Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Take Control of
v2.1
Passwords
Mac
OS
X
d
n
o
in
c
e
S tion
Joe Kissell
edi
$10
Table of Contents
READ ME FIRST 4
Updates and More................................................................... 4
Basics ................................................................................... 5
Whats New in Version 2.1 ....................................................... 6
What Was New in Version 2.0................................................... 7
INTRODUCTION 8
PASSWORDS QUICK START 10
ASSESS YOUR PASSWORD NEEDS 11
Consider Your Risk Level.........................................................11
Use an Ounce of Prevention ....................................................13
Read Me First
Welcome to Take Control of Passwords in Mac OS X, Second
Edition, version 2.1.
If youre overwhelmed with too many passwords to remember or
concerned that your passwords may not be safe, help is on the way.
This book tells you everything you need to know about choosing,
remembering, and managing passwords of all kindswith special
attention to those used when accessing Web sites with a Mac, iPad,
iPhone, or iPod touch. This book was written by Joe Kissell, edited
by Caroline Rose, and published by TidBITS Publishing Inc.
Copyright 2009, 2010, Joe Kissell. All rights reserved.
If you have an ebook version of this title, please note that if you
want to share it with a friend, we ask that you do so as you would
a physical book: lend it for a quick look, but ask your friend to buy
a new copy to read it more carefully or to keep it for reference.
Discounted classroom and Mac user group copies are also available.
BASICS
In reading this book, you may get stuck if you dont know certain
fundamental facts about using your Mac or if you dont understand
Take Control syntax for things like working with menus or finding
items in the Finder.
Please note the following:
Menus: Where I describe choosing a command from a menu in
the menu bar, I use a compact description. For example, to create
a new folder in the Finder, you choose New Folder from the File
menu; Id abbreviate this as File > New Folder.
Finding System Preferences: I sometimes refer to settings in
System Preferences that you may want to adjust. To open System
Preferences, click its icon in the Dock or choose Apple () > System
Preferences. In the System Preferences window, click the icon of the
pane whose settings you want to adjust. I refer to these panes with
an abbreviated notation such as the Network preference pane.
Finding an applications preferences: I often refer to preferences in an application that you may want to adjust. Dont confuse
an applications preferences with the system-wide settings found in
System Preferences.
To access an applications preferences, choose Application Name >
Preferences. For example, in Disk Utility, you would choose Disk
Utility > Preferences. Within some applications, all preference
controls appear in a single window. In others, a bank of buttons
is located across the top, or a list of categories along the side; in
those cases, click a button or category to display a pane with a
corresponding range of preferences. Instead of providing detailed
directions each time, I may use an abbreviated notation such as
go to the General preference pane.
Path syntax: I occasionally use a path to show the location of
a file or folder in your file system. For example, Mac OS X stores
most utilities, such as Terminal, in the Utilities folder; the path to
Terminal is /Applications/Utilities/Terminal.
A slash at the beginning of a path tells you to start from the
root level of the disk. Youll also encounter paths that begin with
5
~ (tilde), which is a shortcut for the current users home folder. For
example, if the person currently logged in has the user name joe and
wants to install fonts that only he can access, hell put them in his
~/Library/Fonts folder, which is just another way of writing /Users/
joe/Library/Fonts.
Volumes and partitions: I follow Apples terminology in referring to any disk or partition on a disk as a volume. So if a hard disk
has not been partitioned, it has just one volume. If a disk has been
partitioned, each partition is a volume.
Passwords and passphrases: You may sometimes hear the
word passphrase used instead of password; this implies a longer
set of characters, perhaps a series of words. For the purposes of
this book, I generally stick with the term password, with the understanding that its not necessarily a word as such but any string of
characters (which could, certainly, include a phrase).
iOS devices: The iPhone, iPod touch, and iPad (as well as, perhaps, future devices) all run Apples iOS operating system (known
as iPhone OS before version 3.2.1). In some contexts, I use the
shorthand iOS device to refer to any of these devices. Note,
though, that some apps I discuss here work only on some iOS
devicesso if I spell out device names, thats usually why.
Introduction
I have a love-hate relationship with passwords. Well, mostly hate. I
understand that passwords help keep my computer, my private data,
and my money safe, but for many years, every time I was asked to
come up with yet another password (for a Web site, a Mac OS X user
account, or any of a dozen other purposes), Id grumble. I felt, as many
people do, that it took too much mental effort to produce and remember all those passwords.
On the other hand, I didnt want to take the easy way outchoosing
a simple, memorable password and using it everywherebecause I
worried that I was putting my valuable information at risk. I didnt
want to sacrifice security for convenience.
In addition, I lacked a clear understanding of how to go about selecting
good passwords, and I was unsure what the security implications were
for each of the contexts in which passwords are required. For example,
Mac OS X requires passwords for a bewildering array of purposes:
logging in, securing a computers firmware, encrypting home folders,
checking email, connecting to MobileMe, and more. What are all those
passwords for? Do I need to use them all? What sorts of passwords can
I use in which places? Even computer geeks like me wonder about
these things.
I decided to get to the bottom of this whole password business once
and for all. This book is the result of my research and experiments. In
it, I show you how to choose good passwords without overtaxing your
brain. I explain when you need heavy-duty passwords and when you
can get away with less secure ones. I cover all the kinds of passwords
an average Mac OS X user will encounter, and describe how and when
to use them. And I discuss a variety of tools and methods you can use
to simplify your interactions with passwords. In short, this book
enables you to take control of your passwords once and for all!
To keep this book from being unreasonably long, Ive made some
assumptions:
Im writing for ordinary computer users, not technical wizards
or security experts. If youre looking for detailed information on
encryption algorithms or the like, this isnt the place.
Along the same lines, I assume that youre not protecting state
secrets or billion-dollar fortunes with your passwords. For that
sort of security, youll need more password mojo than I offer here.
Also, I only skim over certain topics related to passwords, such as user
accounts, wireless networks, keychain synchronization, and file sharing. For more information on these topics, I refer you to other Take
Control titles.
For this edition of Take Control of Passwords in Mac OS X, Ive taken
a long look at what has happened since the books original publication
in 2006. Ive significantly modified my thinking on a few topics,
adopted some new techniques, and begun to use hardware and software products that werent available when I wrote the first edition.
And Ive watched Mac OS X evolve through a couple of major revisions, seen Apple complete its shift to Intel processors, and witnessed
the birth and growth of the iPhone, iPod touch, and iPad. So Ive
updated the book with the latest in technology and my current advice.
This version of the book is written primarily for users of Mac OS X
10.6 Snow Leopard or Mac OS X 10.5 Leopard. Nearly all of this book
also applies to 10.4 Tiger, with some minor differences in wording and
the like, which Ive called out in most cases. However, I no longer cover
earlier versions of Mac OS X at all.
To keep up to date with any significant changes to this books advice,
click Check for Updates on the cover.
Assess Your
Password Needs
Were all at different points on a continuum of password needs.
Although I do have strong opinions about passwords and do make
numerous recommendations in this book, I want to begin by putting
those opinions and recommendations in context. Only you can
decide which choices are best for you. To help you do that, Id like
to say a few words about ascertaining how much password-related
risk you have and how that should guide your decisions.
13
14
But add a second character to the password, and the number of options
goes way up, to 9,025 possibilities (95 x 95). With eight characters in
the password, the number of possible combinations rises to
6,634,204,312,890,620 (958)!
Of course, a thief doesnt have to type all these combinations manually.
A determined culprit might resort to a brute force attack, in which a
computer generates and attempts every possible combination of characters in sequence. Brute force attacks can take a long time but are
guaranteed to succeed eventually.
