
AIR and compatible with Mac OS X, Windows, and Linux).
http://www.passpack.com/ (free for up to 100 passwords; Pro
version, which supports 1,000 passwords, costs $1.50 per month;
other plans are also available)
Passwords Plus: This password manager from DataViz comes
in Mac and Windows versions. It includes a basic password generator; however, its feature set is limited, and it doesnt interact with
your keychain or other applications directly.
http://www.dataviz.com/products/passwordsplus/
($29.99 for Windows or Mac version)
PasswordVault: Although designed mainly for storing passwords,
PasswordVault can also securely store credit card numbers, notes,
and other data, using bafflingly strong 896-bit encryption (which
take it from meis utter overkill, and also rather pointless unless
your encryption password is itself a paragraph long). It can automatically fill in your credentials on most Web pages and includes a
96
password generator. PasswordVault runs on Mac OS X, Windows,

and Linux and is available as a cross-platform bundle called
PasswordVault2Go, which can run directly from a USB flash drive.
http://www.lavasoftware.com/ (Standard Edition, $29.95;
Professional Edition, $89 for five-user pack)
PasswordWallet: Like several other password managers,
PasswordWallet uses 448-bit Blowfish encryption, making it much
more secure than your keychain. It comes in Mac OS X, iOS, and
Android versions (among others) and offers easy syncing between
platforms. Integration with Web browsers is unusual but functional:
after selecting an item in PasswordWallet, you click an icon or use
a keyboard shortcut to open its URL in your default browser, and
then click in the user name field and press Option. The program
types your user name in the field, tabs to the next field, and
types your password there. PasswordWallet also has a templatebased password generator.
http://www.selznick.com/products/passwordwallet/mac/
(Mac version, $20; iOS version, $4.99)
SplashID: SplashID is unique among password managers in that
it comes in versions for nearly every major handheld operating
systemnot only for iPhone/iPod touch, iPad, and Windows
Mobile, but also for Android, BlackBerry, Symbian UIQ, and
Nokias Series 60, and you can sync between platforms relatively
easily. SplashID uses solid, 256-bit Blowfish encryption, and it
includes a password generator and an optional Safari plugin.
http://www.splashdata.com/splashid/desktop/ (Mac or Windows
version, $19.95; iPhone/iPod touch and iPad versions, $9.99 each;
other platforms vary)
Web Confidential: One of the oldest password managers available for the Mac, Web Confidential also has a version for Windows.
Your data is protected with 448-bit Blowfish encryption. With
Web Confidential running in the background, you can access user
names and passwords from a menu that appears in most Internet
programs. Choose a Web site from this menu and it opens in your
current browser; click a button in a floating window to enter your
password (with or without a user name). Web Confidential can
import items from your keychain, but only if you individually
approve each item with your password (a constraint on Apples
97
side). You can store the master Web Confidential password in your
keychain, though doing so reduces your Web Confidential security
to the level of the keychain. Like most password managers, Web
Confidential includes a password generator.
http://www.web-confidential.com/ (Mac or Windows version, $20)
Yojimbo: Yojimbo is more of a general-purpose snippet keeper
than a simple password manager. It stores everything from URLs,
notes, and short text clippings to complete Web pages, PDF files,
and other complex documents, making it more versatile than
info.xhead. It includes explicit support for passwords, of course,
and all passwords are automatically encrypted with Yojimbos
strong AES-256 encryption. In addition, you can encrypt any other
item in Yojimbo manually, making it ideal for storing sensitive
information that wouldnt fit in other password managers. Unfortunately, its interaction with your browsers and other applications
is limited to copy and paste.
http://www.barebones.com/products/yojimbo/ ($39)
Portable Password Managers

A portable application is one that can be stored on, and run from, a
USB flash drive (or other external storage device) without requiring
any software to be installed on the host computer, and without storing
any data on the host computer. In other words, its completely selfcontained. So, a portable password manager is a password manager
designed to be used in this fashion, making it convenient to carry all
your passwords around with you and use them on other computers.
Many portable password managers run only on Windows computers,
but at least a couple are not only portable but multi-platform: a single
package contains software that runs on multiple operating systems
plus all your password data. Here are three examples:
InfoWallet: InfoWallet can store your medical and insurance
data, software serial numbers, and other private dataincluding
passwordsbut doesnt include a password generator or an autofill
feature. It runs on Mac OS X, Windows, or Linux.
http://www.infowallet.com/ ($29.99)
98
Password Dragon: This Java application can run on Mac OS X,

Windows, and most flavors of Unix (including Linux). It includes a
password generator and can store other kinds of textual information
besides passwords, but it offers no auto-fill capabilityyou must
use copy and paste to get your credentials into your browser.
http://www.passworddragon.com/ (free)
PasswordVault2Go: This portable version of PasswordVault
(described earlier) is a cross-platform bundle that runs on Mac
OS X, Windows, and Linux and can be stored in a self-contained
form on a USB flash drive.
http://www.lavasoftware.com/ (Standard Edition, $29.95;
Professional Edition, $89 for five-user pack)
Web-Based Password Managers

