Mac Security Article #5 User Names & Passwords including Apple IDs

Article ID = 85
Article Title = Mac Security Article #5 User Names & Passwords including Apple IDs
Article Author(s) = Graham Needham (BH)
Article Created On = 22nd May 2012
Article Last Updated = 20th January 2021
Article URL = https://www.macstrategy.com/article.php?85

Article Brief Description:
How to secure user names and passwords

User Names and Passwords including Apple IDs

This article has the following sections:

User Names
Passwords
Apple IDs
Storing User Names & Passwords

It is number five in a series of MacStrategy security articles.

User Names

Depending on how paranoid you are about your security/online privacy you should generally avoid using obvious user names like "admin", "administrator" or if your name is "Joe Bloggs" don't use the obvious "joebloggs" - this is especially relevant online/for internet web sites. Combining other letters/characters and numbers with the user name will make it less obvious. So, for instance, if your name is "Joe Bloggs" and you work for "ACME Ltd" and you're creating an account in 2012 why not use one of the following or similar:

joebloggs12
joebloggs2012
jb2012
acjoebloggs
acjoebloggs12
acme_jb
acme_jb2012
acme_admin
acmeadminjb

Passwords

Where possible you should always use secure/strong passwords.

DO

Lock your online accounts, computer, phone and other (portable) devices with passwords.
Keep passwords and PINs secret. Don't disclose them to friends, co-workers, businesses (like an Internet café operator) or be tricked into giving them away - most companies/people will NEVER ask you for a complete password but they may ask you for individual characters e.g. the 2nd and 5th.
Make sure your passwords are over 8 characters long and that they contain a mix of many different character types including letters, numbers and symbols - the longer, the better. The longer a password is, the longer amount of time it will be to crack via brute force - if your password is "hahathisislong" why not make it "hahathisislong1hahathisislong2hahathisislong3"? It's still easy to remember but it is so long that it will be very difficult if not impossible to brute force crack.
Use a long sequence of (random) characters including a mix of uppercase and lowercase letters, numbers, punctuation marks and (if the site or software supports it) characters typed while holding down the Option or Alt key.
Change passwords often.

DON'T

EVER use the same password for everything/all accounts especially online - if someone get's the password they have the password to all your accounts.
Use obvious names (such as your own), words of any language found in a dictionary or personal data like phone numbers, dates, or simple combinations of these - they are easy to obtain/guess.
Use a pattern of keyboard characters, such as lines of keyboard keys, for example, "qwerty" - they are easy to guess.
Write a password on a post-it note and stick it to your monitor - that's just stupid - use a secure disk image or password manager to store the password.

Additional help for creating secure/strong passwords

Use macOS / OS X / Mac OS X's built-in Apple "Password Assistant" - this is accessed using the key button which is usually available in dialogue boxes that require a password.
Use Comparitech's password strength tester web page.
Use Experte's password checker including current approximate time to crack + additional useful information.
Read the Gibson Research Corporation's article on the benefits of password "length" and using a passphrase rather than a password.
If you have a lot of passwords (as most people do nowadays) use a password storage utility.

Apple IDs

Apple has recently (early 2012) increased the security of Apple IDs by adding in the requirement for a series of security questions and answers. This is primarily to stop people getting the basic Apple ID information and trying to activate it on a new device (like a computer/iPod touch/iPad/iPhone). When they try to activate the Apple ID security questions have to be answered. This is also true if you want to manage the Apple ID online. Although at first it may appear like an inconvenience it is a very good idea. Remember you can always make up the answers and store them securely. Apple IDs can be used for one or more of the following:

iTunes (Store) including Music, Films, iOS Apps and Books (iBooks and iBookstore)
iTunes Genius
iTunes Home Sharing
Apple Music / iTunes Match
iCloud
Mac App Store
iChat / Messages
iMessage
FaceTime
Game Center
iPhoto / Photos and Aperture purchases
Find My iPhone/iPod/iPad/Mac
OS X 10.7 Lion or later
Apple TV
Apple Online Store
Apple Retail Store
Concierge (for appointments at the Genius Bar)
Apple.com support
register.apple.com (Apple product registration)
~~MobileMe~~
~~iWork publishing (publish.iwork.com)~~

On 5th April 2013 Apple introduced two-step verification for Apple IDs.
NOTE: Some of the above can have a credit card registered with them so it is definitely wise to use a strong password for your Apple ID.

On the 24th May 2018, most likely due to the 2018 European Union (EU) GDPR rules, Apple announced and made available a special "data and privacy" web site portal https://privacy.apple.com/, which allows you to view and control aspects of your data that Apple collects. It also includes the ability to obtain a copy of your data, correct your data, deactivate your account or even permanently delete you account along with all associated data.