However, eventually could be so long that you need not worry. If the
thief used a very fast desktop computer that could check ten million
passwords per second, and if your eight-character password contained
alphanumeric and punctuation characters (95 possible choices for each
character), it could take up to 21 years for the computer to guess it
though on average it would take half that time (since the correct password probably wouldnt be the very last one it tried). If the thief had a
large supercomputer (or a thousand fast desktop computers networked
together), this time would drop to a little more than a week. But if you
added just one more character to the password, even a supercomputer
would need nearly 4,000 years to figure it out! (I say more about the
computational effort required to crack passwords ahead, in Length of
Random Passwords.)
So for all practical purposes, a nine-character password with alphanumeric and punctuation characters is effectively uncrackablebut
only if its random, because thieves (and their computers) are likely to
try more predictable passwords before deploying a brute-force attack.
Most of us dont select completely random passwords, though, because
theyre hard to rememberbut easier-to-remember passwords are also
easier to guess. For this reason, you would be unwise to choose as a
password the name of your spouse, pet, or best friend. Similarly, using
common numbers (your date of birth or anniversary, your phone number, your Social Security number) is a bad idea, because those strings
of characters may be among the first a thief would try.
Another common tactic (employed in both manual and computergenerated attacks) is to try sequences of characters that form easyto-remember patterns on your keyboard. For example, the string
15
rfvujm may appear random at first glance, but its made by pressing
Security Passwords
When most of us think of passwords, we assume their function is to
protect something, such as information (email or documents), access
(programs on a computer or entry to a building), or money (a bank
account or other assets). Many passwords do serve such a purpose; I
refer to these as security passwords. Like a key to a safe or a building,
this sort of password enables the holder to reach whats inside.
17
Also like a key, a password can be lost (forgotten) or stolen (discovered), and if hidden it can be found. An otherwise terrific password has
no value at all if it falls into the wrong hands. Likewise, just as a lock
can be physically broken if someone has no key, some kinds of information in the virtual world can be accessed without a password by
cracking, or circumventing security systems with clever programming
or manipulation. So it pays to bear in mind that choosing an excellent
password is only one part of keeping something secure.
That said, I cant overstate the importance of choosing security passwords wisely. Just as you wouldnt protect a bank vault with a suitcase
padlock, you shouldnt take unnecessary risks with your electronic
valuables by using an insecure password.
Identity Passwords
Of the hundreds of passwords Ive created, most exist not to protect
anything but merely to identify me. For example, say I register for
a free account at the New York Times Web site so I can read news
stories there. The site asks me to supply (among other things) a user
name and a password. My user name might be my real name, a variation, or a nicknamesomething someone else could guess. To ensure
that only I can log in with my user name, the site asks for a password:
information that only I know. (They may do this for several reasons,
one of which is to verify that only people who have agreed to their
terms of service get access.) I call such passwords identity passwords.
This type of password doesnt necessarily protect anything. Someone
who guessed or stole my New York Times password could log in as me
and read articles, but not drain my bank account or access my email.
For this reason, in most cases identity passwords need not be as
strongas difficult to guess or breakas security passwords. The
loss or inconvenience you might suffer if someone discovered your
identity password would, in most cases, be extremely minor.
19
UNDERSTAND OPTIMAL
PASSWORD LENGTH
Having read Understand Password Security, earlier, you may be thinking that you should construct and memorize completely random 64character security passwords to thwart any cracking method available
to current or hypothetical future computers, but thats probably
unreasonable. Consider these factors:
The value of what youre protecting. If the treasure is someones
life or millions of dollars, for example, an insanely long password
is worth it. But if youre protecting only $100 in your checking
account, the effort of memorizing and entering such a long password is out of proportion to its value.
The likely effort someone would be willing to expend to break your
password. The people who have the computing resources to crack
a long, random password within a reasonable period of time arent
going to waste their effort unless they have something significant
to gain, and that may not include anything on your computer.
In other words, theres a range within which a password is adequately
secure for ordinary mortals but not so complex that youll never be
able to memorize itor that it will take too long to enter.
The important thing to remember is that length alone does not a
secure password make. As I described earlier, using characters from
a wider palette makes shorter passwords more secure, while using
guessable patterns makes longer passwords less secure. So there
are trade-offs. The fewer kinds of characters you include and the
less random it is, the longer your password must be; the broader
the character range and more random it is, the shorter it can be.
21
22
Recommended
Recommended
Password Length for Password Length
Medium Security
for High Security
09
17
20
az
12
14
az, 09
11
13
az, AZ
10
12
az, AZ, 09
10
11
10
[1]
[2]
/ fi fl ,
24
Choose a Password
Strategy
If you read the preceding chapter, you know about the difference
between identity passwords and security passwords, as well as how
long and complex passwords should be in order to avoid manual
or automated attacks. But when it comes to the nuts and bolts of
creating and using these great passwords, many people get stuck
between wanting an unguessable password on the one hand, and
wanting a memorable password on the other. These two goals arent
contradictory, though. You only need a good strategy.
In my view, the many methods of creating and using passwords
can be distilled into two broad approaches. In one, you rely primarily on technology to generate, store, and enter passwords for you
(although you must also take a few steps to remember certain passwords and perform some other tasks). In the other approach, you
assume that your brain will do most of the work of creating and
entering passwords, though you may use software tools to help you
with certain tasks (for example, selecting random characters).
Before you worry about the details of how to construct passwords,
its good to have in mind what your overall approach will be. Then
you can choose appropriate tools and techniques and not concern
yourself with those that dont apply to your strategy.
STRATEGY A:
RELY (MOSTLY) ON TECHNOLOGY
One approach to dealing with passwords is to decide up front that
youll let the computer do as much of the work as possible. Youll use
one or more programs to generate passwords for you automatically
(most likely long, complex, random passwords), to securely store
those passwords, and to enter them for you in most cases. I call this
approach Strategy A (A for automated!).
25
A great thing about Strategy A is that you need not make a distinction
between identity passwords and security passwords, or fret over the
minimum length and complexity for various passwords. Since theyre
all generated by software anyway, you can make all your passwords
equally secure.
Even if you choose to rely on technology, though, youll still need to
put your brain to work from time to time. For example, there are some
passwords that, by their nature, cant be entered automatically, such
as your keychain password (see Keychains) and your Macs Firmware
Password, if youve set one. Since you must remember these passwords, you might prefer to create them manually too, using one of the
methods I describe in Create Security Passwords.
If you have hundreds of passwords stored on your computer (presumably in a safely encrypted form), it behooves you to back them up
liberallythat is, frequently, in multiple ways, to multiple destinations.
If all your eggs are in one digital basket, you could be setting yourself
up for a world of hurt. Consult Back Up Your Passwords.
In addition, you may encounter situations when youre away from your
main computer but still need a password. For instance, you may want
to check your email from a public computer while youre on vacation,
or log in to PayPal to transfer money while youre at a friends house.
In cases like theseor when your computer is in the repair shop or
otherwise inaccessibleyou need an alternative means of viewing your
passwords. For some people, this could be an iPhone or iPad app that
syncs to a password management utility on your Mac. For others, a
better choice may be a Web-based password manager or an encrypted
Web page such as the one 1Password can create.
Dual-purpose backups: If you use a backup method that stores
your data in an encrypted, Web-accessible form using a program
such as Backblaze, SugarSync, or SpiderOak, your backup itself can
potentially serve as a means of remotely accessing your passwords,
as long as theyre stored in a format you can read on another
computer.
As an extra precaution against getting stuck without a password, you
might write down your most crucial passwords and keep them on your
person always. To keep them safer in case someone steals your wallet
26
27
A cheat sheet: I suggest making a short list of the top five or ten
passwords you rely on the most and which you might be unable to
remember when you most need theman emergency or a trip in
the distant future, for example. This list might include passwords
for your email account, keychain, bank account, or anything else
thats especially important. Be sure to modify the passwords on this
list in some easy-to-remember way so that they wouldnt be immediately useful to anyone who happened upon them, and keep this
list with you at all times (in your wallet, for example). Also include
on the paper the URLs for any online locations where youve stored
the rest of your passwords.