Web-based password managers require no local software (or data
storage); all the work of storing, editing, and delivering passwords
happens on a Web server and is presented in a browser window.
The nice thing about this approach is that your passwords are available
wherever you have an Internet connectionregardless of what device,
operating system, or browser youre usingand you never need worry
about losing a physical object containing your passwords, syncing data
between devices, or finding incompatibilities due to software updates.
On the negative side:
Although Web-based password managers are obviously integrated
into your browser (in a trivial sense), they still require switching
back and forth between pages to get to your passwords, which is
much less convenient than what you get with your keychain in
Safari, or with 1Password. Some do, however, offer automated URL
launching and form filling similar to many of the desktop password
managers described earlier.
These managers do you no good when youre without an Internet
connection, so they may not be ideal for storing, say, your firmware
or login passwords (which you must enter before a Web browser can
run).
99
The following are a few examples of Web-based password managers:

Clipperz: Clipperz is nominally a password manager, but it can
function more like an all-purpose snippet keeper in much the same
way as info.xhead or Yojimbo. All data is safely encrypted, and the
site offers a direct login feature that takes you to the URL associated with a set of credentials, fills in a form, and submits it all with
one click. You can also store an encrypted offline copy of your data
in an HTML file much like the one 1Password uses.
http://www.clipperz.com/ (free)
Just1Key: This password manager is competent but relatively bare
bones. It stores credentials and text notes, and there are buttons to
open URLs in your browser and to copy user names and passwords.
But Just1Key has nothing resembling automatic form filling, and no
import, export, or password generation capabilities.
http://www.just1key.com/ ($2.49 per month)
Passpack: This service, which can securely store not only passwords but also other textual data, includes a password generator
and password strength indicator. Like Clipperz, Passpack offers
a one-click login feature to open a URL and fill in credentials automatically. A desktop version (mentioned earlier) is also available.
http://www.passpack.com/ (free for up to 100 passwords; Pro
version, which supports 1,000 passwords, costs $1.50 per month;
other plans are also available)
Shibbo: Shibbo is a basic, no-frills online password manager.
The service provides fields for user name, password, and several
optional pieces of information, and offers categorization of stored
items. However, theres no automatic form filling; you must copy
and paste your credentials from Shibbo onto the pages.
http://www.shibbo.com/ (free)
100
Passwords on iOS Devices

Several of the password managers mentioned in this section
(including 1Password, Data Guardian, PasswordWallet, and
SplashID) have companion apps, for some or all iOS devices, that
let you sync your passwords and take them with you, while keeping them safely encrypted. In addition, all the Web-based services
can be accessed from your handheld device using the iOS version
of Safari (or another browser).
These managers, along with other apps available from the iTunes
App Store (search for passwords), store your passwords and
offer varying degrees of interaction with Safarithough the
experience doesnt match what you can get with a desktop Mac
OS X application, because the iOS doesnt permit the same kinds
of interapplication communication.
Ever since iPhone OS 3.0, the iOS version of Safari has had its
own autofill feature, too, but I have some good news and some
bad news about that:
The good news: Safari offers to remember each set of credentials when you submit them the first time, and can automatically fill them in on subsequent visits to that site. You can also
autofill your contact information. So, in practice, the behavior
is almost like AutoFill in the Mac OS X version of Safari.
The bad news: On an iOS device, Safaris password storage
doesnt use, integrate with, or sync with your Mac OS X keychain, so you must reenter all your passwords manually, at
least once, before the feature proves valuable. Whats worse
is that although Safari for iOS lets you turn AutoFill on and off,
or erase all your stored passwords en masse (tap Settings, then
Safari, then AutoFill), it offers no other password management.
You cant see or edit any of your stored passwords, or delete
just one or a few. And although there are numerous third-party
browsers for iOS, I know of none that can access passwords
stored by Safari.
So, although this capability is welcome, it feels half-baked to me,
and I hope that in a future version of iOS, you get just as much
control over your passwords as you do with Keychain Access
and, ideally, over-the-air password syncing via MobileMe, too!
101
BIOMETRIC DEVICES
There are three broad categories of authentication: something you
know (usually a password); something you are (a unique, measurable
physical characteristic, such as a fingerprint or iris pattern); and something you have (a smart card, token, or other device that can be identified uniquelysomething I dont cover in this book).
Passwords provide a reasonably good way to protect access to data
and resources, but in some cases they may not be enough. After all,
passwords can be guessed, found, or stolen. So where greater security
is needed, you may want to use other forms of authentication instead
of a passwordor, better yet, in addition to one.
Note: Authentication that uses just one means of identification
(for example, just a password or just a fingerprint scan) is called
single-factor authentication. Multi-factor authentication, which is
much more secure, requires two or more means of identifying
yourself (such as a password and a fingerprint scan).
Biometric devices enable you to use the second form of authentication

(what you are). They identify you through a unique attribute of your
body. From door locks with built-in fingerprint scanners to retinal
scanners protecting government installations, biometric devices are
increasingly common. Because you cant guess a fingerprint the way
you can guess a password, using biometrics is a good way to guard
important data; however, most biometric devices can be defeated,
so theyre best used as an adjunct to a password rather than as a
replacement.
As of late 2010, Im aware of only one brand of Mac-compatible
biometric device thats readily available to consumers: UPEKs Eikon
fingerprint scanners (http://www.upek.com/solutions/mac/). The
company currently offers two models: the Eikon ($49.95), a small
device that connects to your Mac with a USB cable, and the Eikon
To Go ($48), an even tinier device with a retractable USB connector
that plugs directly into your Mac with no cable required. The two
devices function identically. Ive used both of them for more than
a year, and I can recommend them to any Mac user who wants extra
securityor even just the convenience of swiping a finger rather than
typing a password.
102
Other Fingerprint Scanners

