Importance of Different Passwords?

Discussion in 'Mac Basics and Help' started by doubledee, Jul 1, 2013.

  1. macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #1
    Got my new cMBP about 3 weeks ago, and it is still sitting in the shipping box?! :eek:

    Before I set things up, I am trying to put some serious thought into how I do *security* including Passwords.

    So here is my latest question...

    What Value/Priority should I give to the following different Passwords...

    1.) MacBook Admin Account

    2.) MacBook User Account

    3.) WiTopia Portal Account

    4.) WiTopia VPN Login

    5.) Hotspot Passcode

    6.) AT&T E-mail Account (for business related things)

    7.) G-mail Account (for things like usergroups)

    8.) MacRumors Account

    9.) And so on...

    (*NOTE: I do not Bank Online...)


    I have devised what I feel to be a pretty strong - and easy for me to remember - scheme for Pass-Phrases for #1 and #2, but I'm not sure if I need to apply that to #3 through #8... :confused:

    From what I have been reading, "Not all Accounts need to be equally protected" and you have to be practical about to what lengths you go to devise and manage passwords in your day-to-day life.

    Many of you will likely answer my OP indirectly by recommending a "Password Keeper", but those make me feel rather insecure for several reasons.

    As such, I'm trying to commit things to memory as much as possible, but I don't want to go overboard on memorizing things which maybe aren't so important (e.g. my MacRumors Account)...

    What do you think?

    Sincerely,


    Debbie
     
  2. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    You might consider using something like LastPass or 1Password. I resisted those for a long time, but finally gave in and started using LastPass. I'm glad I did. It would be worth it to investigate such apps.
     
  3. macrumors member

    Joined:
    Jul 2, 2013
    #3
    It is best to have different passwords to all of them.
    I usually have one password and change the ending.
    For example if it is for MacRumors it would be like:
    (Pass)MacR
    For YouTube:
    (Pass)tube
    Or something like that.
    (and I use apples own keychain app for organizing passwords)
    Good luck!
     
  4. thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #4
    Down the road I might consider those, but what are your thoughts on my OP?


    Debbie
     
  5. macrumors 68000

    davidg4781

    Joined:
    Oct 28, 2006
    Location:
    Moulton, TX
    #5
    Not sure if I can help but for me, it seems like you're putting too much thought into this.

    My MBP's admin password is an old password I've used for the past 13 years or so. Not many people know it but really, they can't do much with it besides installing Adobe Flash or something on my Mac, and they would have to have my Mac with them to do it. Yeah, I know they could install some bad software, but again, they would need my Mac to do so.

    As far as your log in password, I don't use one, too much hassle. I live alone and am the only one that uses this but when I lived back home and our PC had different logins, I don't think I had a password. I didn't have anything to hide from my brother.

    Your email may be different, but just don't give out your password and don't use "password" and you'll be fine.

    Hope that helps. Or maybe I'm too lenient on my security.

    And check out one of those programs. I used to use one called PasswordsPlus or something like that for my Mac/Trēo and it worked pretty good to keep all my credit card, passwords, and software keys organized. Stopped using it years ago when I switched from Palm to Blackberry.
     
  6. macrumors 6502a

    Mr Rabbit

    Joined:
    May 13, 2013
    Location:
    'merica
    #6
    For your admin & regular user accounts I would use a strong, but not nonsensical, unique password for each of them. Upper case, lower case, special character, alpha numeric, etc.

    For the rest I would use Keychain to generate and store strong unique passwords for each of them. With Keychain sync coming down the pipeline it will be a decent contender in the password sync business and it already works very well with local password storage.

    Some good reading if you plan on using Keychain. It really is a bit stronger and more feature rich than the majority of users realize.

    http://mac.tutsplus.com/tutorials/security/unlock-the-power-of-your-macs-keychain-utility/

    http://www.intego.com/mac-security-blog/create-a-non-login-keychain/
     
  7. thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #7
    Please allow me to rephrase things a bit...

    a.) Which of the Accounts listed in my OP have the greatest risk of being compromised?

    b.) And which of the Accounts in my OP - if compromised - could create the greatest damage in my life?


    It is a given that I am going to protect my MacBook's Admin and Main User account with great vigilance. But what about things like my WiTopia account?

    Is that a large target, and if so, what are the consequences?

    One thing that I read this weekend was to really protect your Main E-mail Addy, because it is a *path* to a lot of other accounts via Password Resets.

    Again, for a lot of reasons left unmentioned for now, I don't see myself jumping on the OS-X Keychain or Password Protector Software band-wagon anytime soon. (Although maybe down the road.)

    In the mean time, I am trying to determine if I need *unique* and *complex* passwords for each of the Account-Types in my OP, of if maybe I can "piggyback"?

    I have come up with - in my mind - a pretty good algorithm for Pass-Phrases, however if I need to do that for all of the Accounts in my OP, it might be a real challenge to remember all of them?!

    Hope that helps clarify things...

    Sincerely,


    Debbie
     
  8. macrumors 68000

    davidg4781

    Joined:
    Oct 28, 2006
    Location:
    Moulton, TX
    #8
    Where are you going to leave your MacBook and what information is stored on it?

    Mine, if it's gets stolen, all they can pretty much do is look through pictures of Christmas 2004 and post on my FaceBook. Other than that, I don't have much actual information. I guess they could get through my mail and change passwords. Hmm, maybe I need to rethink this.

    I would say make sure your email passwords are secure. I'm not sure what you're using WiTopia for, if it's a work thing maybe keep that secure to keep them off your work.

    And keep your user account secure. I guess if someone steals your MacBook and you have your account information in Mail.app they could change some passwords and get into some of your accounts.
     
