Mac Security Article #5 User Names & Passwords including Apple IDs
Article ID = 85Article Title = Mac Security Article #5 User Names & Passwords including Apple IDs
Article Author(s) = Graham Needham (BH)
Article Created On = 22nd May 2012
Article Last Updated = 20th January 2021
Article URL = https://www.macstrategy.com/article.php?85
Article Brief Description:
How to secure user names and passwords
User Names and Passwords including Apple IDs
This article has the following sections: It is number five in a series of MacStrategy security articles.User Names
Depending on how paranoid you are about your security/online privacy you should generally avoid using obvious user names like "admin", "administrator" or if your name is "Joe Bloggs" don't use the obvious "joebloggs" - this is especially relevant online/for internet web sites. Combining other letters/characters and numbers with the user name will make it less obvious. So, for instance, if your name is "Joe Bloggs" and you work for "ACME Ltd" and you're creating an account in 2012 why not use one of the following or similar:- joebloggs12
- joebloggs2012
- jb2012
- acjoebloggs
- acjoebloggs12
- acme_jb
- acme_jb2012
- acme_admin
- acmeadminjb
Passwords
Where possible you should always use secure/strong passwords.DO
- Lock your online accounts, computer, phone and other (portable) devices with passwords.
- Keep passwords and PINs secret. Don't disclose them to friends, co-workers, businesses (like an Internet café operator) or be tricked into giving them away - most companies/people will NEVER ask you for a complete password but they may ask you for individual characters e.g. the 2nd and 5th.
- Make sure your passwords are over 8 characters long and that they contain a mix of many different character types including letters, numbers and symbols - the longer, the better. The longer a password is, the longer amount of time it will be to crack via brute force - if your password is "hahathisislong" why not make it "hahathisislong1hahathisislong2hahathisislong3"? It's still easy to remember but it is so long that it will be very difficult if not impossible to brute force crack.
- Use a long sequence of (random) characters including a mix of uppercase and lowercase letters, numbers, punctuation marks and (if the site or software supports it) characters typed while holding down the Option or Alt key.
- Change passwords often.
DON'T
- EVER use the same password for everything/all accounts especially online - if someone get's the password they have the password to all your accounts.
- Use obvious names (such as your own), words of any language found in a dictionary or personal data like phone numbers, dates, or simple combinations of these - they are easy to obtain/guess.
- Use a pattern of keyboard characters, such as lines of keyboard keys, for example, "qwerty" - they are easy to guess.
- Write a password on a post-it note and stick it to your monitor - that's just stupid - use a secure disk image or password manager to store the password.
Additional help for creating secure/strong passwords
- Use macOS / OS X / Mac OS X's built-in Apple "Password Assistant" - this is accessed using the key button which is usually available in dialogue boxes that require a password.
- Use Comparitech's password strength tester web page.
- Use Experte's password checker including current approximate time to crack + additional useful information.
- Read the Gibson Research Corporation's article on the benefits of password "length" and using a passphrase rather than a password.
- If you have a lot of passwords (as most people do nowadays) use a password storage utility.
Apple IDs
Apple has recently (early 2012) increased the security of Apple IDs by adding in the requirement for a series of security questions and answers. This is primarily to stop people getting the basic Apple ID information and trying to activate it on a new device (like a computer/iPod touch/iPad/iPhone). When they try to activate the Apple ID security questions have to be answered. This is also true if you want to manage the Apple ID online. Although at first it may appear like an inconvenience it is a very good idea. Remember you can always make up the answers and store them securely. Apple IDs can be used for one or more of the following:- iTunes (Store) including Music, Films, iOS Apps and Books (iBooks and iBookstore)
- iTunes Genius
- iTunes Home Sharing
- Apple Music / iTunes Match
- iCloud
- Mac App Store
- iChat / Messages
- iMessage
- FaceTime
- Game Center
- iPhoto / Photos and Aperture purchases
- Find My iPhone/iPod/iPad/Mac
- OS X 10.7 Lion or later
- Apple TV
- Apple Online Store
- Apple Retail Store
- Concierge (for appointments at the Genius Bar)
- Apple.com support
- register.apple.com (Apple product registration)
MobileMeiWork publishing (publish.iwork.com)
NOTE: Some of the above can have a credit card registered with them so it is definitely wise to use a strong password for your Apple ID.