There was previously another fingerprint scanner that worked
with Mac OS X 10.4: the Sony Puppy FIU600/M. However, its
been discontinued for several years (though used units may be
available on eBay or similar sites), and its software was never
updated for compatibility with Leopard or Snow Leopard, or with
Intel-based Macs. A few Mac-compatible external hard drives and
flash drives also include built-in fingerprint scanners, but those
are used exclusively for encrypting and decrypting the contents
of the drives, not for general-purpose authentication.
After installing the included software, plugging in the device, and

restarting, the first thing you must do with an Eikon scanner is to work
through an assistant that guides you through enrolling your fingerprints by swiping your fingers over the devices scanner three times.
You can scan any or all of your fingerprints (optionally using more
than one finger to authenticate), and each user on your Mac can enroll
separately. Then set up the options you prefer.
When presented with a login window or other authentication dialog,
the Eikon can operate in any of three modes:
A swipe or a password: You can either swipe your finger to
authenticate or type your password as usualyour choice. In other
words, fingerprint recognition is an optional convenience, albeit
a significant one: this feature works even in login windows other
password managers cant touch.
A swipe only: The only way to authenticate is to swipe your finger;
you may not type your password.
A swipe and a password: You must both swipe your finger and
type your password. This the two-factor authentication approach
offers the most secure setting.
Warning! Requiring a fingerprint (with or without a password)
protects you from someone guessing your password, but use these
settings with caution; if you lose or forget your fingerprint scanner,
youll be in a pickle.
103
Im sorry to report that, contrary to what Id been told before I wrote

the last version of this book, theres no longer a plan in place to integrate Eikons software with 1Password, so that you could swipe your
finger over a scanner to log in to Web pages whose credentials are
stored in 1Password. That capability would have been marvelous, and
Im disappointed that its no longer in the works.
One downside to the Eikon scanners is that they can unlock your
Keychain (see Change Keychain Settings) only if the keychain is configured to unlock upon login, which is to say that it has the same password as your user accounta less than secure arrangement. According
to the company, the reason for this limit is that Mac OS Xs keychain
prompts use a nonstandard dialog that the Eikon software cant tap
into. The upshot is that even if you set your Eikon to respond to a
swipe only (or allow the choice of a swipe instead of a password), you
must still unlock your keychain by typing your password if you use a
different password for your keychain than for login, or if you set your
keychain to lock automaticallyboth of which I recommend! Even
so, the Eikon offers enough benefits that I dont regard this annoyance
as serious.
104
Keep Your
Passwords Secure
If you stored your fortune in a safe deposit box, you wouldnt keep
the key hanging on a hook outside your house. The same should
be true of your passwords: if you keep them written on sticky notes
at your desk, theyre not safe. But even if you don write them down,
there are many ways that someone might discover your passwords.
In this chapter, I look at some of the ways your passwords might fall
into the wrong hands, and give you tips on keeping them safe. I also
discuss recovering forgotten passwords, backing up your passwords,
and devising a plan to ensure that your passwords are available in
case of emergency.
AVOID THE WEAKEST LINK PROBLEM

Suppose you have a fantastic password that would take the worlds
best supercomputers centuries to crack. Youve stored it in your Mac
OS X keychain, but your keychain itself has a less secure password.
And because you worry that you might forget it, you store your keychain password in an unencrypted text file on your hard disk. You
can see where Im going with this: youve nullified the security of that
great password, because someone can get to it, by way of the text file
that opens your keychain, without any guessing or computational
effort at all. And even without that file, your super-secure password
is effectively reduced to the strength of your keychain password.
Just as a chain is only as strong as its weakest link, a password is
only as strong as the weakest means by which someone can (directly
or indirectly) get to it. That concept is straightforward enough, but
consider some of the ramifications:
If you write down a password anywhere, the password (and whatever it protects) is only as safe as the piece of paper. That may
be safe enough in most cases, but youve seen the movies and TV
shows: the bad guys will turn your house upside down looking for
105
the paper with the password for the million-dollar bank account.
As a passwords value increases, so do the risks of writing it down.
If you click a forgot my password link and a site emails you your
password, that password is only as safe as the password used to
access your email account (and possibly much less secure; see the
next section, Use Wireless Networks Safely).
If you keep a password in your keychain (or other password manager), the password is only as safe as the keychains password.
If you type the password into a file on your computer, the password
isnt safe at all. (Remember, Spotlight makes it very easy to find
files, even if theyre hidden in an obscure folder.) If you encrypt
the file that holds the password, its only as safe as the password
protecting the encrypted fileand that depends further on the
encryption method, since some methods are easier to crack than
others, regardless of the password strength.
Taking all these situations into account, my advice is:
If you write down any of your passwords, keep them in a very safe
place (such as on your person). For increased security, modify them
in some way (such as reversing the order of the characters). For
ideas about writing down passwords that someone else may need
to access, read Prepare an Emergency Password Plan.
Make all security passwords equally secure.
Change default system settings to protect your login password
(covered in Use Your Login Password).
Take appropriate precautions when using wireless networks (see the
next page).
Store passwords in a keychain (or other password manager), but
make your keychains password at least as secure as any password
it contains, lock your keychain when not in use (described in Use
Your Keychain Password), and back up your keychain (see Back Up
Your Passwords, shortly ahead).
106
USE WIRELESS NETWORKS SAFELY

