Go Back   MacRumors Forums > Apple Systems and Services > Mac Basics and Help

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 2, 2013, 01:33 AM   #1
doubledee
macrumors 6502
 
Join Date: May 2012
Location: Arizona
Importance of Different Passwords?

Got my new cMBP about 3 weeks ago, and it is still sitting in the shipping box?!

Before I set things up, I am trying to put some serious thought into how I do *security* including Passwords.

So here is my latest question...

What Value/Priority should I give to the following different Passwords...

1.) MacBook Admin Account

2.) MacBook User Account

3.) WiTopia Portal Account

4.) WiTopia VPN Login

5.) Hotspot Passcode

6.) AT&T E-mail Account (for business related things)

7.) G-mail Account (for things like usergroups)

8.) MacRumors Account

9.) And so on...

(*NOTE: I do not Bank Online...)


I have devised what I feel to be a pretty strong - and easy for me to remember - scheme for Pass-Phrases for #1 and #2, but I'm not sure if I need to apply that to #3 through #8...

From what I have been reading, "Not all Accounts need to be equally protected" and you have to be practical about to what lengths you go to devise and manage passwords in your day-to-day life.

Many of you will likely answer my OP indirectly by recommending a "Password Keeper", but those make me feel rather insecure for several reasons.

As such, I'm trying to commit things to memory as much as possible, but I don't want to go overboard on memorizing things which maybe aren't so important (e.g. my MacRumors Account)...

What do you think?

Sincerely,


Debbie
doubledee is offline   0 Reply With Quote
Old Jul 2, 2013, 02:01 AM   #2
GGJstudios
macrumors Westmere
 
Join Date: May 2008
You might consider using something like LastPass or 1Password. I resisted those for a long time, but finally gave in and started using LastPass. I'm glad I did. It would be worth it to investigate such apps.
GGJstudios is offline   0 Reply With Quote
Old Jul 2, 2013, 08:58 AM   #3
PajamaPants
macrumors member
 
Join Date: Jul 2013
It is best to have different passwords to all of them.
I usually have one password and change the ending.
For example if it is for MacRumors it would be like:
(Pass)MacR
For YouTube:
(Pass)tube
Or something like that.
(and I use apples own keychain app for organizing passwords)
Good luck!
PajamaPants is offline   0 Reply With Quote
Old Jul 2, 2013, 01:49 PM   #4
doubledee
Thread Starter
macrumors 6502
 
Join Date: May 2012
Location: Arizona
Quote:
Originally Posted by GGJstudios View Post
You might consider using something like LastPass or 1Password. I resisted those for a long time, but finally gave in and started using LastPass. I'm glad I did. It would be worth it to investigate such apps.
Down the road I might consider those, but what are your thoughts on my OP?


Debbie
doubledee is offline   0 Reply With Quote
Old Jul 2, 2013, 02:15 PM   #5
davidg4781
macrumors 65816
 
davidg4781's Avatar
 
Join Date: Oct 2006
Location: Moulton, TX
Not sure if I can help but for me, it seems like you're putting too much thought into this.

My MBP's admin password is an old password I've used for the past 13 years or so. Not many people know it but really, they can't do much with it besides installing Adobe Flash or something on my Mac, and they would have to have my Mac with them to do it. Yeah, I know they could install some bad software, but again, they would need my Mac to do so.

As far as your log in password, I don't use one, too much hassle. I live alone and am the only one that uses this but when I lived back home and our PC had different logins, I don't think I had a password. I didn't have anything to hide from my brother.

Your email may be different, but just don't give out your password and don't use "password" and you'll be fine.

Hope that helps. Or maybe I'm too lenient on my security.

And check out one of those programs. I used to use one called PasswordsPlus or something like that for my Mac/Trēo and it worked pretty good to keep all my credit card, passwords, and software keys organized. Stopped using it years ago when I switched from Palm to Blackberry.
__________________
2010 MBP 13" 2.4 GHz 4 GB RAM 750 GB HDD iMac G4 20" 1.25GHZ 2 GB RAM 250 GB HDD
iPhone 5S 4" 32 GB Apple TV 3rd gen
davidg4781 is offline   0 Reply With Quote
Old Jul 2, 2013, 02:38 PM   #6
Mr Rabbit
macrumors 6502a
 
Mr Rabbit's Avatar
 
Join Date: May 2013
Location: 'merica
For your admin & regular user accounts I would use a strong, but not nonsensical, unique password for each of them. Upper case, lower case, special character, alpha numeric, etc.