On the 24th May 2018, most likely due to the 2018 European Union (EU) GDPR rules, Apple announced and made available a special "data and privacy" web site portal https://privacy.apple.com/, which allows you to view and control aspects of your data that Apple collects. It also includes the ability to obtain a copy of your data, correct your data, deactivate your account or even permanently delete you account along with all associated data.
Useful Apple ID web sites:
- Apple ID primary web site
- Apple Data And Privacy portal
- Frequently asked questions about Apple IDs
- Apple IDs and iCloud
- Apple ID support
Storing User Names & Passwords
The simplest way of storing data on a Mac is to create a secure disk image and store a text file of your passwords in it. Alternatively you could use any of the following:macOS / OS X / Mac OS X Keychain
Apple's macOS / OS X / Mac OS X operating system includes a feature called Keychain. When you use your Mac it may give you the option to "save password" usually with a tick box. When you tick this box it usually means the password will be saved into your Keychain. Here are some facts about Keychain:- By default your primary keychain (login) is automatically unlocked when you login to your computer as it uses the same password as your computer's user account password.
- Keychains can be managed using the Keychain Access utility in Macintosh HD > Applications > Utilities folder.
- Keychains can store more than passwords such as security certificates and encryption keys.
- You can change a Keychain's settings e.g. set it to automatically lock itself after inactivity/sleep - use Keychain Access > select the Keychain on the left > go to Edit menu > Change Settings for Keychain.
- You can change a Keychain password (so that it is not automatically unlocked when you login) - use Keychain Access > select the Keychain on the left > go to Edit menu > Change Password for Keychain.
- To obtain a password stored in a Keychain that you have forgotten - open Keychain Access > select the Keychain on the left > select Passwords in the bottom left > select the item on the right > double click the item/click the i button/use File menu "Get Info" > click "Show Password" > enter the keychain's password > click "Allow" > the password will be revealed.
- Keychains can store multiple passwords for the same thing (causing problems) - to delete a password open Keychain Access > select the Keychain on the left > select Passwords in the bottom left > select the item on the right and press the delete/backspace button on our keyboard > confirm the deletion.
- iCloud Keychain Sync was introduced with OS X 10.9 Mavericks or later and iOS 7 or later
Web Browsers
Most web browsers can store user names and passwords for web sites for your convenience. However, you should be very careful when using this feature of a web browser as it is usually switched on by default, the data may not be stored as securely as you would like and malicious web sites may be able to access (and steal) this data using holes in the web browser software. This feature can be called Auotfill. Here is the relevant settings for common web browsers:- Apple Safari v5.x or earlier - go to Safari menu > Preferences > Autofill tab
- Apple Safari v6 or later - go to Safari menu > Preferences > Passwords tab
- Camino - uses the macOS / OS X / Mac OS X Keychain [WARNING: discontinued 31/05/2013]
- Google Chrome - uses the macOS / OS X / Mac OS X Keychain
- Chromium - go to Chromium menu > Preferences > click on "+ Show advanced settings" at the bottom > "Passwords and forms" heading
- Mozilla Firefox v57 or later - go to Firefox menu > Preferences… > click Privacy & Security on the left > 'Browser Privacy > Forms & Passwords' heading
- Mozilla Firefox v56.0.2 or earlier - go to Firefox menu > Preferences… > Security > Logins heading
- iCab - uses it's own system for storing passwords
- Omniweb - go to Omniweb menu > Preferences > Show All tab > AutoFill icon
- Opera - go to Tools > Advanced > Password Manager
- Seamonkey - go to Tools > Manage Stored Passwords
- Stainless - does not appear to have this feature
- Sunrise - does not appear to have this feature
- TenFourFox - go to TenFourFox menu > Preferences > Security tab > Passwords heading
Software Utilities, Password Managers and Online Synchronisation
- Last Pass
- Dashlane
- True Key
- Keeper
- Sticky Password
- KeePassX [FREE - Open Source]
- 1Password
- mSecure
- macOS
- macOS
- iOS Password Manager & Secure Digital Vault
- Safe +
- Encryptr
- macOS
- iOS
- PWMaster
- macOS (Mac OS X 10.4 or later - Universal Binary)
- Secrets
- SplashID
- pwSafe
- PasswordWallet
- Avast Passwords for Mac
- macOS
- macOS Secure Password Manager
- iOS
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
Go to this
web page
to donate to us.
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
Go to this
web page
to donate to us.