Suppose you take your laptop to a local caf or library and connect
to the wireless hotspot there. If the hotspot is open (requiring no
password to make a connection), its unencrypted. That means data
traveling wirelessly between your computer and the wireless gateway is
unprotected. Someone sitting next to you (or in the next room, or even
in a building across the street) can use readily available software to
sniff the activity on the wireless network, essentially watching all the
data as it goes into and out of your computer. By examining this data,
the person can easily identify user names and passwords you transmit
when checking your email, logging into Web sites, using instant messaging, and performing other online activities.
This worry may seem paranoid, but there are in fact petty criminals
who target places like hotspots in which they can passively acquire
quite a bit of data. Obtaining passwords and other information using
freely available software could be a routine task to which this kind of
person need not devote much effort.
Tip: Wireless security is a big and complex topic. My colleagues
Glenn Fleishman and Adam Engst tackle it in Take Control of Your
Wi-Fi Security.
You can solve this problem in any of several ways, each with its pros
and cons. Ideally, youll use a combination of several of them.
Use Wi-Fi Encryption

If youre connected to the Internet through your own AirPort base
station or other wireless gateway, you can turn on its wireless security
feature. That way, someone sniffing the wireless traffic cant see your
password (or other data) in plain text, but instead sees only garbage
characters.
Wi-Fi network security uses an encryption key that you enter on every
computer that connects to the network to scramble the data as its sent
through the air. An older method known as WEP (Wired Equivalent
Privacy) is considered easily cracked but is the most widely supported
method, and its better than nothing. A newer method called WPA (WiFi Protected Access) is considered strong and is available in almost all
equipment released since 2004. It comes in both the original WPA and
107
WPA2, which uses an even stronger encryption algorithm. WEP and

WPA/WPA2 cant be mixed on the same network, so an older laptop
with a WEP-only Wi-Fi card will force your entire network to use the
older standard. (AirPort cards can be upgraded in Mac OS X 10.3 and
later to use WPA; graphite and snow AirPort base stations cannot be
upgraded to WPA.)
If youre using an AirPort Extreme or Express base station, Mac OS X
10.3 or later, and an AirPort card or AirPort Extreme card on every
computer on your network, you can use WPA. Youll have to use WEP
if one system is running Mac OS X 10.2 or earlier, if youre using versions of Windows before Windows XP SP1, or if you have older nonMac adapters that dont have WPA updates available.
Use SSL/TLS
To secure information flowing between an application on your computer (such as an email client or Web browser) and a server, most
developers have chosen SSL/TLS (Secure Sockets Layer/Transport
Layer Security). (SSL is the old name for the technology and what its
generally called; TLS is actually whats in use in many cases, and its
backward-compatible with SSL.) If you log in to your banks Web site,
for example, youll notice signs that the page youre viewing is protected with SSL: a closed lock icon in the corner of your browser and
a URL beginning with https. SSL encryption works over any kind of
network and is completely transparent to you (after youve entered
your user name and password). So even on an insecure wireless
network with hackers prowling about, your data is safe.
You should be aware, though, that only the particular Web pages,
email accounts, or other resources that are SSL-protected are safe.
So, although you can log in to your bank account securely, the next
Web site you visit may transmit all your information without encryption. (Some sites can be accessed with or without SSL.) The presence
or absence of that little lock icon can be too easy to miss.
Note: I cover all the details of configuring Apple Mail to use SSL in
my book Take Control of Apple Mail in Snow Leopard.
108
Use a VPN
If youre unsure whether your wireless network is properly encrypted,
if youre stuck using an email server that doesnt offer SSL with secure
authentication, or if you want to be sure all your data is protected
(even when you visit insecure Web sites), your best bet is to use a
virtual private network (VPN). This type of encryption sends all data
between your computer and a remote server through an encrypted
tunnel, rather than encrypting only certain bits of it (as with SSL) or
only the connection between your computer and the nearest wireless
gateway (as with WPA). Its the safest way to compute wirelessly.
You can set up a VPN in any of several ways. For example, you can buy
a device called a VPN server or remote gateway that sits on your home
or office network, and then connect to this box from your local caf. Or
you can use free or commercial software to set up a computer on your
network to function as a VPN server, and connect to that. A simpler
(and in many cases less expensive) option is to sign up for a VPN service. Using either the Internet Connect application included with Mac
OS X or free, open-source software, you configure your Mac to connect
to the services network, and (after a small monthly fee) youre done.
Four companies that offer such a service are:
Hotspot Shield: http://www.hotspotshield.com/ (free; adsupported)
HotSpotVPN: http://www.hotspotvpn.com/ ($8.88 per month)
PublicVPN.com: http://www.publicvpn.com/ ($6.95 per month
or $69.95 per year)
personalVPN: http://www.witopia.net/ ($39.99$69.99 per
year, depending on options selected)
Note: The types of wireless security I cover here are not the only
ones available. For much more detailed information on these and
other options, I refer you again to Take Control of Your Wi-Fi
Security.
109
CHANGE YOUR PASSWORDS