STRATEGY B:
RELY (MOSTLY) ON YOUR BRAIN
A different approach to password management is to forgo automated
solutions and put your confidence primarily in your brains computational and memory capabilities. This strategy costs nothing, doesnt
require you to install or learn any software, isnt affected by bugs or
program revisions, and protects you from the risk of a lost or stolen
gadget. It does, however, require considerably more thought and effort
than Strategy A. If you want to be entirely in control of your passwords
yourselfrather than putting your computer in controlStrategy B
(B for brain!) is the way to go.
28
29
CHOOSING A STRATEGY:
JOES RECOMMENDATION
I used Strategy B for many years, and it worked reasonably well for me.
But my list of passwords grew dramatically over time, and as password
management software evolved I began to realize that I was putting
myself to a lot of unnecessary work and aggravation, while at the same
time taking shortcuts that led to many of my passwords being less
secure than they should have been. So I gradually shifted to Strategy A.
Today, 100 percent of my passwords are generated by software, and
perhaps 99 percent are stored and filled in automatically as needed.
I use my brain to store the remaining 1 percent or so, and Ive taken
precautions to ensure that I never get stuck without access to a needed
password.
My use of Strategy A reflects a certain amount of faith in technology
and in a few very smart software developers in particularI trust that
the methods I use to store and retrieve passwords will still work years
from now and with new versions of the applications that I rely on,
although I do have alternative means of getting at my passwords if
necessary. (See the sidebar Should You Trust a Password Manager? for
further discussion on this point.) It also reflects a degree of paranoia
30
31
Generate Good
Passwords
Earlier chapters of this book discussed the principles that govern
a passwords security and the general strategies you might employ
to manage your passwords. Now its time to get down to specifics:
how do you go about constructing a secure yet memorable password? And what special techniques can you use for the seemingly
endless number of identity passwords most of us must maintain?
If youve decided on what Im calling Strategy Ausing automated
tools to create and store passwordsyou can skip lightly over most
of this chapter. However, even the most technologically dependent
person may have to set good passwords manually from time to time,
and you should be familiar with some of the basic methods for doing
so. Toward the end of this chapter, I also introduce you to Password
Assistant, a feature built into Mac OS X that can help you create
passwords of several types, with varying length and complexity.
In this chapter, I sometimes refer to passwords that I havent discussed in detail yet, such as the login and firmware passwords, as
well as the password for your Mac OS X keychain (itself a password
repository); I get into details about these passwords later.
will be used only when you have access to such a program, you neednt
also store it in your brain. (You may, however, need to give another,
trusted person access to such a password; read Prepare an Emergency
Password Plan for details.)
On the other hand, as mentioned earlier, you may find yourself in a
situation where you must recall a password without help. If you have
not committed important passwords to memory, such a situation can
leave you stranded (but see Strategy A: Rely (Mostly) on Technology
for more advice). In addition, you must remember your Mac OS X
login, firmware, and keychain passwords, since you may not be able
to access your computer until youve entered them!
So, choose one route or another for creating security passwords:
The random route: If youre sure you can let the computer
remember a security password for you (or if youre willing to
memorize it by rote), use Password Assistant (see Use Password
Assistant) or another password generator (see Use Third-Party
Password Tools) to create a random 10- or 11-character string that
includes numbers and capital and lowercase letters, and store it
in your keychain or other password manager. Choose the length
according to your desired level of security (per Table 1) and the
restrictions on password composition (see Table 2, shortly ahead).
The non-random route: If you might need to recall a security
password yourself, use one of the following techniques (or devise
something comparable) to create a secure yet memorable password:
Restrictions
More Information
Login
Avoid special characters
(including
typed using Option key.
administrator)
http://docs.info.apple.com/
article.html?artnum=302231
Firmware
http://docs.info.apple.com/
article.html?artnum=107666
AirPort 3.0 or
later
Keychain
None
Master
None
Root
Web sites
34
http://docs.info.apple.com/
article.html?artnum=107434
http://docs.info.apple.com/
article.html?artnum=108058
Shared Passwords
You may have to come up with passwords for other people
(coworkers or family members, say) or create a single password
that will be shared by several people (such as the password for
a shared network volume). In these cases, you should not follow
the patterns you use for your own passwords, because that
reduces their security. Come up with a separate pattern for any
password that must be shared and used regularly by other people.
39
To learn about the relative strength of these types, see the sidebar
Strength in Numbers (and Letters), shortly ahead.
Suggestion: As soon as you change the Type or adjust the Length
setting, the Suggestion field offers a suggested password meeting
your criteria. If its not to your liking, you can click the arrow at the
right of the field to open a pop-up menu with more choices. If those
arent enough, choose More Suggestions from the pop-up menu.
Length: Drag this slider left or right to adjust the length of the
passwords generated. The minimum is 8 characters and the maximum is 31 (though if you enter a shorter or longer password
manually, Password Assistant still measures its quality).
Quality: This gives a rough estimate of the passwords quality.
If the bar is more red or yellow than green, the password is less
secure; if its mostly or all green, its more secure. A longer green
bar is more secure than a shorter green bar. The method used to
40
TAKE ACTION!
Having read this chapter, you may now be thinking that a lot of your
existing passwords could stand some improvement. If so, use what
youve learned here to replace them with better passwords today. Of
course, if you have hundreds of bad passwords, changing them all is
not an easy project; for advice, see the sidebar Update Old Passwords.
41
Understand Mac OS Xs
Passwords
In the course of using Mac OS X, youll often encounter the need
for passwords: when you set up a new computer, install new software, connect to a wireless network, and more. Many Mac users
become aggravated at having to type passwords so often. Because
such frequent demands to enter a password are annoying, they
might lead you to choose less secure passwords so that theyre easier
to enter. Apples perspective is that requiring passwords regularly
helps keep your computer and its data safe and secure. In this
chapter, I discuss the various situations in which passwords are
needed in Mac OS X, how to enter and change them, and how secure
they should be.
Change the locks: Many passwordsincluding all the ones
described in this chapterare case-sensitive, which means that
if you accidentally have the Caps Lock key activated, youll type
an incorrect password. Some Mac OS X password dialogs display
a symbol next to the password field when Caps Lock is activated.
On a laptop, the Num Lock key can also lead to typing incorrect
passwordsthough no visual cue appears. If your password is
repeatedly rejected and youre sure youve typed it correctly, make
sure both Caps Lock and Num Lock are deactivated.
LOGIN PASSWORDS
Every computer running Mac OS X has at least one user accounta
means of identifying the person using the Mac at any given time. In
the Accounts preference pane, you can set up additional users if you
like. Each user gets a separate virtual (and private) space in which to
work; this includes access to the users own preferences, documents,
and Finder settings. The password for a user account is called the login
password. Its what you use to log in, thus gaining access to your personal space, but it has other uses too (as I explain a bit later).
42
43
44
Three for all: Note that the next three options apply to all users on
the computer, not just your own account.
Automatic login: By default, Mac OS X logs you in automatically
when you turn on or restart your Mac. If your Mac is in a secure
place where no one but you can access it, thats probably fine; otherwise, its best to disable automatic login (so that the login window
appears every time the computer starts up). You can do this in the
Accounts preference pane: click the lock and authenticate with an
administrator password; then click Login Options and choose Disabled from the Automatic Login pop-up menu (in Leopard or Snow
Leopard) or uncheck Automatically Log In As (in Tiger). Or, open
the Security preference pane (and then, in Leopard or Snow Leopard, go to the General view) and check Disable Automatic Login.
In general, laptops should always have automatic login disabled; for
other computers, the choice depends on whether anyone you dont
trust completely has physical access to your computer.
Automatic logout: When your computer goes to sleep or the
screen saver activates, youre still logged in, and any applications or
documents you had open remain so (even if a password is required
when the computer or display wakes up); this can potentially
increase your vulnerability to certain kinds of network-based
attacks. To take security one step further, you can have Mac OS X
log you out automatically after a period of inactivity; all programs
running under your user account will quit. To activate this feature,
go to the Security preference pane (and then, in Leopard or Snow
Leopard, to the General view), check the Log Out After __ Minutes
of Inactivity checkbox, and enter the desired number of minutes
before automatic logout.