Useful Apple ID web sites:

Storing User Names & Passwords

The simplest way of storing data on a Mac is to create a secure disk image and store a text file of your passwords in it. Alternatively you could use any of the following:

macOS / OS X / Mac OS X Keychain

Apple's macOS / OS X / Mac OS X operating system includes a feature called Keychain. When you use your Mac it may give you the option to "save password" usually with a tick box. When you tick this box it usually means the password will be saved into your Keychain. Here are some facts about Keychain:

By default your primary keychain (login) is automatically unlocked when you login to your computer as it uses the same password as your computer's user account password.
Keychains can be managed using the Keychain Access utility in Macintosh HD > Applications > Utilities folder.
Keychains can store more than passwords such as security certificates and encryption keys.
You can change a Keychain's settings e.g. set it to automatically lock itself after inactivity/sleep - use Keychain Access > select the Keychain on the left > go to Edit menu > Change Settings for Keychain.
You can change a Keychain password (so that it is not automatically unlocked when you login) - use Keychain Access > select the Keychain on the left > go to Edit menu > Change Password for Keychain.
To obtain a password stored in a Keychain that you have forgotten - open Keychain Access > select the Keychain on the left > select Passwords in the bottom left > select the item on the right > double click the item/click the i button/use File menu "Get Info" > click "Show Password" > enter the keychain's password > click "Allow" > the password will be revealed.
Keychains can store multiple passwords for the same thing (causing problems) - to delete a password open Keychain Access > select the Keychain on the left > select Passwords in the bottom left > select the item on the right and press the delete/backspace button on our keyboard > confirm the deletion.
iCloud Keychain Sync was introduced with OS X 10.9 Mavericks or later and iOS 7 or later

Web Browsers

Most web browsers can store user names and passwords for web sites for your convenience. However, you should be very careful when using this feature of a web browser as it is usually switched on by default, the data may not be stored as securely as you would like and malicious web sites may be able to access (and steal) this data using holes in the web browser software. This feature can be called Auotfill. Here is the relevant settings for common web browsers:

Apple Safari v5.x or earlier - go to Safari menu > Preferences > Autofill tab
Apple Safari v6 or later - go to Safari menu > Preferences > Passwords tab
Camino - uses the macOS / OS X / Mac OS X Keychain [WARNING: discontinued 31/05/2013]
Google Chrome - uses the macOS / OS X / Mac OS X Keychain
Chromium - go to Chromium menu > Preferences > click on "+ Show advanced settings" at the bottom > "Passwords and forms" heading
Mozilla Firefox v57 or later - go to Firefox menu > Preferences… > click Privacy & Security on the left > 'Browser Privacy > Forms & Passwords' heading
Mozilla Firefox v56.0.2 or earlier - go to Firefox menu > Preferences… > Security > Logins heading
iCab - uses it's own system for storing passwords
Omniweb - go to Omniweb menu > Preferences > Show All tab > AutoFill icon
Opera - go to Tools > Advanced > Password Manager
Seamonkey - go to Tools > Manage Stored Passwords
Stainless - does not appear to have this feature
Sunrise - does not appear to have this feature
TenFourFox - go to TenFourFox menu > Preferences > Security tab > Passwords heading

Software Utilities, Password Managers and Online Synchronisation

Last Pass
- macOS
- macOS
- iOS for Premium Customers
Dashlane
True Key
- macOS
- iOS True Key by Intel Security
Keeper
Sticky Password
- macOS
- iOS Password Manager & Safe
KeePassX [FREE - Open Source]
1Password
- macOS
- iOS Password Manager and Secure Wallet
mSecure
- macOS
- macOS
- iOS Password Manager & Secure Digital Vault
Safe +
- macOS
- iOS
Encryptr
- macOS
- iOS
PWMaster
- macOS (Mac OS X 10.4 or later - Universal Binary)
Secrets
- macOS
- iOS
SplashID
- macOS
- iOS Safe Password Manager
- iOS Safe Teams Edition
pwSafe
- macOS Password Safe compatible Password Manager
- iOS Password Safe compatible password manager
PasswordWallet
- macOS
- iOS Password Manager
Avast Passwords for Mac
- macOS
- macOS Secure Password Manager
- iOS

Article Keywords: Mac OS X OSX 106 107 108 109 1010 1011 macOS 1012 1013 1014 1015 1100 1200 1300 Snow Leopard Lion Mountain Lion Mavericks Yosemite El Capitan Sierra High Sierra Mojave Catalina Big Sur Monterey Ventura Macintosh Security user names usernames passwords strength strong best Apple IDs

This article is © MacStrategy » a trading name of Burning Helix. As an Amazon Associate, employees of MacStrategy's holding company (Burning Helix sro) may earn from qualifying purchases. Apple, the Apple logo, and Mac are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.

If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.

If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.

Go to this
web page
to donate to us.