Some network servers, Web sites, and email providers force all users
to change their passwords periodicallyevery 90 days, for example.
You may try to log in one day, as you do regularly, only to see an error
message stating that you must enter your old password and then
choose a new one. The reason for such a policy is simple: if someone
steals, guesses, or hacks your password, the requirement to change
it periodically limits the potential exposure to damage.
Keep it complex: When you have to change a certain password
periodically, you might be tempted to come up with a pattern to help
you remember each revision, such as incrementing two digits within
the password (changing t5L64oIx to t5L75oIx, for instance). Avoid
such simplistic changes, which a hacker could easily guess.
If you work for a government, large corporation, medical practice, or
other institution where information privacy is of the utmost concern,
a policy requiring periodically changing passwords makes sense. But
apart from situations in which you must change your password, should
you voluntarily change your passwords?
For identity passwords, if youve chosen a secure pattern (as discussed
in Devise a Pattern for Identity Passwords), the bother of changing
them regularly isnt worth it. However, if you learn that someone has
gotten access to two or more of them (or if you see evidence of identity
theft in any form), the cautious response is to bite the bullet and
change them all, using new patterns for both your personal segment
and the resource-specific segment.
Passwords that protect financial resources of any kind should be
changed periodically. How often depends on the amount of money at
risk, the care with which you guard your passwords, and your personal
level of comfort. As a general rule, I suggest changing such passwords
at least every 6 months.
Change the locks: Be sure to change your keychain password
whenever you change important passwords stored inside it.
110
I suggest changing other security passwords (your Mac OS X login

password, email passwords, and so on) at least once a year. If your
passwords are currently insecure, or if you suspect someone has
learned one or more of them, change them immediately.
Update Old Passwords
Perhaps upon reading this book you realize that all your existing
passwords are terrible, and youre committed to choosing and
using good passwords from now on. Fantasticbut what about
all those existing passwords, which can easily number in the
hundreds? How do you go about changing them all? Theres no
quick or easy way; however, I can offer a few words of advice:
Dont feel you have to change all your passwords at once.
A better approach is to change passwords as you use them.
Consider using a heavy-duty password manager such as
1Password or Web Confidential, which can make generating and
storing passwords much easier.
If you already use Safaris AutoFill feature for user names and
passwords in conjunction with your keychain, consider turning
off the feature temporarily so that youre reminded of each
password you must change. After changing each password,
update the corresponding entry manually in Keychain Access.
RECOVER FORGOTTEN PASSWORDS

Because a major goal of this book is to teach you how to remember
passwordsand use various tools to remember them for youI hope
that youll seldom if ever find yourself unable to recall a password. But
it does happen. For example, if youve recently chosen a new password
for a Web site and stored it safely in your keychain, you might have
trouble recalling it when youre on vacation and attempting to log in
to that site from another computer.
If youre facing a lost password, theres usually a solution available
but not always. Heres an overview of what you can try:
Web passwords: Almost every Web site that employs passwords
has an automated mechanism for dealing with forgotten passwords.
Usually, this is in the form of a forgot my password link. When
111
you click this link, the site might provide you with your password
hint (see the sidebar Take (or Leave) a Hint) or ask you verification
questions (see the sidebar Verification Questions). More frequently,
though, it will email you either your password or a special URL that
will enable you to reset your password and choose a new one. If you
dont see such a link, and if the sites FAQ page has no instructions
for dealing with lost passwords, contact the companys technical
support department for help.
Login passwords: If you know the password of the original
administrator on your computer, you can reset any other users
password (consult Reset an Administrator Password). Also, you can
reset any login password if you know the Macs master password
(read Use Your Master Password). If no master or administrator
password is available, you can reset the password for the computers
default account (refer to the second set of steps in Reset an
Administrator Password).
The vault is sealed: If a user has FileVault enabled, only that
users password or the master password can unlock the FileVault
data. If both passwords are lost, recovery is impossible.
Master password: I know of no way to recover a forgotten master
password, but you can remove it altogether. To do so, in the Finder,
navigate to /Library/Keychains. Drag the two FileVaultMaster
files to the Trash and enter your administrator password when
prompted.
Root password: Any administrator can reset the root password.
To do so, open Terminal and enter sudo passwd root. Enter your
administrator password and then a new root password (and confirm
it when prompted).
Firmware password: To reset the firmware password, see the
sidebar The Too-Open Firmware Password.
Email passwords: If you forget your email password, contact
your email providers technical support department for assistance.
112
Network passwords: Your system administrator should be able

to tell you the password for any network volume or help you reset
your password to a new value.
Wireless passwords: If you own the wireless gateway whose
password youve forgotten, follow the instructions that came with it
to erase its settings and reconfigure it from scratch. If its someone
elses gateway, ask that person.
Keychain password: I know of no way to recover a forgotten
keychain password. You can, however, create a new keychain, set
it as the default, and delete your old one.
BACK UP YOUR PASSWORDS