For most users, enabling this setting is unnecessary, but it may
be useful for computers kept in highly public places.
Secure system preferences: Several preference panes contain
settings that affect all users accounts and potentially have security
implications for all users. To make it harder for an unauthorized
user to modify these settings, you can require that an administrator
password be used to unlock each pane individually. (The default
setting is that unlocking one pane unlocks them all.)
46
48
3. Select your usual startup disk. Then, from the pop-up menu below
the volume list, choose the user whose password you want to reset.
(Do not choose System Administrator (root), which represents an
entirely different account!)
4. Enter (and repeat) a new password, and optionally enter a hint.
Click Save, and then click OK.
5. Choose Reset Password > Quit and then Installer > Quit Installer.
Click the Reset button to restart from the hard disk.
Once youve done this, youll still be prompted to enter a password for
your login keychain (see Keychains, toward the end of this chapter). If
that password was the same as your login passwordmeaning it too is
forgottenyoull have to delete that keychain, make a new one, and set
that keychain as the default (see Solve the login Keychain Prompt
Problem).
Resetting an Administrator Password without a CD
or DVD
What if youve misplaced your Mac OS X Install CD or DVD,
or your optical drive isnt working, and you need to reset your
administrator password? Theres another option, although its
more convoluted. The procedure depends on what version of
Mac OS X youre using:
For Mac OS X 10.5 or later: Follow Apples instructions at
http://support.apple.com/kb/TS1543 under if you are unable
to log in.
For Mac OS X 10.4: Try the similar (but not quite identical)
directions at http://www.intelliot.com/blog/2005/02/mac-os-xpassword-recovery/.
MASTER PASSWORD
Mac OS X includes a security feature called FileVault, which encrypts
the entire contents of a users home folder so that all the data on the
machine is protected if the computer is lost or stolen. Like many other
Mac experts, Im unenthusiastic about FileVault. Its a great idea in
theory, but I find the implementation worrisome: its too easy for
49
50
master password, if any, appears below the field. Enter your master
password here and then click Log In.
5. A warning appears, reminding you that changing a users password
creates a new keychain for that user (leaving the old keychain still
present and locked with its previous password). Click OK.
6. Enter (and repeat) a password, and optionally enter a hint. Click
Log In.
Mac OS X logs you in as that user and, if necessary, unlocks FileVault.
ROOT PASSWORD
Mac OS X is based on Unix, and in the Unix world the root user is
the most powerful user on the system, able to do anything up to and
including erasing the operating system itself. With a root password
(that is, the password for the user named root), you can do a tremendous amount of damage. For this reason, the entire root account is
disabled in Mac OS X by default.
Fortunately, almost anything you might need to do as the root user
can be done without enabling this account, as long as you have an
administrator password. And the vast majority of Mac users wont
even need root-user access at all, which is generally exercised only
in the command-line environment of Terminal. So I strongly suggest
that you do not enable the root account, no matter how geeky you are.
Rooting it out: If youre a tech-head working in a command-line
shell and need to log in as root, you can do so (even without the root
account being enabled) with sudo -s, entering your administrator
password when prompted. Be sure to type exit when you finish with
whatever tasks required root access.
If you absolutely must enable the root accountand Im speaking here
only to highly technical people who are certain they have a valid reason
for doing soyou can find instructions at http://support.apple.com/kb/
HT1528. If you do this, be sure to assign to the root user a password
thats different from, and at least as secure as, your administrator
password. (On single-user machines, you can safely use your administrator password as the root password.)
52
FIRMWARE PASSWORD
Because an administrator password can be circumvented relatively
easily (see Reset an Administrator Password), Apple provides additional security in the form of a firmware password. Unlike your other
passwords, this one is stored in the nonvolatile memory of a chip on
your Macs logic board, which means that you cant bypass it even if
you hook up a different hard drive or start from a CD or DVD.
PowerPC-based Macs use a system called Open Firmware; Intel-based
Macs have an analogous system called EFI (Extensible Firmware
Interface). The function of the firmware password is essentially the
same in both cases. No firmware password is set by default, but if you
specify one it has the following effects:
Most special startup modes are disabled that would normally be
activated by holding down one or more keys on the keyboard (such
as Command-S for single-user mode, T for target disk mode, C to
start from a CD or DVD, and Option to select a different startup
disk).
For Macs with PowerPC processors, accessing the Open Firmware
command prompt (by holding down Command-Option-O-F during
startup) requires entering the firmware password.
Holding down Command-Option-P-R during startup doesnt reset
the PRAM (parameter RAM), as it otherwise would.
In other words, the presence of a firmware password blocks most
of the paths someone might use to avoid or reset your administrator
password and get access to your computer and its contents. The downside is that if youre troubleshooting a problem that requires booting
from another volume, resetting the PRAM, or entering single-user
mode, youll have to disable the firmware password first, and then
restart to enable the special key sequences.
be significant. Id opt for one or two words with some simple foils (see
Devise a Pattern for Identity Passwords) to disguise them.
With or without U: Because of a bug affecting Open Firmware
in certain PowerPC Macs, firmware passwords that contain the
capital letter U are not recognized. So avoid that character if you
have one of the affected models. For more information, consult
http://support.apple.com/kb/TA21330.
The tool you use to set, change, or remove a firmware password is
called Firmware Password Utility. For some reason, Apple neither
installs this along with Mac OS X nor offers it as a separate download
on its Web site. Instead, its provided on your Mac OS X Install or
DVD in the (normally hidden) /Applications/Utilities folder.
You can run it from the disc, but I recommend copying it to your
hard disks /Applications/Utilities folder to make it easier to find in
the future. To do this, insert your Mac OS X Install DVD, choose Go >
Go to Folder in the Finder, enter /Volumes/Mac OS X Install DVD/
Applications/Utilities, and click Go. The discs Utilities folder opens
in a new window; from there, you can drag Firmware Password Utility
to your hard disk.
To set your firmware password:
1. Open Firmware Password Utility.
2. Click Change.
3. Check the Require Password to Change Open Firmware Settings
checkbox.
4. Enter a password in the Password field; enter it again in the Verify
field. Click OK.
5. When prompted, enter your administrator password and click OK.
Your firmware password is now set; you can quit Firmware Password
Utility. The next time you restart, the password will be active and will
prevent startup from another volume or in a special mode.
54
55
EMAIL PASSWORD
Your email password may be one of your most valuable passwords.
Apart from the fact that your email may contain all sorts of interesting
personal information about you, consider that many Web sites use
email to remind you of your password if youve forgotten it. Someone
with access to your email account could click the forgot my password
link on a site where you have an account and simply read the resulting
message, thus learning a much more valuable password. For this
reason, I recommend choosing a very strong password for each of
your email accounts (including your MobileMe account, if any).
I must also remind you that even a secure password, if intercepted
in transit, is worthless (see Use Wireless Networks Safely). So take
every precaution to ensure that your email password remains private
especially when using public wireless networks. If your email server
offers secure authentication (such as MD5 Challenge-Response or
Kerberos), use that instead of the insecure Password methodand
note that this applies to both incoming (POP/IMAP/Exchange) and
outgoing (SMTP) email. Better yet, if possible, use SSL/TLS (Secure
Sockets Layer/Transport Layer Security) to encrypt both messages and
passwords traveling between your computer and the server.
In Apple Mail, you can change an accounts password by choosing
Mail > Preferences, clicking Accounts in the toolbar, and selecting the
account from the list on the left. In the Account Information view, you
can set the password for the incoming mail server; to set the SMTP
password (and its authentication options), click the Server Settings
button. To change the authentication method for incoming accounts
and turn SSL on or off, go to the Advanced view.
details), enabling this feature is a good idea. Even in your home, you
cant assume your wireless network is safe; a neighbor or someone in
a car across the street could be monitoring your data, looking for passwords. (I discuss wireless security in Use Wireless Networks Safely.)
