An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 2 of 2 < 1 2
Topic Options
#31263 - 09/22/14 09:39 AM Re: Securing a desktop mac [Re: ryck]
deniro Offline


Registered: 09/09/09
Quote:
One warning, if you forget the "master password" the only recovery is starting over from scratch.


What do you mean? What do have to do?
_________________________
OS X 10.11.6
iMac 21.5", Mid 2011
2.8 GHz Intel Core i7, 24 GB
AMD Radeon HD 6770M
Using Apple computers since 1980

Top
#31267 - 09/22/14 12:58 PM Re: Securing a desktop mac [Re: deniro]
ryck Online


Registered: 08/04/09
Loc: Okanagan Valley
First, you weep.

You will be the only person who knows your password. If you forget it, neither you nor the software publisher can open the application. So you'll have to start all over and enter every single password again.

However, you got this kind of software because you can't remember all your passwords and didn't want to leave a document laying around that someone else could access.

Now, there's a pickle. You need to re-enter all your passwords but you can't.

I took the approach of creating a Master Password that is very unlikely to be guessed but which is easy for me to remember. I also have it stored in a couple of places - my daughters' heads. They have it because, if anything ever happened to my wife and me simultaneously, they'd need access to my passwords.


Edited by ryck (09/22/14 01:00 PM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#31270 - 09/22/14 01:53 PM Re: Securing a desktop mac [Re: ryck]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Quote:
And you should think about where you hide stuff. A security expert told me that professionals, looking for high-value, easy to carry items, go straight to the main bedroom...

He said the best place to hide those items is in a rusty tin can in the garage.


Problem solved. Keep your master password in a rusty tin can in the garage. Tada! laugh

Top
#31271 - 09/22/14 03:26 PM Re: Securing a desktop mac [Re: slolerner]
ryck Online


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: slolerner
Problem solved. Keep your master password in a rusty tin can in the garage. Tada! laugh

Perfect. They're never looking there. grin


Edited by ryck (09/22/14 03:27 PM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#31276 - 09/23/14 08:37 AM Re: Securing a desktop mac [Re: deniro]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: deniro
Quote:
One warning, if you forget the "master password" the only recovery is starting over from scratch.


What do you mean? What do have to do?

That has happened to me (which in one reason I have tried so many password systems). An early version of Keychain hiccuped and lost the keychain file. There was, of course, no remembering all the various sites much less the passwords so I ended up resetting the passwords when I logged onto each and every site to rebuild the Keychain file. It took for blooming EVER!

Keychain and OS X file management are far more stable these days — thank heavens, but now I take a sixfold approach.
  1. The keychain is backed up in Time Machine
  2. The keychain is synchronized in iCloud which has the added benefit of making the passwords available on my iPhone and iPad.
  3. I have a logon and wake from sleep password so keychain can fill in the userid and password even on sites that normally exclude automatic password entries
  4. I have the most important and critical passwords in 1Password
  5. 1Password is also backed up in Time Machine
  6. 1Password is synched with iCloud and my iPad.

I use different passwords for Keychain and 1Password and store the Keychain password in 1Password and vice-versa. Keychain does a good job of suggesting secure passwords for new sites or when changing a site password, but it is not as flexible as 1Password in that regard. I have encountered sites that will not accept the Keychain suggestion, but I have always been able to adjust the 1Password suggestions to work with any site. An interesting sidelight is the difference in how secure each of the utilities thinks the same password is. The difference is sometimes night and day.
_________________________
joemikeb • moderator

Top
#31277 - 09/23/14 09:04 AM Re: Securing a desktop mac [Re: joemikeb]
slolerner Offline


Registered: 08/25/09
Loc: New York City
I thought I heard iCloud was hacked...

But then again, so was Home Dept. I had credit card fraud (not debit card) from Walmart and Hertz, both in states I have never been to. I never shopped at Walmart and never rented a car from Hertz. It's just out there. Purchase a monitoring service until they eliminate this whole shoddy password and card swipe system, IMHO.


Edited by slolerner (09/23/14 09:10 AM)
Edit Reason: more

Top
#31280 - 09/23/14 11:34 AM Re: Securing a desktop mac [Re: slolerner]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
RE I thought I heard iCloud was hacked...

According to Apple and other sources, that was the 'cheap' way of explaining what happened. As I understand it, users of iCloud (especially those who didn't even know their photos were being uploaded to iCloud by default – ie, had no clue how their iPhone and other such devices worked – but could have circumvented the problem by disabling the automatic/default option of iCloug backup) were hacked the good old-fashioned way, via 'brute force', to obtain poorly constructed passwords.

EDIT: Along those lines, see this season's premiere episode of The Big Bang Theory, whereby Sheldon's (rail)road trip photos were saved to the Cloud and retrievable after his mobile was stolen.