For the rest I would use Keychain to generate and store strong unique passwords for each of them. With Keychain sync coming down the pipeline it will be a decent contender in the password sync business and it already works very well with local password storage.

Some good reading if you plan on using Keychain. It really is a bit stronger and more feature rich than the majority of users realize.

http://mac.tutsplus.com/tutorials/se...chain-utility/

http://www.intego.com/mac-security-b...ogin-keychain/
Mr Rabbit is offline   0 Reply With Quote
Old Jul 2, 2013, 03:05 PM   #7
doubledee
Thread Starter
macrumors 6502
 
Join Date: May 2012
Location: Arizona
Please allow me to rephrase things a bit...

a.) Which of the Accounts listed in my OP have the greatest risk of being compromised?

b.) And which of the Accounts in my OP - if compromised - could create the greatest damage in my life?


It is a given that I am going to protect my MacBook's Admin and Main User account with great vigilance. But what about things like my WiTopia account?

Is that a large target, and if so, what are the consequences?

One thing that I read this weekend was to really protect your Main E-mail Addy, because it is a *path* to a lot of other accounts via Password Resets.

Again, for a lot of reasons left unmentioned for now, I don't see myself jumping on the OS-X Keychain or Password Protector Software band-wagon anytime soon. (Although maybe down the road.)

In the mean time, I am trying to determine if I need *unique* and *complex* passwords for each of the Account-Types in my OP, of if maybe I can "piggyback"?

I have come up with - in my mind - a pretty good algorithm for Pass-Phrases, however if I need to do that for all of the Accounts in my OP, it might be a real challenge to remember all of them?!

Hope that helps clarify things...

Sincerely,


Debbie
doubledee is offline   0 Reply With Quote
Old Jul 2, 2013, 03:12 PM   #8
davidg4781
macrumors 65816
 
davidg4781's Avatar
 
Join Date: Oct 2006
Location: Moulton, TX
Where are you going to leave your MacBook and what information is stored on it?

Mine, if it's gets stolen, all they can pretty much do is look through pictures of Christmas 2004 and post on my FaceBook. Other than that, I don't have much actual information. I guess they could get through my mail and change passwords. Hmm, maybe I need to rethink this.

I would say make sure your email passwords are secure. I'm not sure what you're using WiTopia for, if it's a work thing maybe keep that secure to keep them off your work.

And keep your user account secure. I guess if someone steals your MacBook and you have your account information in Mail.app they could change some passwords and get into some of your accounts.
__________________
2010 MBP 13" 2.4 GHz 4 GB RAM 750 GB HDD iMac G4 20" 1.25GHZ 2 GB RAM 250 GB HDD
iPhone 5S 4" 32 GB Apple TV 3rd gen
davidg4781 is offline   0 Reply With Quote
Old Jul 2, 2013, 03:15 PM   #9
doubledee
Thread Starter
macrumors 6502
 
Join Date: May 2012
Location: Arizona
Quote:
Originally Posted by davidg4781 View Post
Where are you going to leave your MacBook and what information is stored on it?
I am a road-warrior and my MacBook has my life on it, so *everything* is important.


Debbie
doubledee is offline   0 Reply With Quote
Old Jul 2, 2013, 03:17 PM   #10
davidg4781
macrumors 65816
 
davidg4781's Avatar
 
Join Date: Oct 2006
Location: Moulton, TX
Quote:
Originally Posted by doubledee View Post
I am a road-warrior and my MacBook has my life on it, so *everything* is important.


Debbie
Then yeah, keep your user password very secure. I wouldn't think the admin one is that important. Could be wrong and I'm sure some have huge long complex passwords for it.
__________________
2010 MBP 13" 2.4 GHz 4 GB RAM 750 GB HDD iMac G4 20" 1.25GHZ 2 GB RAM 250 GB HDD
iPhone 5S 4" 32 GB Apple TV 3rd gen
davidg4781 is offline   0 Reply With Quote
Old Jul 2, 2013, 04:57 PM   #11
Mr Rabbit
macrumors 6502a
 
Mr Rabbit's Avatar
 
Join Date: May 2013
Location: 'merica
Quote:
Originally Posted by doubledee View Post
I am a road-warrior and my MacBook has my life on it, so *everything* is important.