A second pass: Besides the password that protects the wireless
network, AirPort base stations and other wireless gateways have a
second password that protects access to the configuration options of
the gateway itselfusing Apples AirPort Admin utility, a third-party
tool, or a Web-based interface. This administrative password is also
quite important; someone who guesses it could change (or eliminate)
the wireless network password and thereby gain access to the whole
network. Learn more about these passwords in Take Control of Your
Wi-Fi Security by Glenn Fleishman and Adam Engst.
In general, you should follow the same procedure for creating a wireless network password that you would for any other security password
(see Create Security Passwords). Bear in mind that since you may need
to share this password with others in your household or office who use
the same gateway, it should be different from your other security passwords and shouldnt follow a pattern that might lead someone to guess
your other passwords.
KEYCHAINS
Since the days of Mac OS 9, Apple has provided a system-wide repository for each user that stores all of that persons user names and the
passwords associated with them; this repository is called a keychain.
The idea is that instead of having to remember (and manually enter)
dozens or hundreds of user names and passwords individually, you let
the keychain remember (and enter) them for you. The keychain itself is
encrypted and protected by a password. By entering just that one password, you unlock all the passwords inside the keychain; the system
then hands them to applications, network servers, or other resources
as necessary. Not all applications that use passwords are designed to
support the keychain, but most do.
All chained up: Although I use the word keychain in the singular
(as does Mac OS X in most cases), you can have more than one
keychain. I discuss the variety of keychains, and issues involving
the use of multiple keychains, in the next chapter, Use Keychain
Access.
Whenever someone creates a user account, Mac OS X creates a
keychain named login for that account. (In some earlier versions
of Mac OS X, this keychain was given a name matching the users
short namefor example, johnsmith. If you had such a keychain in
the past and either updated Mac OS X or copied your user data from
one machine to another, your current keychain may still have that
name.) Normally, this is your default keychain, and the only one
youll interact with regularly.
Heres an example of how a keychain can work: Suppose you have two
Macs networked together, and one of them has File Sharing turned on.
When you go to the other Mac, the first Mac appears in the Finders
sidebar under Shared. You select its icon and click Connect. An authentication dialog (Figure 3) appears.
58
After selecting Registered User and entering a valid user name and
password for the computer to which youre connecting, you check
Remember This Password in My Keychain and click Connect. Behind
the scenes, Mac OS X makes a new keychain entry containing the
address of the Mac youre connecting to and the user name and password you need to connect to that Mac. Assuming your keychain is
unlocked, the next time the authentication dialog appears for this
server, its already filled in; you need only click Connect. (Had you not
checked Remember This Password in My Keychain earlier, you would
have been presented with blank Name and Password fields to fill in
manually.)
By default, your keychain password is the same as your login password. Upon login, if your keychain is named login (or has the same
name as your user name) and your login password is the same as
your keychain password, your keychain is unlocked automatically.
Of course, by default, Mac OS X also logs you in automatically when
you turn on your computer. In other words, unless you change those
default settings, your keychain is unlocked every time you turn on your
computernot a terribly secure situation! Therefore, unless you use
your computer only in a setting where other people cant physically
access it, I recommend changing your keychain password so that its
59
different from your login password (see Use Keychain Access) and
turning off automatic login (see Use Your Login Password).
Note: Your keychain interacts with most parts of Mac OS X, but
since you cant access it until youve logged in, it cant automatically fill in your login password or firmware password. You can
enter those passwords in your keychain manually if you want to,
simply to have a secure place to keep them.
61
62
63
Figure 4: The main Keychain Access window lists all your password
items.
The passwords (along with certificates, secure notes, and other keychain items) appear in a list. As with most lists, you can click a column
heading to sort by that heading; click a second time to reverse the sort
order. If youre unable to locate a certain password by name, you can
use either or both of two shortcuts:
Click an item in the Category list on the left to show only items in
that category. (Note that Passwords has three subcategories.)
Enter part of a domain name, user name, or application name in
the Spotlight search field in the upper right of the window to look
for matching items. (Spotlight can see the items names and account
information, but not your passwords themselves.)
Once youve located the item that youre looking for, double-click it
to open it in a new window (Figure 5). The Attributes pane in this
window displays Name, Kind, Account, and Where fields for the item
(the latter being the application or URL where it applies), and an
optional Comments field. (These fields are all editable; see Add or
Change Passwords, later.)
64
Figure 5: You can view the password, or enter or edit password item
details, in the Attributes view.
To see the password associated with the item, check the Show
Password checkbox. In the access confirmation dialog that appears
(Figure 6), enter your keychain password and click either Always
Allow (to prevent this dialog from appearing again for this particular
item) or Allow (to display the password but require entry of your
keychain password if this item is opened again in the future). If these
options annoy or confuse you, see the sidebar Confirming Access,
following the figure.
Confirming Access
An access confirmation dialog appears any time an application
requests access to an existing password in your keychain and
the application is not already listed as one youve authorized to
use that password. This applies not only to Web browsers and
third-party utilities but also inside Keychain Access. Keychain
Access asks you to enter your keychain password each time;
other software may or may not require a password, depending
on a given password items access control settings (shown in its
Access Control view in Keychain Access).
Either way, this dialog is notoriously frustrating and puzzling. Why
should Keychain Access need my password again, since I already
had to enter it to unlock my keychain? And why would I not want
to grant myself permanent access to see or use the item?
In a nutshell: Apple is trying to close every possible security hole.
For example, perhaps Ive unlocked my keychain and, without
having turned on automatic keychain locking, walked away from
my Mac. Now someone comes along and opens Keychain Access.
Without having to enter my keychain password (again) to view
each item, this person could access all my passwords!
As for the Allow versus Always Allow choices in the access confirmation dialog, it comes down to how secure your Mac is. If you
take good security precautions and are confident that no one will
ever be able to view your keychain without your password, Always
Allow is a perfectly good choice. Its also the logical choice for Web
browsers, email clients, and the like, which use your passwords
frequently. However, if your computer is in a public (or insecure)
location or if you simply want to be extra cautious, go with the
safer Allow option. (Why Deny is there at all, I dont know; if you
have the password, I cant figure out why youd deny yourself
access. Deny functions more as a Cancel button.)
Figure 7: The Access Control view lets you set which applications
can interact with this password item without asking for permission
each time.
The programs listed are the ones that have full access to that password
item. If you later change your mind and want to require a particular
program to ask for a keychain password each time it uses that password item, select the item in the list and click the minus
icon.
(Although you can also add applications in this window, I recommend
67
68
DELETE PASSWORDS
If youve canceled an account or for some other reason no longer want
your keychain to remember a password, you can delete the password.
Simply select it and either press Delete or choose Edit > Delete. Confirm the deletion by clicking the Delete button.
On Safari: Safari has its own interface for removing passwords:
choose Safari > Preferences, click AutoFill, and then click the Edit
button next to User Names and Passwords. Select an item in this list
and click Remove to delete it. When you delete the item in Safari, it
disappears from Keychain Access too. If you delete a password item
in Keychain Access, however, the change doesnt show in Safaris
AutoFill list until you quit and relaunch Safari.
Another reason for deleting passwords is duplicates. For example,
suppose you fill out a Web form with a user name and password and
ask Safari to remember them in your keychain; then the Web site
displays an error message and you realize you entered the wrong user
name. You try again, and this time you succeed. Now your keychain
has two separate entries, one for each user name you entered! If, while
69
scanning your keychain, you notice such duplicates, feel free to delete
the wrong one (usually the one with the earlier modification date). On
the other hand, having extra entries does no harm, because by default
Mac OS X uses the most recent entry for any given URL.
name is not the same as your user name. In the Keychains list in
Keychain Access, the default keychain is shown in boldface.
Unless you have a special reason for choosing otherwise, your default
keychain should be the one that matches your user name. If thats not
the case and you want to fix it, select your keychain and choose File >
Make Keychain keychain-name Default.
Figure 9: I just tried to delete a keychain. Whats all this file and
reference stuff? In most cases, you probably want to delete both.
In this context, only one reference (or one reference and one file, if
you click Delete References & Files) would be deleted, in spite of the
plural used in the button labels. Heres what they are:
The file is the actual keychain file on the disk. These files are stored
in /Library/Keychains (for system-wide keychains) or ~/Library/
Keychains (for user-specific ones).
72
73
Figure 10: Youll see this list after you choose Edit > Keychain List,
letting you add or delete keychain references.
button.
The keychain disappears from both the Keychain List and the main
Keychain Access window.
If you later want to add a previously deleted keychain, do this:
1. Choose Edit > Keychain List.
2. Click the plus
button.
3. Navigate to the keychain file on your disk. Select it and click Open.
The newly added keychain file appears in both the Keychain List and
the main Keychain Access window.
74
Figure 11: You can store free-form notes of any kind in a secure
note.
75
Figure 12: Keychain First Aid, built into Keychain Access, lets you
repair keychain problems with a couple of clicks.
77
However, if you prefer to have the passwords match so that you dont
encounter the prompts, follow these steps:
1. Open Keychain Access (in /Applications/Utilities).
2. If the Keychains list is not showing on the upper left in the window,
click the Show Keychains button at the bottom.
3. In the list, locate the login keychain. Your next step depends on
whether you know the password for this keychain:
If its already unlocked, its password is the same as your login
password; follow Steps 46.
If its locked, click the lock icon to the left of the keychain name
to unlock it; if youre successful, proceed with Steps 46, otherwise follow Steps 710.
If you know your login keychains password:
4. Select the login keychain in the list.
5. Choose Edit > Change Password for Keychain login.
6. Enter the current password, enter and verify your login password,
and click OK.
If you do not know your old keychains password:
7. Select your old keychain in the list and choose File > Delete
Keychain login. Click the Delete References & Files button.
8. The old keychain will still appear in the list, but without its icon. To
remove this phantom entry, choose Edit > Keychain List. Select the
old keychain in this list and click the
button.
9. Choose File > New Keychain, name it login, and click Create.
Enter and verify your login password, and click OK.
10. Select the login keychain and choose File > Make Keychain login
Default.
Your new login keychain is ready for use.
78
Figure 13: The Keychain menu gives you a quick, system-wide way
to lock and unlock keychains.
79
Use Passwords
on the Web
If your experience is anything like mine, the vast majority of the
passwords you have to create and remember involve Web sites
in some way. Ive had to create passwords for discussion forums,
technical support sites, newsletters, social bookmarking sites,
photo-sharing sites, and many others. (Most of these are used
purely for identification, but a fewsuch as passwords for eBay
and PayPalinvolve money and thus require greater security.)
In all these, the common thread is that the site must keep track
of some information about me while enabling me to change that
information. For example, suppose Ive signed up to receive the
weekly TidBITS newsletter. To send me the newsletter, TidBITS
needs my email address, but my address could change. So I have a
TidBITS user name and password with which I can log in to a Web
page to change my address (among other tasks).
From reading Learn Password Basics and Generate Good Passwords
you already know most of what you need to know to come up with
passwords for any purpose, but Web sites introduce some additional
complexity. For example, theres the matter of needing to supply
user nameswhat should you pick? And what about those verification questions that enable you to reset a lost passwordare they a
godsend or a security risk? Theres also the surprisingly complex
question of whether, or how, to have your browser or another utility
fill in user names and passwords for you. (You can even, in certain
cases, get around the need to have any password at all.)
80
81
Having one user name that works for all sites would be ideal, but,
frustratingly, no combination of characters Ive found has been suitable for every single site and service. More frustratingly, some sites
are set up such that you can change any piece of information about
yourself except your user name. So, in cases where my user name is
my email address, I may be out of luck if my address changes.
Taking all this into account, allow me to offer some advice about
choosing good user names:
Pick a user name thats highly likely to be unique. Your email
address qualifies nicely; however, you may want to avoid using it
as a user name in these situations (though, unfortunately, you may
not be able to tell all these things in advance):
82
Verification Questions
Some Web sites, particularly those that deal with money, require
you to supplyin addition to a user name and passwordthe
answers to one or more verification questions. Sometimes you get
to choose which of several questions to answer (What was your
first pets name? In what city were you born? What is your
mothers maiden name?); other times youre asked to type in
your own question and its answer. On occasion Ive had to choose
and answer as many as three verification questions.
These questions are designed to help you prove your identity if
you lose or forget your password. The supposition is that only you
know the answers to these questions, so if you claim to have lost
your password and answer the questions correctly, your password
will be revealed (or reset so that you can choose a new one).
The problem with verification questions is that most of them are
too obvious. Your mothers maiden name and the town you grew
up in are not secrets. Theyre matters of public record, fairly easily
discoverable if someone is willing to do the research. If you maintain a blog, you might have mentioned things like your first pets
name at some point, making that information public too. Armed
with such facts, someone could steal your password.
If you can choose among several questions, choose those whose
answers are least obvious. If you can choose your own question,
make it as obscure as possible (something like What was the
middle name of my best friend in junior high school?).
Safari
Safari has a particularly good AutoFill feature, which makes use of
the keychain for usernames and passwords, Address Book for contact
information, and a private cache for other form data.
To activate AutoFill:
1. Choose Safari > Preferences.
2. Click AutoFill.
3. To use the information in your Address Book card to fill in contact
information, check Using Info from My Address Book Card. To
store (and retrieve) user names and passwords using your default
keychain, check User Names and Passwords. To use Safaris cache
for filling in form data of other sorts, check Other Forms.
Once youve turned on AutoFill, Safari begins collecting information
as you visit Web sites and fill out forms. For example, the next time
you enter your user name and password at a site, Safari displays
the dialog shown in Figure 14.
Figure 14: When you enter a new user name and password on a
Web form in Safari, this alert asks if they should be stored in your
default keychain.
To save the information youve just entered in your keychain, click Yes.
If you dont want to save the information now but think you might
want to later, click Not Now. If you never want to store the information
84
for this site and dont want to be prompted to do so again, click Never
for This Website. Regardless of what you click, Safari then uses the
information you provided to log in to the site.
If you choose to store the information, the next time you visit that page
Safari automatically fills in your user name and password as soon as
the page loads. As for the other form data (such as contact information), you can fill it in automatically in either of two ways:
Choose Edit > AutoFill Form (or press Command-Shift-A). Safari
fills in as many fields as it can.
Begin typing in any of the fields (such as Name). Safari attempts
to fill in the rest of that field with matching data from your Address
Book card or Safaris cache. If you then press Tab to move to other
fields, Safari fills in all of them too.
Warning! Depending on the way a given form is designed, Safari
might not be able to fill in some of the fields, or might put the wrong
information in some of them. Be sure to check all the values before
submitting the form!
If you later want to remove any of the stored passwords, you can delete
them either within Safari (click the Edit button beside User Names and
Passwords, select an entry, and click Remove) or by using Keychain
Access (consult Use Keychain Access). To remove other stored form
data, follow the same procedure, except click the Edit button next to
Other Forms.
Tip: Safaris AutoFill feature is good, but its not without limitations. For example, it cant access fields in certain forms (such
as those on many bank Web sites), it has trouble when you have
more than one account per site, and it cant share its form data
with certain other browsers (such as Firefox). A utility called
1Password can solve these problems and more.
85
Other Browsers
Safari isnt the only game in town. Many people prefer other browsers,
such as Firefox, Camino, and OmniWeb. Heres what several thirdparty browsers offer in terms of AutoFill:
Camino: Camino saves user names and passwords in the keychain
(much like Safari). It can also fill in arbitrary forms with information from your Address Book card, but it cant fill in other random
form fields.