Consider this nightmare scenario: youve carefully created hundreds
of nicely random passwords and stored them in your keychain so that
you dont have to remember them all. But then your hard disk crashes
and your keychain is damaged. Or your computer is stolen. Or any of
a dozen other catastrophes occurs. Your keychain is lostand with it,
all your passwords. You can reconstruct the lower-security identity
passwords, but the best and most important ones may be gone permanently. Unless you have a photographic memory, the best defense
against all these situations is a good backup.
If you keep your passwords in your keychain, all you need do is make
a copy of your ~/Library/Keychains folder; if you use a third-party
password manager, make a copy of the file it uses to store your passwords. If you use Time Machine or create bootable duplicates of your
entire disk using a program like Carbon Copy Cloner or SuperDuper,
your keychains are backed up automatically. If you use other backup
software, be sure your keychains are among the files being backed up.
For safety, make sure the backup data is encrypted and store your
backup offsite. An ideal place is your iDisk (if youre a MobileMe
member) or another Internet server. If you store your backups on
a hard disk or similar medium, be sure to keep a copy in a safe place
outside your home or office.
113
Tip: I cover all the details of backing up your datanot just your
keychainsin my comprehensive book Take Control of Mac OS X
Backups. Or, for a simpler approach, read Take Control of Easy
Mac Backups.
PREPARE AN EMERGENCY
PASSWORD PLAN
Suppose youve chosen excellent passwords and stored them only in
your keychain (or in your head), but then youre in a terrible accident.
While you lie unconscious in a hospital bed, your spouse, employer,
or attorney urgently needs access to something protected by those
passwordsa bank account, insurance records, your email, or whatnot.
We dont like to think about such eventualities, but they do occur. If
you become incapacitated or die, how will someone else be able to
reach your password-protected data?
I can suggest several alternatives you might consider:
Keep a list of important passwords in a safe deposit box, and make
sure a trusted loved one has the key. But remember: your passwords
are now only as safe as any key to that box!
Use your keychain (or other password manager) to store your
important passwords, and ask your loved one to memorize your
keychain password. Be sure this person knows how to unlock it,
too! (A periodic practice run is a good idea.) One downside to this
approach is that if your computer is lost, stolen, or damaged, your
keychainand all the passwords inside itwill be inaccessible.
Write down your important passwords (or just your keychain
password) in an extremely obscure location, but one that both
you and a loved one can easily remember. Of course, theres no
guarantee that a thief wouldnt stumble on it, but if youre clever
enough, you can minimize that risk. Here are some examples:
Open your favorite book to the page corresponding to the last

two digits of the year you were born (or some other memorable
date). Lightly, in pencil, write the password vertically on the
inside edge of that page, near the spine.
114
Write the password on a recipe card, in the middle of the most

complicated recipe you can find. For example, if you have a
recipe for mole sauce, it might include 1 tsp ground cinnamon;
1 tbsp s8#gUl4Bx5; 3 tbsp ground sesame seeds
Put your passwords in a notebook that you keep in a highly

inaccessible box in your attic or basement, such as the one
holding your holiday decorations.
Use a simple cipher or code to write down your passwords. For

example, substitute the next higher letter or number for each
character in your password (9t3vQd becomes 0u4wRe). Although
this wont stop a cryptanalyst, it will confuse or at least slow down
most thieves.
I want to reiterate that, in terms of security, writing down passwords
always exposes you to a certain amount of risk. Realistically, however,
in most cases this risk is fairly small; except in highly unusual circumstances, thieves will be far more interested in stealing your computer
than in turning your office upside down to find a password. In general,
the greater risk is having your passwords be inaccessible when you
need them.
Regardless of which tactic you choose (and no doubt you can be even
more creative!), the key is to discuss your plan thoroughly with the
person who would need access to your passwords in case of emergency,
just as you would an insurance policy or a will.
115
Avoid Password Phishing Scams

If youre like most people, youve already received lots of email
messages claiming to be from a bank or from PayPal, eBay,
Amazon.com, or other sites that process financial data. The
messages often urge you to update or verify your account,
warning you that if you dont, youll suffer dire consequences
(such as having the account disabled). Sometimes they state that
some item you didnt order is about to be shipped and charged to
your account. Invariably the messages ask you to click a link; if
you do, youre taken to a Web site that asks for your user name
(or account number) and password.
The Web sites, and the email messages leading to them, look
authentic. They use the same fonts, logos, and layout that youd
normally expect from the company in question. The messages
usually have a From address at the real company, too. But, in
fact, the whole operation is a scam, designed to trick you into
giving away your user name and password to criminals. (Theyre
fishing for informationhence the nickname phishing.) As soon
as you enter your information, the people running the site will try
to log in to the real bank or Web site with your information. With
full access to your account, imagine the damage they can do: they
can steal not only your money but also your identity.
You can often tell if a message is a phishing attempt by looking at
its source (in Mail, choose View > Message > Raw Source), where
you can see the true underlying URL (which may be different from
the URL in the visible link). In the source, locate the URL youve
been asked to click, and youll probably see that its a numeric
IP address (such as 123.45.67.89) or a misleading domain name
(such as http://www.paypal-upgrade.net).
When in doubt, dont click a URL in such a message. If you think
a company might legitimately want you to update your account for
some reasonunlikely as that isgo to their Web site by typing
the address into your browser. If, after logging in, you see no
notices about needing to take any other action, you can assume
the message was a phishing attempt.
116
About This Book