Debbie

Definitely consider enabling a firmware password, disabling auto-login and enabling "require password when waking from sleep or screen saver" and enabling Find my Mac with iCloud. The firmware password can be bypassed with the proper know how but it's a quick deterrent that could land your Mac in a service shop should it be stolen by someone with said know how. You might even put a "If found please contact JoeBlow@gmail.org 555-555-555" sticker on the inside of the bottom case so that if it does end up at Apple or a service shop the technicians have a red flag that it's stolen and a way to contact the proper owner. Worst case though iCloud will still allow you to wipe your Mac remotely, hopefully keeping your data away from a thief.

With that said I would put the main password focus on your email passwords as these are indeed gateways to finding out more about you, leading to many more possible break ins. The rest I wouldn't go overboard with. Maybe use "leet'ish" spellings with special characters or added numerals, like Ne7w0rk84 or Ne7w0rk$. They can still be cracked fairly easily but in all honesty the likelihood of that is minimal. You'll be far above the majority of people who are still using names (grandma, robert), birthdays (021475), pin numbers (0214), colors (orange), combinations of these (robert021475), etc.

Piggybacking, adding characters here and there, is probably ok for the other accounts as well. I wouldn't use the same password for two sites but using App1e84 for MacRumors and App1e85 for WiTopia would probably be fine. Someone would have to really be targeting you to crack both of those, unless of course they break into your email account. The big thing you're wanting to avoid is using a word from the dictionary that can be cracked easily and/or the same password across multiple websites. Consider the LinkedIN password theft a few years ago. Just because my App1e84 password was compromised doesn't mean they are going to automatically try App1e85, instead it's added to a large database that will toss these known passwords at logins until one works.

I'm rambling, hope that helps a bit.
Mr Rabbit is offline   0 Reply With Quote
Old Jul 2, 2013, 06:31 PM   #12
doubledee
Thread Starter
macrumors 6502
 
Join Date: May 2012
Location: Arizona
Quote:
Originally Posted by Mr Rabbit View Post
Definitely consider enabling a firmware password,
Another password?!

(Yes, I plan on setting an EFI password as well.)


Quote:
Originally Posted by Mr Rabbit View Post
disabling auto-login
That is a given.


Quote:
Originally Posted by Mr Rabbit View Post
and enabling "require password when waking from sleep or screen saver"
Yep, I started doing that back this Spring.


Quote:
Originally Posted by Mr Rabbit View Post
and enabling Find my Mac with iCloud.
The "Cloud" worries me dearly, and I see this as a double-edged sword. I see it as more of a risk than a plus, and since I will be using FileValut2 with a secure Pass-Phrase among other things, the iCloud options doesn't seem like it is worth it.

(My goal is to protect my data. The laptop isn't that much of a concern to me.)


Quote:
Originally Posted by Mr Rabbit View Post
The firmware password can be bypassed with the proper know how but it's a quick deterrent that could land your Mac in a service shop should it be stolen by someone with said know how.
Actually, if you set an EFI Password on a post 2011 Mac is is *very* bullet-proof...

(Check out this older thread of mine on this topic!)


Quote:
Originally Posted by Mr Rabbit View Post
You might even put a "If found please contact JoeBlow@gmail.org 555-555-555" sticker on the inside of the bottom case so that if it does end up at Apple or a service shop the technicians have a red flag that it's stolen and a way to contact the proper owner.
I already do this under my battery. (Guess I'll have to do that on my new cMBP when I crack the case to switch HDD's...)


Quote:
Originally Posted by Mr Rabbit View Post
Worst case though iCloud will still allow you to wipe your Mac remotely, hopefully keeping your data away from a thief.
True, although with FileVault2, that is less necessary.


Quote:
Originally Posted by Mr Rabbit View Post
With that said I would put the main password focus on your email passwords as these are indeed gateways to finding out more about you, leading to many more possible break ins. The rest I wouldn't go overboard with.
E-mail is another whole big topic...

I have AT&T as my primary e-mail, and do you realize that up until recently you could only use Letters and Numbers?!

Here is their latest "security" policy which is making me wonder if I should ditch AT&T e-mail...

Quote:
Password Restrictions

Passwords are case-sensitive
The password must be 6-24 characters and may consist of a combination of upper and lowercase letters, numbers, underscore (_), or hyphens (-).
Passwords can't be all letters or all numbers.
The password can't be the same as your AT&T Access ID.
The password can't contain the words "password", "admin", "pa$$w0rd", or other common words.