Chrome: Googles much-hyped browser also uses the keychain to
store passwords. It can fill in not only information from your own
Address Book card but also other addresses, and even credit card
information, that you enter yourself.
Firefox: Firefox stores passwords and form data in its own private
database. It automatically fills in forms, but only if youve already
filled out that particular form yourself previously; unlike Safari, it
cant fill in contact information on arbitrary forms.
Flock: Flocks AutoFill capabilities are the same as Firefoxs.
iCab: Like Safari, Camino, and Chrome, iCab can store user names
and passwords in your keychain. (You can also opt to store them
separately.) It can fill in other forms, too, but only after youve
manually entered form data in its Forms Manager window.
OmniWeb: OmniWebs AutoFill feature is in some respects even
better than Safaris. It uses the keychain and Address Book, but it
enables you to edit contact information right in the browser. It also
has an Autocomplete feature that can remember and rapidly fill in
up to 5000 different pieces of information on nearly any form.
Opera: Opera includes a feature called Wand that can fill in user
names, passwords, and a limited set of contact information. All the
information is stored in a proprietary database.
Note: When I say credentials in this book, Im referring to the
combination of a user name and passwordeverything you need
to identify yourself to a computer system.
86
87
Use Third-Party
Password Tools
Whats not to like about your keychain? Its nicely integrated with
Mac OS X and with most applications that use passwords, it protects
data with strong encryption, Apple includes a capable management
tool (Keychain Access), and you can use all this without purchasing
any additional software.
For all its virtues, Apples keychain system has some limitations,
and numerous third-party utilities have emerged to address them.
Among the limitations are the following:
Not all applications support the keychain (Firefox and Thunderbird, for example, rely instead on their own keychains). This
means you may have to store duplicate user name and password
information in multiple places.
Some Web sites, including many banking sites, have forms
designed to thwart browsers autofill mechanisms. They do this
to provide an extra layer of protection against password misuse,
but at the cost of your convenience.
Apple lets you synchronize your keychains with a MobileMe
account, but not view the keychains content online or using a
Windows computer, an iOS device, or another mobile device.
Password Assistant, Apples tool for suggesting new passwords,
isnt as flexible or convenient as it could be.
Dozens of password utilities exist for Mac OS X; Id like to call to
your attention the ones I consider most useful.
1PASSWORD
Let me get right to the point: 1Password (http://1password.com/) is
the best, most capable, and most flexible password utility on the Mac
by far. It includes an excellent password generator, stores and manages
88
and any other form data) in 1Passwords database for future use
all with exactly two clicks. One: choose Strong Password Generator
from 1Passwords integrated menu. Two (assuming you dont want
to change any settings from the last use): click Fillor press Return,
making it one click! It doesnt get any easier than that. Later, to
log back in to a page for which youve stored your credentials in
1Password, you can press a user-definable key combination to fill
them in and click the OK button (or Log In or other default button).
Multiple sets of credentials: Sometimes you need to store more
than one user namepassword set for a given domain, and in such
cases, Safari offers no way to choose between sets of credentials. But
in 1Password, its easy.
Credit card information: Securely store the account information
for any or all of your credit cards, and use any of them to fill in an
online order form with just one click.
And those are only a few of the highlights. 1Password has a long list
of other featuressecure note storage, password strength indicators,
automatic integrated backup, and wireless iOS device synchronization,
to name a few. It truly has everything you need in a password utility.
1Password is easy to use. It would take many more pages than I can
devote here to do justice to all its features, but I do want to highlight
two capabilities that I think are particularly important and relevant to
readers of this book.
90
All three offer the same basic features, including strong encryption, onthe-go generation of new passwords, easy Wi-Fi syncing with your Mac
or via Dropbox (https://www.dropbox.com/), and integration with
Safari by way of a special JavaScript bookmarklet. The Pro version is
a universal app that features both iPhone/iPod touch and iPad user
interfaces, so you can save money if you have both types of device.
1Password Anywhere
Whether or not you carry a device in your pocket that can run a version
of 1Password, you may want to take advantage of a feature called
1Password Anywhere, which automatically saves all your credentials as
a secure Web page. By secure Web page I mean a single HTML page
containing all your data in a safely encrypted form, plus the necessary
JavaScript code to decrypt it when you supply your password. This
page is stored automatically in your 1Password keychain (a special folder that ordinarily looks like a file, but which you can open to display
its contents). That means you can store your 1Password data in a portable format, accessible from nearly any computer with a Web browser.
You dont have to do anything special to create this Web page; you
need only be sure you have mobile access to your 1Password keychain.
You might, for example, choose your Dropbox as the storage location
for your 1Password keychain file, or put a copy of the file on your Web
server or on a USB flash drive that you carry around with you.
To find out where youve stored your 1Password keychain, open
1Passwords General preference pane. The path to the keychain is at
the top of the pane. If you want to move the keychain to, say, your
Dropbox folder, click the Move button below the path.
Then, to access your secure data, do the following:
1. On a Mac, right-click (Control-click) the 1Password.agilekeychain
icon and choose Show Package Contents. (On any other platform,
1Password.agilekeychain appears as a folder already.)
2. Open the file 1Password.html. For example, double-click it to open
it in your default Web browser.
3. Enter your 1Password master password and click Unlock to view
your data. Click the lock icon in the upper-right corner of the window to relock it, or simply close the tab or window containing your
1Password data when youre done.
91
92
94
95
side). You can store the master Web Confidential password in your
keychain, though doing so reduces your Web Confidential security
to the level of the keychain. Like most password managers, Web
Confidential includes a password generator.
http://www.web-confidential.com/ (Mac or Windows version, $20)
Yojimbo: Yojimbo is more of a general-purpose snippet keeper
than a simple password manager. It stores everything from URLs,
notes, and short text clippings to complete Web pages, PDF files,
and other complex documents, making it more versatile than
info.xhead. It includes explicit support for passwords, of course,
and all passwords are automatically encrypted with Yojimbos
strong AES-256 encryption. In addition, you can encrypt any other
item in Yojimbo manually, making it ideal for storing sensitive
information that wouldnt fit in other password managers. Unfortunately, its interaction with your browsers and other applications
is limited to copy and paste.
http://www.barebones.com/products/yojimbo/ ($39)
98
99
100
101
BIOMETRIC DEVICES
There are three broad categories of authentication: something you
know (usually a password); something you are (a unique, measurable
physical characteristic, such as a fingerprint or iris pattern); and something you have (a smart card, token, or other device that can be identified uniquelysomething I dont cover in this book).
Passwords provide a reasonably good way to protect access to data
and resources, but in some cases they may not be enough. After all,
passwords can be guessed, found, or stolen. So where greater security
is needed, you may want to use other forms of authentication instead
of a passwordor, better yet, in addition to one.
Note: Authentication that uses just one means of identification
(for example, just a password or just a fingerprint scan) is called
single-factor authentication. Multi-factor authentication, which is
much more secure, requires two or more means of identifying
yourself (such as a password and a fingerprint scan).
103
104
Keep Your
Passwords Secure
If you stored your fortune in a safe deposit box, you wouldnt keep
the key hanging on a hook outside your house. The same should
be true of your passwords: if you keep them written on sticky notes
at your desk, theyre not safe. But even if you don write them down,
there are many ways that someone might discover your passwords.
In this chapter, I look at some of the ways your passwords might fall
into the wrong hands, and give you tips on keeping them safe. I also
discuss recovering forgotten passwords, backing up your passwords,
and devising a plan to ensure that your passwords are available in
case of emergency.
the paper with the password for the million-dollar bank account.
As a passwords value increases, so do the risks of writing it down.
If you click a forgot my password link and a site emails you your
password, that password is only as safe as the password used to
access your email account (and possibly much less secure; see the
next section, Use Wireless Networks Safely).
If you keep a password in your keychain (or other password manager), the password is only as safe as the keychains password.