Thank you for purchasing this Take Control book. We hope you find
it both useful and enjoyable to read. We welcome your comments at
tc-comments@tidbits.com.
EBOOK EXTRAS
You can access extras related to this ebook on the Web. Once youre on
the ebooks Take Control Extras page, you can:
Download any available new version of the ebook for free, or buy a
subsequent edition at a discount.
Download various formats, including PDF andusuallyEPUB and
Mobipocket. (Learn about reading this ebook on handheld devices
at http://www.takecontrolbooks.com/device-advice.)
Read postings to the ebooks blog. These may include new information and tips, as well as links to author interviews. At the top of
the blog, you can also see any update plans for the ebook.
Get a discount when you order a print copy of the ebook.
ABOUT THE AUTHOR

Joe Kissell is Senior Editor of TidBITS and the
author of numerous print and electronic books
about Macintosh software, including Take Control
of Running Windows on a Mac and Take Control of
Mac OS X Backups. He is also a Senior Contributor
to Macworld, was the winner of a 2009 Neal award
for Best How-to Article, and has appeared on the
MacTech 25 list since 2007. Joe has worked in the Mac software
industry since the early 1990s, including positions managing software
development for Nisus Software and Kensington Technology Group.
In his increasingly imaginary spare time, Joe likes to travel, cook, and
practice tai chi. He lives in Paris with his wife, Morgen Jahnke, their
son, Soren, and their cat, Zora. To contact Joe about this book, send
117
him email at jwk@me.com and include Take Control of Passwords in

Mac OS X in the subject of your message so that his spam filters wont
intercept it.
AUTHORS ACKNOWLEDGMENTS
Id like to thank Caroline Rose for her outstandingly talented and
speedy editing. The Take Control authors, editors, and hangers-on
who reviewed this book showed their usual insight, helping to improve
the text greatly. This book has been brought to you by the letters P
(capital) and w (lowercase), the number 1, and the symbols $ and .
SHAMELESS PLUG
Although I write about computers as my day job, I have a great many
other interests, which I write about on several Web sites, including
Interesting Thing of the Day and my personal blog. You can find links
to all my sites, a complete list of my publications, and more personal
details about me at JoeKissell.com.
ABOUT THE PUBLISHER

Publishers Adam and Tonya Engst have been
creating Apple-related content since they
started the online newsletter TidBITS, in 1990.
In TidBITS, you can find the latest Apple news,
plus read reviews, opinions, and more
(http://www.tidbits.com/). Adam and Tonya are also parents to
Tristan, who thinks ebooks about castles would be cool.
PRODUCTION CREDITS
Take Control logo: Jeff Tolbert
Cover design: Jon Hersh
Editor: Caroline Rose
Editor in Chief: Tonya Engst
Publisher: Adam Engst
118
Copyright and Fine Print

Take Control of Passwords in Mac OS X, Second Edition
ISBN: 978-1-933671-67-3
Copyright 2009, 2010, Joe Kissell. All rights reserved.
TidBITS Publishing Inc.
50 Hickory Road
Ithaca, NY 14850 USA
http://www.takecontrolbooks.com/
Take Control electronic books help readers regain a measure of control in an oftentimes
out-of-control universe. Take Control ebooks also streamline the publication process so
that information about quickly changing technical topics can be published while its still
relevant and accurate.
This electronic book doesnt use copy protection because copy protection makes life
harder for everyone. So we ask a favor of our readers. If you want to share your copy of
this ebook with a friend, please do so as you would a physical book, meaning that if your
friend uses it regularly, he or she should buy a copy. Your support makes it possible for
future Take Control ebooks to hit the Internet long before youd find the same information
in a printed book. Plus, if you buy the ebook, youre entitled to any free updates that
become available.
Although the author and TidBITS Publishing Inc. have made a reasonable effort to ensure
the accuracy of the information herein, they assume no responsibility for errors or
omissions. The information in this ebook is distributed As Is, without warranty of any
kind. Neither TidBITS Publishing Inc. nor the author shall be liable to any person or entity
for any special, indirect, incidental, or consequential damages, including without
limitation lost revenues or lost profits, that may result (or that are alleged to result) from
the use of these materials. In other words, use this information at your own risk.
Many of the designations used to distinguish products and services are claimed
as trademarks or service marks. Any trademarks, service marks, product names, or named
features that appear in this title are assumed to be the property of their respective owners.
All product names and services are used in an editorial fashion only, with no intention of
infringement of the trademark. No such use, or the use of any trade name, is meant to
convey endorsement or other affiliation with this title.
This title is an independent publication and has not been authorized, sponsored,
or otherwise approved by Apple Inc. Because of the nature of this title, it uses terms
that are the trademarks or that are the registered trademarks of Apple Inc.; to view a
complete list of the trademarks and the registered trademarks of Apple Inc., you can visit
http://www.apple.com/legal/trademark/appletmlist.html.
119
Featured Titles
Click any book title below or visit our Web catalog to add more
ebooks to your Take Control collection!
Take Control of Exploring and Customizing Snow Leopard (Matt