Leaves A LOT to be desired, huh?!


Quote:
Originally Posted by Mr Rabbit View Post
Maybe use "leet'ish" spellings with special characters or added numerals, like Ne7w0rk84 or Ne7w0rk$. They can still be cracked fairly easily but in all honesty the likelihood of that is minimal. You'll be far above the majority of people who are still using names (grandma, robert), birthdays (021475), pin numbers (0214), colors (orange), combinations of these (robert021475), etc.
I think I came up with a good Pass-Phrase for WiTopia, although I am wondering if it would be okay to use the same password for both my WiTopia Portal Account (i.e manage account) and the WiTopia VPN Account (i.e. sign in to VPN)...

(Could use a tip here.)


Quote:
Originally Posted by Mr Rabbit View Post
Piggybacking, adding characters here and there, is probably ok for the other accounts as well. I wouldn't use the same password for two sites but using App1e84 for MacRumors and App1e85 for WiTopia would probably be fine.
Well, for trivial accounts (e.g. Usergroups, Online Newspapers) I do use the same password, but for any of the ones in my OP, I would never do that.


Quote:
Originally Posted by Mr Rabbit View Post
Someone would have to really be targeting you to crack both of those, unless of course they break into your email account.
Part of my concern in my OP is "cross-pollination" whereby getting into one system gets you into many.

For instance, while I really like my AT&T Hotspot, the idiot designers put no way to password-protect the physical device?!

So you can walk up to my hotspot, click on two buttons, and have both the Admin Password and the Main Password?!

And originally I was going to use the same password for my new cMBP and my Hotspot. So there is a case where a seemingly innocent decision could be catastrophic... Like, I go to the bathroom at McDonalds, someone walks over, taps my Hotspot, gets the password, then uses it to log into my MacBook, and gets into my e-mail, and resets my accounts all in a matter of minutes...


Quote:
Originally Posted by Mr Rabbit View Post
The big thing you're wanting to avoid is using a word from the dictionary that can be cracked easily and/or the same password across multiple websites. Consider the LinkedIN password theft a few years ago. Just because my App1e84 password was compromised doesn't mean they are going to automatically try App1e85, instead it's added to a large database that will toss these known passwords at logins until one works.
But I think using a PHRASE of common words should be okay.

For instance, from what I have read, this Pass-Phrase...

Code:
Judy stared into the endless ocean
...would be more secure than this traditional Password...

Code:
pUmP1nP13#
...because it is longer.


And if you added in some nonsensical characters into that Pass-phrase, then I think the security goes up exponentially.

For instance...
Code:
Judy_stared into the 3ndless @cean

At least that is my understanding of the latest theories on Passwords and Pass-Phrases...


Quote:
Originally Posted by Mr Rabbit View Post
I'm rambling, hope that helps a bit.
Yes, I think things are progressing...

And thanks for all of your suggestions so far!!

Sincerely,


Debbie
doubledee is offline   0 Reply With Quote
Old Jul 2, 2013, 06:58 PM   #13
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by Mr Rabbit View Post
Definitely consider enabling a firmware password, disabling auto-login and enabling "require password when waking from sleep or screen saver" and enabling Find my Mac with iCloud. The firmware password can be bypassed with the proper know how but it's a quick deterrent that could land your Mac in a service shop should it be stolen by someone with said know how.
I don't think there's a way around the firmware password anymore. On the other hand, the firmware password makes your Mac unusable - it doesn't protect your data. I can remove the hard drive, put it into an external case, plug it into my Mac and read it, unless it is encrypted.

So to protect your data: Turn on Filevault on your Mac. Turn on Filevault on your backup drive (or a thief stealing your Time Capsule has all your data). Assume that any password that you use on a website can be stolen. It can actually only be stolen if the people creating the website are incompetent or at least careless, but you can safely assume they are. So don't use your important passwords (login, banking etc. ) for random websites.
gnasher729 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > Mac Basics and Help

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
The Importance of putting it all in en.lproj ArtOfWarfare App Store Business, Legal and Marketıng 0 Aug 11, 2012 11:45 AM
The importance of video memory iKnackwurst iMac 26 Jun 9, 2012 04:00 AM
The importance of retina displays on a laptop... louden MacBook Air 21 Jun 7, 2012 06:34 PM

Forum Jump

All times are GMT -5. The time now is 11:01 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC