British Flag
British Apple Users Info & Support
LOGIN
The next event is:
European Sign Expo 2013

From 25 June 2013
to 27 June 2013
More events…
Apple Store Affiliate Link

Click here for domain name registration and web hosting

Mac Security Article #5 User Names & Passwords including Apple IDs

Article ID = 85
Article Title = Mac Security Article #5 User Names & Passwords including Apple IDs
Article Author(s) = Graham Needham (BH)
Article Created On = 22 May 2012
Article Last Updated = 11 June 2013 12:01
Article URL = http://www.macstrategy.com/article.php?85

Article Brief Description:
How to secure user names and passwords

User Names and Passwords including Apple IDs

This article has the following sections:
  1. User Names
  2. Passwords
  3. Apple IDs
  4. Storing User Names & Passwords
It is number five in a series of MacStrategy security articles.

User Names

Depending on how paranoid you are about your security/online privacy you should generally avoid using obvious user names like "admin", "administrator" or if your name is "Joe Bloggs" don't use the obvious "joebloggs" - this is especially relevant online/for internet web sites. Combining other letters/characters and numbers with the user name will make it less obvious. So, for instance, if your name is "Joe Bloggs" and you work for "ACME Ltd" and you're creating an account in 2012 why not use one of the following or similar:
  • joebloggs12
  • joebloggs2012
  • jb2012
  • acjoebloggs
  • acjoebloggs12
  • acme_jb
  • acme_jb2012
  • acme_admin
  • acmeadminjb

Passwords

Where possible you should always use secure/strong passwords.
DO
  • Lock your online accounts, computer, phone and other (portable) devices with passwords.
  • Keep passwords and PINs secret. Don't disclose them to friends, co-workers, businesses (like an Internet café operator) or be tricked into giving them away - most companies/people will NEVER ask you for a complete password but they may ask you for individual characters e.g. the 2nd and 5th.
  • Make sure your passwords are over 8 characters long (the longer, the better) and that they contain a mix of many different character types including letters, numbers and symbols.
  • Use a long sequence of (random) characters including a mix of uppercase and lowercase letters, numbers, punctuation marks and (if the site or software supports it) characters typed while holding down the Option or Alt key.
  • Change passwords often.
DON'T
  • EVER use the same password for everything/all accounts especially online - if someone get's the password they have the password to all your accounts.
  • Use obvious names (such as your own), words of any language found in a dictionary or personal data like phone numbers, dates, or simple combinations of these - they are easy to obtain/guess.
  • Use a pattern of keyboard characters, such as lines of keyboard keys, for example, "qwerty" - they are easy to guess.
  • Write a password on a post-it note and stick it to your monitor - that's just stupid - use a secure disk image to store the password.
Additional help for creating secure/strong passwords

Apple IDs

Apple has recently (early 2012) increased the security of Apple IDs by adding in the requirement for a series of security questions and answers. This is primarily to stop people getting the basic Apple ID information and trying to activate it on a new device (like a computer/iPod touch/iPad/iPhone). When they try to activate the Apple ID security questions have to be answered. This is also true if you want to manage the Apple ID online. Although at first it may appear like an inconvenience it is a very good idea. Remember you can always make up the answers and store them securely. Apple IDs can be used for one or more of the following:
On 5th April 2013 Apple introduced two-step verification for Apple IDs.
  • iTunes (Store) including Music, Films, iOS Apps and Books (iBooks and iBookstore)
  • iTunes Genius
  • iTunes Home Sharing
  • iCloud
  • Mac App Store
  • iChat
  • iMessage
  • FaceTime
  • Game Center
  • iPhoto and Aperture purchases
  • iWork publishing (publish.iwork.com)
  • Find My iPhone/iPod/iPad/Mac
  • OS X Lion
  • Apple TV
  • MobileMe
  • Apple Online Store
  • Apple Retail Store
  • Concierge (for appointments at the Genius Bar)
  • Apple.com support
  • register.apple.com (Apple product registration)
NOTE: Some of the above can have a credit card registered with them so it is definitely wise to use a strong password for your Apple ID.

Useful Apple ID web sites

Storing User Names & Passwords

The simplest way of storing data on a Mac is to create a secure disk image and store a text file of your passwords in it. Alternatively you could use any of the following:
OS X Keychain
Apple's OS X operating system includes a feature called Keychain. When you use your Mac it may give you the option to "save password" usually with a tick box. When you tick this box it usually means the password will be saved into your Keychain. Here are some facts about Keychain:
  • By default your primary keychain (login) is automatically unlocked when you login to your computer as it uses the same password as your computer's user account password.
  • Keychains can be managed using the Keychain Access utility in Macintosh HD > Applications > Utilities folder.
  • Keychains can store more than passwords such as security certificates and encryption keys.
  • You can change a Keychain's settings e.g. set it to automatically lock itself after inactivity/sleep - use Keychain Access > select the Keychain on the left > go to Edit menu > Change Settings for Keychain.
  • You can change a Keychain password (so that it is not automatically unlocked when you login) - use Keychain Access > select the Keychain on the left > go to Edit menu > Change Password for Keychain.
  • To obtain a password stored in a Keychain that you have forgotten - open Keychain Access > select the Keychain on the left > select Passwords in the bottom left > select the item on the right > double click the item/click the i button/use File menu "Get Info" > click "Show Password" > enter the keychain's password > click "Allow" > the password will be revealed.
  • Keychains can store multiple passwords for the same thing (causing problems) - to delete a password open Keychain Access > select the Keychain on the left > select Passwords in the bottom left > select the item on the right and press the delete/backspace button on our keyboard > confirm the deletion.
  • iCloud Keychain Sync was introduced with OS X 10.9 or later and iOS 7 or later
Web Browsers
Most web browsers can store user names and passwords for web sites for your convenience. However, you should be very careful when using this feature of a web browser as it is usually switched on by default, the data may not be stored as securely as you would like and malicious web sites may be able to access (and steal) this data using holes in the web browser software. This feature can be called Auotfill. Here is the relevant settings for common web browsers:
  • Apple Safari v5.x or earlier - go to Safari menu > Preferences > Autofill tab
  • Apple Safari v6 or later - go to Safari menu > Preferences > Passwords tab
  • Camino - uses the OS X Keychain [WARNING: discontinued 31/05/2013]
  • Google Chrome - uses the OS X Keychain
  • Chromium - go to Chromium menu > Preferences > click on "+ Show advanced settings" at the bottom > "Passwords and forms" heading
  • Mozilla Firefox - go to Firefox menu > Preferences > Security tab > Passwords heading
  • iCab - uses it's own system for storing passwords
  • Omniweb - go to Omniweb menu > Preferences > Show All tab > AutoFill icon
  • Opera - go to Tools > Advanced > Password Manager
  • Seamonkey - go to Tools > Manage Stored Passwords
  • Stainless - does not appear to have this feature
  • Sunrise - does not appear to have this feature
  • TenFourFox - go to TenFourFox menu > Preferences > Security tab > Passwords heading
Software Utilities and Online Synchronisation

Article Keywords: Macintosh OSX Security

This article is © MacStrategy » a trading name of Burning Helix. Apple, the Apple logo, and Mac are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.

If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.

Go to this
web page
to donate to us.

To comply with European Union law your continued use of this website gives your consent to allow this website to create a cookie on your computer for site analytics. This website also uses cookies to make your browsing experience easier and more secure. See our Privacy Policy for more information including a list of cookies that this site uses.