MAGICtricks
return

Passwords

The material on this page is by Robert Elphick. This update is based on a presentation given in February 2024 and can bee seen at The examples are in Sonoma (OS 14)

CONTENTS

top

Introduction

Passwords have become an essential part of computer life - especially when working on line. Secure passwords have become more important as the Evil ones use ever more sophisticated methods of guessing your passwords and accessing your private data or contaminating your computer. Although some of the Evil ones are just kids out to do damage for its own sake, most are trying to steal your identity and your assets. Many of them are from countries where computer hacking is not prosecuted or is even actively encouraged. This article will help you defend your computer and use effective passwords.

top

Effective passwords

There are several major criteria for effective passwords:

  • Length - at least 12 characters, preferably more (I now use 18!)
  • Characters - use some lowercase letters, some uppercase letters, some numbers,
    and some 'special' characters like: % & * $ @ | [
  • Words - do not use any real words unless they are random nonsense strings of words
  • Personal - do not use any personal data including names, birthdays, phone numbers, favorite colors etc. These are easy to find on your social media accounts and other online activities
  • Unique - Every password must be unique, do NOT use the same one for different purposes
Evil ones have applications that can try all variations of names, pets, birthdays phone numbers, etc in a matter of seconds. Do not use them.

top

Creating and Storing passwords

Storing password where you can find and read them is a requirement. Common sense tells us that putting them in an unencrypted file on your computer is unsafe. Writing them on a piece of paper is equally as bad.

Password should be stored where they are encrypted and/or hidden from prying eyes. There are several options for Macs including these Password Managers:

There are many others that can be found on the Apple App Store:

Password managers

Password Managers in the App Store - the two discussed here are highlighted in red



Keychain

Keychain Application

This a part of the Mac operating system and can be found in the Utilities folder within the Applications folder. When you need to supply a password to the system it will may ask whether you wish to remember it - the Keychain is used to remember these passwords.

It can also be used to keep your passwords, secure notes, certificates, and keys.

Password managers

After opening Keychain Access in the Utilities menu, The "MAGIC MacBook Pro" has been selected and in the next window the "Show Password" has been selected.
Using the password for the Mac User Account will then provide the password for the "MAGIC MacBook Pro"



pwSafe

PwSafe

pwSafe is a commercial product for generating and storing passwords. It has the advantage that there are compatible versions for iPhone, iPods, and iPads. It is also fully encrypted.

Features include:

  • Generates strong passwords
  • Copy password
  • Copy username
  • Copy password and open website
  • Password history (per safe and per entry settings)
  • Fully compatible with pwSafe for 10S
  • Search In all fields
  • Organize entries in groups
  • Multiple fields (title, username, password, URL, email and notes)
  • Multiple safes
  • Unlimited passwords
  • Unlimited password groups
  • 256-bit encryption
  • Touch ID support
  • PwSafe Cloud sync
  • Clears password from pasteboard after a timeout period, when the computer sleeps or when the app exits (fully configurable)
  • Locks safe when the app exits

This is the one that Robert uses on his Mac, iPhone, and iPad.

The only password you need to remember is the password to access the data in PwSafe. So make it a really safe one that you will remember for the rest of your life!

Password managers

Here is PwSafe looking up the password for "Adobe Fonts"



1Password

1Password

1Password is a commercial product for generating and storing passwords. It has the advantage that there are compatible versions for iPhone, iPods, iPads, and Android. It is also fully encrypted.

This application has many of the capabilities of pwSafe above.

Password managers

Here is 1Password looking up the password for "Air Canada"



Invisible passwords in an protected file

For people who do not trust external applications to keep their password private, Tom Johnson has suggested a technique that was described in the 2013 July issue of the MAGIC newletter.

It involves typing into a text file or Pages and then selecting all the text [Command - A] and then changing its color to white so that it is the same as the background and cannot be seen. Additionally you can password protect the file if it is in Pages using the menu File->Set Password... before saving the file. Use a file name that no-one will guess has passwords in it!


top

Generating passwords

If you have pwSafe or 1Password, they can generate highly secure passwords for you as well as store them.

To generate your own password, here a technique to produce a secure password that you can remember but looks like complete gibberish.

  1. Find a sentence that has at least eight words. For example a couple of lines from a favorite poem. A favorite song. A statement that means something to you.
  2. Replace any words or parts of words that sound like a number with that number (e.g. "for" becomes "4" and "create" becomes "cre8".
  3. Reduce the words to just the first letter (or last letter or whichever letter you fancy) but leave any numbers in place.
  4. Make sure that you have a password twelve or more characters.
  5. Remember it!

For example:
We had a Hippopotamus and kept him in a shed,
I fed him on vitamins and vegetable bread.
becomes:
WhaHakhiasIfhovavb

My two grandkids Gertrude and James will keep me forever young.
becomes:
M2gGaJwkm4ey
Notice in this one the word "two" is changed to "2" and the word "forever" is changed to "4e".

Nobody will guess these!


top

Transferring passwords

MAGIC Members who have several devices (iPhones, iPads, iPods, etc.) in addition to computers may wish to transfer the passwords to the devices so that they can do shopping online etc.

Possibilities include the use PwSafe or 1Password which can readily transfer passwords between devices.

top

Erase Data on iPhone

Passcode Lock

Do not forget to protect your device with a password and set it to erase after ten incorrect attempts to open it.

In older iPhones: In iOS tap on the Settings, tap on General and then tap on Passcode lock and set it like the picture.

I recommend that you turn off Simple Passcode (use a long password instead), Siri, and Passbook. Be sure to turn on the Erase Data.



Passcode Lock

In newer iPhones: In iOS tap on the Settings, tap on Face ID & Passcodes, scroll to the bottom and set the "Erase Data" like the picture.

It is just common sense but I will say it anyway - Keep your devices close to you and avoid leaving them around.


top

Encrypting files

There are a number of applications available from the Apple Store that can encrypt files. Just search for "Encrypt".

One I use is called "File Encrypt". It is easy to use and fully encrypts any file you drag into it.

top

Encrypting Macintoshes

You mac comes with software that will encrypt everything.

  1. Open System Preferences from the Apple menu
  2. Click on the Security & Privacy (Privacy and Security in newer OSs) icon
  3. Click on FileVault and turn it on
    4. Disk Utility - FileVault
    On older Mac OS


    Disk Utility - FileVault
    On current Mac OS
This will prevent anyone who has entered your Mac but does not know your password from accessing any of your files. It will keep all but the best crackers out.

Copyright:

 Made on a Mac

©Macintosh Appreciation Group of Island County (MAGIC) 2013 - 2020
last updated: 27 February 2024