Part 1 – What’s the Low-Down On Security?
By their very nature, Macs have historically been seen to be much more secure than Windows PCs. This is due to a couple of factors – the OS designs are very different, but the huge disparity in market share during the 1990s and early 2000s meant that virus writers focused much more on the Windows market.
This doesn’t mean that Macs can’t be infected, but today in 2014, the biggest danger to the security of our systems is password re-use on Web sites. My definition of password re-use is using the same password on multiple sites. When a site is hacked, the hackers will grab all the addresses and passwords they can and then systematically set “bots” (systems they’ve taken control of via malware infections) to try logging in to other Web sites. An alternative to this is known as “brute force attacks”; these are where a would-be hacker will try a login name and work their way through a list of generated passwords trying, by brute force, to find the needle in the haystack that will give them access.
So what can you, an ordinary non-technical user, do you give yourself as much protection as possible?
The most straightforward steps are:
- Use a login password on your Mac.
- Download and install a password management software program.
- If your Mac is a laptop and you keep sensitive information on it, consider encrypting your disk drive.
Setting A Login Password
If you didn’t set one when you set up your Mac, it’s straightforward to do. Open the System Preferences application (the icon looks like a gear wheel); if you don’t have the icon in your Dock, click on the Apple icon in the top left corner of the screen and select System Preferences. Click the Users & Groups icon, then click the Change Password button on the upper part of the right pane. Choose a password that has a mixture of letters and numbers and is at least 6 characters long. If you can also use special characters (!, @, #, $, %, etc.), that will make it more difficult to guess. Make it something you won’t forget!
Use A Password Manager
With the rise in threats to online security, we have also seen entrepreneurial companies rise to the challenge of assisting users manage their multiple passwords. One such company is Ontario’s Agile Bits, makers of the excellent 1Password. 1Password is a multi-platform application, running on Macs, Windows, iOS devices (iPhones and iPads) and Android devices. It will synchronize the data it holds in either iCloud or Dropbox, meaning that passwords created on one device are available and usable on your other computers. So how does it work? It works by taking the strain – it will generate and remember long and complex passwords for you – all you have to remember is the one password from where the application gets its name. To access the application, you enter your “master password”. Once inside the application, you can then generate strong passwords for anything you need a password for. 1Password also securely stores your credit card and bank account information, making it easy for you to fill in those details on a Web site when you’re paying for a purchase. Now, you may be concerned about where and how such sensitive information is stored. As noted above, the 1Password data file can be synchronized with your iCloud or Dropbox accounts (or not – it is your choice to synchronize with your other devices). The data that is synchronized is encrypted, so it cannot be read by any third party.
So what makes a good password manager? To me, usability, stability and functionality are the three key factors making a successful application. 1Password meets all three for me – it’s easy to use, having browser plug-ins that fill in the login credentials for a Web site as well as the ability to generate a strong password and fill it in for you. It runs in the background and is available when I need it – no fuss, no muss. And it has a lot of useful features – as well as generating strong passwords and filling in login credentials, you can create and manage identities. In my case, I have business and personal identities, the prime difference being my business and home addresses. The application also allows you to manage software licences, including the ability to drag and drop attachments into a licence record. In this way, an email containing the purchase and licence information can be associated with the licence information inside 1Password.
Now, there are genuine concerns about storing personal information of this nature in a software application and then synchronizing it with a cloud service. One of the things that is very good about 1Password is that the data is encrypted (with your 1Password master password as the key); it’s then synchronized with a service that’s under your control and protected (one hopes) with a long and secure password (as an example, my Dropbox password is 18 characters long). So a cracker would need to break into Dropbox before then having to decipher the master password, which is highly unlikely.
The level of security and comfort engendered by a password management application like 1Password far outweighs any of the downsides. The greatest benefit to your security is not using the same password on multiple Web sites.
Full Disk Encryption
If you’re a laptop user and work in different locations, one of the advantages of the Mac operating system is the built-in full-disk encryption system (known as FileVault). When enabled (it’s off by default), it sets a recovery key (which I have stored in a 1Password secure note; storing with Apple is also an option), then begins the encryption of your disk drive in the background. If your laptop is stolen, the information contained on the drive will not be accessible to a thief, so if you have client information stored there, this is an excellent mechanism to protect it from others.