If you type the password into a file on your computer, the password
isnt safe at all. (Remember, Spotlight makes it very easy to find
files, even if theyre hidden in an obscure folder.) If you encrypt
the file that holds the password, its only as safe as the password
protecting the encrypted fileand that depends further on the
encryption method, since some methods are easier to crack than
others, regardless of the password strength.
Taking all these situations into account, my advice is:
If you write down any of your passwords, keep them in a very safe
place (such as on your person). For increased security, modify them
in some way (such as reversing the order of the characters). For
ideas about writing down passwords that someone else may need
to access, read Prepare an Emergency Password Plan.
Make all security passwords equally secure.
Change default system settings to protect your login password
(covered in Use Your Login Password).
Take appropriate precautions when using wireless networks (see the
next page).
Store passwords in a keychain (or other password manager), but
make your keychains password at least as secure as any password
it contains, lock your keychain when not in use (described in Use
Your Keychain Password), and back up your keychain (see Back Up
Your Passwords, shortly ahead).
106
You can solve this problem in any of several ways, each with its pros
and cons. Ideally, youll use a combination of several of them.
Use SSL/TLS
To secure information flowing between an application on your computer (such as an email client or Web browser) and a server, most
developers have chosen SSL/TLS (Secure Sockets Layer/Transport
Layer Security). (SSL is the old name for the technology and what its
generally called; TLS is actually whats in use in many cases, and its
backward-compatible with SSL.) If you log in to your banks Web site,
for example, youll notice signs that the page youre viewing is protected with SSL: a closed lock icon in the corner of your browser and
a URL beginning with https. SSL encryption works over any kind of
network and is completely transparent to you (after youve entered
your user name and password). So even on an insecure wireless
network with hackers prowling about, your data is safe.
You should be aware, though, that only the particular Web pages,
email accounts, or other resources that are SSL-protected are safe.
So, although you can log in to your bank account securely, the next
Web site you visit may transmit all your information without encryption. (Some sites can be accessed with or without SSL.) The presence
or absence of that little lock icon can be too easy to miss.
Note: I cover all the details of configuring Apple Mail to use SSL in
my book Take Control of Apple Mail in Snow Leopard.
108
Use a VPN
If youre unsure whether your wireless network is properly encrypted,
if youre stuck using an email server that doesnt offer SSL with secure
authentication, or if you want to be sure all your data is protected
(even when you visit insecure Web sites), your best bet is to use a
virtual private network (VPN). This type of encryption sends all data
between your computer and a remote server through an encrypted
tunnel, rather than encrypting only certain bits of it (as with SSL) or
only the connection between your computer and the nearest wireless
gateway (as with WPA). Its the safest way to compute wirelessly.
You can set up a VPN in any of several ways. For example, you can buy
a device called a VPN server or remote gateway that sits on your home
or office network, and then connect to this box from your local caf. Or
you can use free or commercial software to set up a computer on your
network to function as a VPN server, and connect to that. A simpler
(and in many cases less expensive) option is to sign up for a VPN service. Using either the Internet Connect application included with Mac
OS X or free, open-source software, you configure your Mac to connect
to the services network, and (after a small monthly fee) youre done.
Four companies that offer such a service are:
Hotspot Shield: http://www.hotspotshield.com/ (free; adsupported)
HotSpotVPN: http://www.hotspotvpn.com/ ($8.88 per month)
PublicVPN.com: http://www.publicvpn.com/ ($6.95 per month
or $69.95 per year)
personalVPN: http://www.witopia.net/ ($39.99$69.99 per
year, depending on options selected)
Note: The types of wireless security I cover here are not the only
ones available. For much more detailed information on these and
other options, I refer you again to Take Control of Your Wi-Fi
Security.
109
110
you click this link, the site might provide you with your password
hint (see the sidebar Take (or Leave) a Hint) or ask you verification
questions (see the sidebar Verification Questions). More frequently,
though, it will email you either your password or a special URL that
will enable you to reset your password and choose a new one. If you
dont see such a link, and if the sites FAQ page has no instructions
for dealing with lost passwords, contact the companys technical
support department for help.
Login passwords: If you know the password of the original
administrator on your computer, you can reset any other users
password (consult Reset an Administrator Password). Also, you can
reset any login password if you know the Macs master password
(read Use Your Master Password). If no master or administrator
password is available, you can reset the password for the computers
default account (refer to the second set of steps in Reset an
Administrator Password).
The vault is sealed: If a user has FileVault enabled, only that
users password or the master password can unlock the FileVault
data. If both passwords are lost, recovery is impossible.
Master password: I know of no way to recover a forgotten master
password, but you can remove it altogether. To do so, in the Finder,
navigate to /Library/Keychains. Drag the two FileVaultMaster
files to the Trash and enter your administrator password when
prompted.
Root password: Any administrator can reset the root password.
To do so, open Terminal and enter sudo passwd root. Enter your
administrator password and then a new root password (and confirm
it when prompted).
Firmware password: To reset the firmware password, see the
sidebar The Too-Open Firmware Password.
Email passwords: If you forget your email password, contact
your email providers technical support department for assistance.
112
113
Tip: I cover all the details of backing up your datanot just your
keychainsin my comprehensive book Take Control of Mac OS X
Backups. Or, for a simpler approach, read Take Control of Easy
Mac Backups.
PREPARE AN EMERGENCY
PASSWORD PLAN
Suppose youve chosen excellent passwords and stored them only in
your keychain (or in your head), but then youre in a terrible accident.
While you lie unconscious in a hospital bed, your spouse, employer,
or attorney urgently needs access to something protected by those
passwordsa bank account, insurance records, your email, or whatnot.
We dont like to think about such eventualities, but they do occur. If
you become incapacitated or die, how will someone else be able to
reach your password-protected data?
I can suggest several alternatives you might consider:
Keep a list of important passwords in a safe deposit box, and make
sure a trusted loved one has the key. But remember: your passwords
are now only as safe as any key to that box!
Use your keychain (or other password manager) to store your
important passwords, and ask your loved one to memorize your
keychain password. Be sure this person knows how to unlock it,
too! (A periodic practice run is a good idea.) One downside to this
approach is that if your computer is lost, stolen, or damaged, your
keychainand all the passwords inside itwill be inaccessible.
Write down your important passwords (or just your keychain
password) in an extremely obscure location, but one that both
you and a loved one can easily remember. Of course, theres no
guarantee that a thief wouldnt stumble on it, but if youre clever
enough, you can minimize that risk. Here are some examples:
115
116
EBOOK EXTRAS
You can access extras related to this ebook on the Web. Once youre on
the ebooks Take Control Extras page, you can:
Download any available new version of the ebook for free, or buy a
subsequent edition at a discount.
Download various formats, including PDF andusuallyEPUB and
Mobipocket. (Learn about reading this ebook on handheld devices
at http://www.takecontrolbooks.com/device-advice.)
Read postings to the ebooks blog. These may include new information and tips, as well as links to author interviews. At the top of
the blog, you can also see any update plans for the ebook.
Get a discount when you order a print copy of the ebook.
AUTHORS ACKNOWLEDGMENTS
Id like to thank Caroline Rose for her outstandingly talented and
speedy editing. The Take Control authors, editors, and hangers-on
who reviewed this book showed their usual insight, helping to improve
the text greatly. This book has been brought to you by the letters P
(capital) and w (lowercase), the number 1, and the symbols $ and .
SHAMELESS PLUG
Although I write about computers as my day job, I have a great many
other interests, which I write about on several Web sites, including
Interesting Thing of the Day and my personal blog. You can find links
to all my sites, a complete list of my publications, and more personal
details about me at JoeKissell.com.
PRODUCTION CREDITS
Take Control logo: Jeff Tolbert
Cover design: Jon Hersh
Editor: Caroline Rose
Editor in Chief: Tonya Engst
Publisher: Adam Engst
118
Featured Titles
Click any book title below or visit our Web catalog to add more
ebooks to your Take Control collection!
1Password
20%
OFF