Definitely consider enabling a firmware password,
Another password?!
(Yes, I plan on setting an EFI password as well.)
That is a given.
and enabling "require password when waking from sleep or screen saver"
Yep, I started doing that back this Spring.
and enabling Find my Mac with iCloud.
The "Cloud" worries me dearly, and I see this as a double-edged sword. I see it as more of a risk than a plus, and since I will be using FileValut2 with a secure Pass-Phrase among other things, the iCloud options doesn't seem like it is worth it.
(My goal is to protect my data. The laptop isn't that much of a concern to me.)
The firmware password can be bypassed with the proper know how but it's a quick deterrent that could land your Mac in a service shop should it be stolen by someone with said know how.
Actually, if you set an EFI Password on a post 2011 Mac is is *very* bullet-proof...
(Check out this older
thread of mine on this topic!)
You might even put a "If found please contact
JoeBlow@gmail.org 555-555-555" sticker on the inside of the bottom case so that if it does end up at Apple or a service shop the technicians have a red flag that it's stolen and a way to contact the proper owner.
I already do this under my battery. (Guess I'll have to do that on my new cMBP when I crack the case to switch HDD's...)
Worst case though iCloud will still allow you to wipe your Mac remotely, hopefully keeping your data away from a thief.
True, although with FileVault2, that is less necessary.
With that said I would put the main password focus on your email passwords as these are indeed gateways to finding out more about you, leading to many more possible break ins. The rest I wouldn't go overboard with.
E-mail is another whole big topic...
I have AT&T as my primary e-mail, and do you realize that up until recently you could only use Letters and Numbers?!
Here is their latest "security" policy which is making me wonder if I should ditch AT&T e-mail...
Password Restrictions
Passwords are case-sensitive
The password must be 6-24 characters and may consist of a combination of upper and lowercase letters, numbers, underscore (_), or hyphens (-).
Passwords can't be all letters or all numbers.
The password can't be the same as your AT&T Access ID.
The password can't contain the words "password", "admin", "pa$$w0rd", or other common words.
Leaves A LOT to be desired, huh?!
Maybe use "leet'ish" spellings with special characters or added numerals, like Ne7w0rk84 or Ne7w0rk$. They can still be cracked fairly easily but in all honesty the likelihood of that is minimal. You'll be far above the majority of people who are still using names (grandma, robert), birthdays (021475), pin numbers (0214), colors (orange), combinations of these (robert021475), etc.
I think I came up with a good Pass-Phrase for WiTopia, although I am wondering if it would be okay to use the same password for both my WiTopia Portal Account (i.e manage account) and the WiTopia VPN Account (i.e. sign in to VPN)...
(Could use a tip here.)
Piggybacking, adding characters here and there, is probably ok for the other accounts as well. I wouldn't use the same password for two sites but using App1e84 for MacRumors and App1e85 for WiTopia would probably be fine.
Well, for trivial accounts (e.g. Usergroups, Online Newspapers) I do use the same password, but for any of the ones in my OP, I would never do that.
Someone would have to really be targeting you to crack both of those, unless of course they break into your email account.
Part of my concern in my OP is "cross-pollination" whereby getting into one system gets you into many.
For instance, while I really like my AT&T Hotspot, the idiot designers put no way to password-protect the physical device?!
So you can walk up to my hotspot, click on two buttons, and have both the Admin Password and the Main Password?!
And originally I was going to use the same password for my new cMBP and my Hotspot.
So there is a case where a seemingly innocent decision could be catastrophic... Like, I go to the bathroom at McDonalds, someone walks over, taps my Hotspot, gets the password, then uses it to log into my MacBook, and gets into my e-mail, and resets my accounts all in a matter of minutes...
The big thing you're wanting to avoid is using a word from the dictionary that can be cracked easily and/or the same password across multiple websites. Consider the LinkedIN password theft a few years ago. Just because my App1e84 password was compromised doesn't mean they are going to automatically try App1e85, instead it's added to a large database that will toss these known passwords at logins until one works.
But I think using a PHRASE of common words should be okay.
For instance, from what I have read, this Pass-Phrase...
Code:
Judy stared into the endless ocean
...would be more secure than this traditional Password...
...because it is longer.
And if you added in some nonsensical characters into that Pass-phrase, then I think the security goes up exponentially.
For instance...
Code:
Judy_stared into the 3ndless @cean
At least that is my understanding of the latest theories on Passwords and Pass-Phrases...
I'm rambling, hope that helps a bit.
Yes, I think things are progressing...
And thanks for all of your suggestions so far!!
Sincerely,
Debbie