“As far as made-up holidays go, ‘World Password Day’ doesn’t quite have the same cachet as, say, Father’s Day, or even National Pancake Day (March 8th),” Brian Barrett reports for Wired.
MacDailyNews Take: All holidays are made-up.
“Still, it’s as good an excuse as any to fix your bad passwords,” Barrett reports. “Or better yet, to finally realize that the password you thought was good still needs some work.”
“By now you know the basics of password security. Don’t write them down, get a password manager, use two-factor authentication whenever possible, and don’t use anything that’s easily guessable,” Barrett reports. “(Looking at you, ‘111111’ crowd).”
“WIRED asked a field of password security experts for their favorite unexpected advice, the best practices that might save you the most headache in the long run,” Barrett reports. “Here are seven tips and tricks to keep your digital locks secure.”
Read more in the full article here.
MacDailyNews Take: Good tips!
For information about Apple’s OS X Keychain Access app, including how to copy keychains to other Macs, Apple’s Keychain Access support documents are here.
1Password and generate long inconceivable passwords. Done.
But if you’ve GOT to have passwords that you have to remember, rather than using things you like, use things you DISLIKE(d) for it. For me, for example, “H0tdoG#mus4ard&0n1onZ” would be one I could easily remember, yet no one would associate with me since I don’t really make a big deal about my dislikes.
But don’t get me started on kim chi. 🙂
The #1 Rule of Security (and computing in general) is…
Make A Backup!
Make a few backups. Regularly! Incrementally! Keep one off site and away from the computer incase you get ransom-wared.
Regarding passwords:
NEVER use the same password twice. Make them as unguessable, random and long, using as many different characters as is practically possible. That means: Use an encrypted password collection application such as 1Password or LastPass. Apple’s built-in Keychain is very helpful as well.
Note: I also keep a second copy of all my passwords in a text file I keep on an encrypted sparse bundle disk image I created in Apple’s Disk Utility. I have the encrypted disk image, which has its own unique password, boot open when I start my Macs. This has saved my butt a few times when the password collection applications have borked/bungled/blundered. This text file essentially acts as… a backup!
I would recommend doing the same with your online life as I have done for a long time with my cars: I don’t have anything worth stealing!
Oh god, all of those stupid password suggestions…
This is what end users hear:
“Pick a phrase. Apply a modified fibonacci series to the letters and implement a simple substitution cipher based on a random page in the dictionary to arrive at a cryptext. Roll a six sided die and use the next 13 characters starting from the result. Do this uniquely for every website that wants a password so you can post a funny picture, comment or even look at their offerings, and change it every three months. Don’t forget to memorize them and burn any copies. Don’t forget posting pictures on reddit is JUST as important as doing your banking, so treat every password as a critical link the the chain!”
Or to put it in layman’s terms:
They they go “F*ck it. I’ll make it ‘password’ and append a number on it like always. I don’t have time for this bullshit!”
And you know? they’re right. If we made using credit cards, driving a car or locking your house as convoluted as this bs, we’d all use cash, ride horse hand just have mean dogs at home. “F*ck it! I don’t have time for this bullshit!”
Until the people running these systems comprehend that people aren’t being stupid picking passwords like ‘password’ they’re ROUTING AROUND OBSTRUCTIONS, systems security will be the pits.
my kingdom for an edit function. Sigh.
“Or to put it in laymans terms: https://www.youtube.com/watch?v=ss2hULhXf04 ”
Then they go “F*ck it!…”
My – I don’t care sites have the most random complex passwords… Why? because I don’t care, I use a password manager. The important sites have passwords I can remember and easy to type – and dual factor. Sure I do follow alpha case, numbers and symbols, but it’s also something that flows off the keyboard, and makes sense to me… Am I perfect, no, but like the article writes, you only have to withstand xxxx number of attempts, before they move on…
Secondly, your password isn’t going to be guessed, it will be hacked from the backend, because the website you visited is vulnerable or you let a trojan in. That’s really where we have problems, we have to depend on admins doing their jobs…