  9. thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #9
    I am a road-warrior and my MacBook has my life on it, so *everything* is important.


    Debbie
     
  10. macrumors 68000

    davidg4781

    Joined:
    Oct 28, 2006
    Location:
    Moulton, TX
    #10
    Then yeah, keep your user password very secure. I wouldn't think the admin one is that important. Could be wrong and I'm sure some have huge long complex passwords for it.
     
  11. macrumors 6502a

    Mr Rabbit

    Joined:
    May 13, 2013
    Location:
    'merica
    #11

    Definitely consider enabling a firmware password, disabling auto-login and enabling "require password when waking from sleep or screen saver" and enabling Find my Mac with iCloud. The firmware password can be bypassed with the proper know how but it's a quick deterrent that could land your Mac in a service shop should it be stolen by someone with said know how. You might even put a "If found please contact JoeBlow@gmail.org 555-555-555" sticker on the inside of the bottom case so that if it does end up at Apple or a service shop the technicians have a red flag that it's stolen and a way to contact the proper owner. Worst case though iCloud will still allow you to wipe your Mac remotely, hopefully keeping your data away from a thief.

    With that said I would put the main password focus on your email passwords as these are indeed gateways to finding out more about you, leading to many more possible break ins. The rest I wouldn't go overboard with. Maybe use "leet'ish" spellings with special characters or added numerals, like Ne7w0rk84 or Ne7w0rk$. They can still be cracked fairly easily but in all honesty the likelihood of that is minimal. You'll be far above the majority of people who are still using names (grandma, robert), birthdays (021475), pin numbers (0214), colors (orange), combinations of these (robert021475), etc.

    Piggybacking, adding characters here and there, is probably ok for the other accounts as well. I wouldn't use the same password for two sites but using App1e84 for MacRumors and App1e85 for WiTopia would probably be fine. Someone would have to really be targeting you to crack both of those, unless of course they break into your email account. The big thing you're wanting to avoid is using a word from the dictionary that can be cracked easily and/or the same password across multiple websites. Consider the LinkedIN password theft a few years ago. Just because my App1e84 password was compromised doesn't mean they are going to automatically try App1e85, instead it's added to a large database that will toss these known passwords at logins until one works.

    I'm rambling, hope that helps a bit.
     
  12. thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #12
    Another password?! :p

    (Yes, I plan on setting an EFI password as well.)


    That is a given.


    Yep, I started doing that back this Spring.


    The "Cloud" worries me dearly, and I see this as a double-edged sword. I see it as more of a risk than a plus, and since I will be using FileValut2 with a secure Pass-Phrase among other things, the iCloud options doesn't seem like it is worth it.

    (My goal is to protect my data. The laptop isn't that much of a concern to me.)


    Actually, if you set an EFI Password on a post 2011 Mac is is *very* bullet-proof...

    (Check out this older thread of mine on this topic!)


    I already do this under my battery. (Guess I'll have to do that on my new cMBP when I crack the case to switch HDD's...)


    True, although with FileVault2, that is less necessary.


    E-mail is another whole big topic...

    I have AT&T as my primary e-mail, and do you realize that up until recently you could only use Letters and Numbers?! :rolleyes:

    Here is their latest "security" policy which is making me wonder if I should ditch AT&T e-mail...


    Leaves A LOT to be desired, huh?! :rolleyes:


    I think I came up with a good Pass-Phrase for WiTopia, although I am wondering if it would be okay to use the same password for both my WiTopia Portal Account (i.e manage account) and the WiTopia VPN Account (i.e. sign in to VPN)...

    (Could use a tip here.)


    Well, for trivial accounts (e.g. Usergroups, Online Newspapers) I do use the same password, but for any of the ones in my OP, I would never do that.


    Part of my concern in my OP is "cross-pollination" whereby getting into one system gets you into many.

    For instance, while I really like my AT&T Hotspot, the idiot designers put no way to password-protect the physical device?!

    So you can walk up to my hotspot, click on two buttons, and have both the Admin Password and the Main Password?! :mad:

    And originally I was going to use the same password for my new cMBP and my Hotspot. So there is a case where a seemingly innocent decision could be catastrophic... Like, I go to the bathroom at McDonalds, someone walks over, taps my Hotspot, gets the password, then uses it to log into my MacBook, and gets into my e-mail, and resets my accounts all in a matter of minutes... :eek:


    But I think using a PHRASE of common words should be okay.

    For instance, from what I have read, this Pass-Phrase...

    Code:
    Judy stared into the endless ocean
    
    ...would be more secure than this traditional Password...

    Code:
    pUmP1nP13#
    
    ...because it is longer.


    And if you added in some nonsensical characters into that Pass-phrase, then I think the security goes up exponentially.

    For instance...
    Code:
    Judy_stared into the 3ndless @cean
    

    At least that is my understanding of the latest theories on Passwords and Pass-Phrases...


    Yes, I think things are progressing...

    And thanks for all of your suggestions so far!! :)

    Sincerely,


    Debbie
     
  13. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #13
    I don't think there's a way around the firmware password anymore. On the other hand, the firmware password makes your Mac unusable - it doesn't protect your data. I can remove the hard drive, put it into an external case, plug it into my Mac and read it, unless it is encrypted.

    So to protect your data: Turn on Filevault on your Mac. Turn on Filevault on your backup drive (or a thief stealing your Time Capsule has all your data). Assume that any password that you use on a website can be stolen. It can actually only be stolen if the people creating the website are incompetent or at least careless, but you can safely assume they are. So don't use your important passwords (login, banking etc. ) for random websites.
     

Share This Page