Neuburg): Learn how to customize your Macs interface, navigate
quickly around your disk, and use special features like a pro. $15
Take Control of iWeb 09 (Steve Sande): Learn how to work effectively
and creatively in iWeb, and get help with using third-party hosts and
custom domain names. $10
Take Control of Mac OS X Backups (Joe Kissell): Set up a rock-solid
backup strategy so that you can restore quickly and completely, no
matter what catastrophe arises. $15
Take Control of Maintaining Your Mac (Joe Kissell): Find a commonsense approach to avoiding problems and ensuring that your Mac runs
at peak performance. $10.
Take Control of Running Windows on a Mac (Joe Kissell): With Intelbased Macs, it has become possible to run Windows software on a Mac,
and with Joes advice, its easy! $10
Take Control of Safari 5 (Sharon Zardetto): Make the most of Apple's
Safari, a Mac Web browser with many hidden and under-appreciated
talents! $10
Take Control of Users & Accounts in Snow Leopard (Kirk McElhearn):
Find straightforward explanations of how to create, manage, and work
withand amonguser accounts. $10
Take Control of Your 802.11n AirPort Network (Glenn Fleishman):
Make your AirPort network flyget help with buying the best gear, set
up, security, and more. $15
Take Control of Your Wi-Fi Security (Engst & Fleishman): Learn how
to keep intruders out of your wireless network and protect your
sensitive communications! $10
120
1Password
Have you ever

forgotten a
password?
We all have. Now you dont
have to worry anymore.
Go & Fill: 1 Click, Thats It.

Selecting a saved login from 1Passwords Go & Fill menu
takes you to the site, securely fills your username and
password, and logs you in, all with a single click or a few
keystrokes without leaving your browser.
Online Shopping Made Even Easier

Once youve created your identities, select one in your
web browser to quickly fill out a contact form. Store
multiple credit cards to simplify and speed up your
online shopping, filling checkout forms with ease.
Always By Your Side

You can take your information with you so that its
always on hand. There are mobile versions of 1Password
available and you can even take your data with you on a
thumb drive.
Get 20% OFF today!

1Password.com/TakeControl
20%
OFF

Take Control of Passwords

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Take Control of Passwords

Caricato da

Copyright:

Formati disponibili

Check for Updates

Make sure you have the latest information!

TidBITS Publishing Inc.

Help Catalog Feedback

Blog Order Print Copy

LEARN PASSWORD BASICS 14

CHOOSE A PASSWORD STRATEGY 25

GENERATE GOOD PASSWORDS 32

UNDERSTAND MAC OS XS PASSWORDS 42

USE KEYCHAIN ACCESS 62

USE PASSWORDS ON THE WEB 80

USE THIRD-PARTY PASSWORD TOOLS 88

KEEP YOUR PASSWORDS SECURE 105

ABOUT THIS BOOK 117

COPYRIGHT AND FINE PRINT 119

UPDATES AND MORE

WHATS NEW IN VERSION 2.1

What Was New in Version 2.0

Passwords Quick Start

Gauge the level of password security you likely need by reading

CONSIDER YOUR RISK LEVEL

Most of the recommendations in this book are based on what I do

from unexpected placesand your password needs could change

USE AN OUNCE OF PREVENTION

Learn Password Basics

UNDERSTAND PASSWORD SECURITY

two parallel diagonal rows of keys on an English QWERTY keyboard.

Longer passwords are more secure than shorter passwordsand

UNDERSTAND THE TWO PASSWORD TYPES

FIGURE OUT THE RIGHT PASSWORD TYPE

information too. (However, if you decide to follow Strategy A: Rely

LEARN THE PROS AND CONS

Security passwords require more care, but youll have fewer of

Touch typing: Most password fields display only bullet or asterisk

Length of Random Passwords

Table 1: Recommended Lengths for Random Passwords

az, AZ, 09,

az, AZ, 09,

Punctuation includes the 32 visible characters that can be typed on a

Special characters, sometimes known inaccurately as high ASCII or

Length of Non-Random Passwords

Pronounced differences: Some people prefer pseudorandom

or otherwise stumbles on them, jumble them according to a method

A mobile app: Many Mac password managers have companion

A Web-based password manager: Although password

An encrypted Web page: 1Password lets you export your

A portable app: If you dont want to carry an iPhone or other

You may, of course, choose to employ a bit of technology here and

Non-volatile CRAM (cerebral random access memory)

(or perhaps I should say prudence) on my part: I assume that my

CREATE SECURITY PASSWORDS

Use Password Assistants Memorable type to create a password

Create a 10- or 11-character string that appears to be random

as the vowels or the first and last letter: Nm1wy9gt8yA4. (For

Avoid special characters

Avoid special characters

Avoid special characters

Varies by site. In general,

DEVISE A PATTERN FOR

Password Part 1: Your Personal Segment

If you want to generate a completely random set of characters and

Password Part 2: The Usage-Specific Portion

at the end (9t3semivQditk). If the resources name has fewer than

USE PASSWORD ASSISTANT