Edited by grelber (09/23/14 03:51 PM)
Edit Reason: Addendum

Top
#31291 - 09/24/14 11:10 AM Re: Securing a desktop mac [Re: grelber]
deniro Offline


Registered: 09/09/09
Thanks for everyone's advice. Good stuff.
_________________________
OS X 10.11.6
iMac 21.5", Mid 2011
2.8 GHz Intel Core i7, 24 GB
AMD Radeon HD 6770M
Using Apple computers since 1980

Top
#31340 - 09/29/14 12:48 PM Re: Securing a desktop mac [Re: deniro]
deniro Offline


Registered: 09/09/09
What do people here think about staying logged in to web sites? Should I log out of a site every day? Every time I'm done with it? Amazon? This site?
_________________________
OS X 10.11.6
iMac 21.5", Mid 2011
2.8 GHz Intel Core i7, 24 GB
AMD Radeon HD 6770M
Using Apple computers since 1980

Top
#31342 - 09/29/14 02:36 PM Re: Securing a desktop mac [Re: deniro]
alternaut Offline

Moderator

Registered: 08/04/09
While there is a difference between private and public computers, it is generally safer and more secure to log out when you're done on a particular web site, and log back in when you need to do more business there. For instance, many financial web sites will log you out automatically after a certain period of inactivity to increase the safety of your data. More musings on this topic can be found on this Lifehacker page.
_________________________
alternaut moderator

Top
#31344 - 09/29/14 02:41 PM Re: Securing a desktop mac [Re: alternaut]
ryck Online


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: alternaut
For instance, many financial web sites will log you out automatically after a certain period of inactivity to increase the safety of your data.

My bank suggests not only logging out but also closing the browser to clear out residual information. I seem to recall that joemike's bank had even more stringent recommendations.
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#31349 - 09/29/14 10:23 PM Re: Securing a desktop mac [Re: deniro]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
I usually stay logged out. But then, I'm usually on my laptop these days, and I administer some sites that could cause significant grief if someone were o log in as me. I'm on a laptop most of the time, so I'm always concerned about the possibility of someone making off with my computer.

On my desktop system, I often stay logged in.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#31356 - 09/30/14 11:46 AM Re: Securing a desktop mac [Re: deniro]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: deniro
What do people here think about staying logged in to web sites? Should I log out of a site every day? Every time I'm done with it? Amazon? This site?

If I have logged onto a site where I do not conduct any financial transactions, such as this one, I seldom, if ever, log out.

If it is a site where I conduct any sort of financial transactions such as making a purchase, or paying a bill, I always log out and at the very least close the site window if not quitting the browser immediately after the transaction. To my knowledge that is perhaps the very oldest and hoariest of security recommendations. It goes back to the days when the primary security concern was a hacker hijacking your connection to a site. Since that time there have been numerous improvements in browsers and servers intended to defeat that practice. But habits are hard to break and just because a technique is old does't mean it no longer works or more importantly that all servers have good protection against such attacks. I am waiting to receive my third debit card in less than 12 months because it has once again been compromised by attacks on third party sites (not me and not my bank but some merchant.)

Note 1: I am getting more than a little "antsy" about sites that allow you to log in using a Google or Facebook ID. I will never login to a site to conduct financial transactions using Google or Facebook login nor will I do business with a merchant who uses Google or Facebook logins. IMHO that is simply too vulnerable to exploitation.

Note 2:I will definitely get an iPhone 6 and an iWatch because of Apple's more secure charge card scheme. The time is coming when I will feel forced to quit trading with merchants that are too cheap to upgrade their credit card readers and sites to work with the security chip credit and debit cards.
_________________________
joemikeb • moderator

Top
#31370 - 10/01/14 04:13 PM Re: Securing a desktop mac [Re: joemikeb]
slolerner Offline


Registered: 08/25/09
Loc: New York City
I have Firefox set to not remember history and clear all cookies, caches, etc. after quitting. Then if I am logged into two sites at once for some reason, I won't forget to log out of each. Quitting Firefox will clear everything.

Top
#31373 - 10/01/14 05:34 PM Re: Securing a desktop mac [Re: slolerner]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: slolerner
I have Firefox set to not remember history and clear all cookies, caches, etc. after quitting. Then if I am logged into two sites at once for some reason, I won't forget to log out of each. Quitting Firefox will clear everything.

You are dealing with the vulnerability of someone logging into or having physical access to your computer. The logout and close browser routine is intended to shortstop a vulnerability that arises from a hacker actually hijacking your logon session — while it is in progress. In this case clearing the history etc. is a case of locking the barn door after the horse is long gone.
_________________________
joemikeb • moderator

Top
#31374 - 10/01/14 05:58 PM Re: Securing a desktop mac [Re: joemikeb]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Got it.

Top
#31424 - 10/06/14 12:26 AM Re: Securing a desktop mac [Re: joemikeb]
artie505 Online


Registered: 08/04/09
Originally Posted By: joemikeb
I have a logon and wake from sleep password so keychain can fill in the userid and password even on sites that normally exclude automatic password entries.

I don't follow that; would you please clarify?

Thanks.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#31425 - 10/06/14 12:41 AM Re: Securing a desktop mac [Re: joemikeb]
artie505 Online


Registered: 08/04/09
Originally Posted By: joemikeb
Note 1: I am getting more than a little "antsy" about sites that allow you to log in using a Google or Facebook ID. I will never...do business with a merchant who uses Google or Facebook logins. IMHO that is simply too vulnerable to exploitation.

Note 2:I will definitely get an iPhone 6 and an iWatch because of Apple's more secure charge card scheme. The time is coming when I will feel forced to quit trading with merchants that are too cheap to upgrade their credit card readers and sites to work with the security chip credit and debit cards.

1. I still don't understand people's fears about sites other than those that either have or have access to money or financial records/other critical info.

Somebody who hacks into my eBay or other merchant account, pretty much any of my accounts, in fact, can do no more than either maaaybe embarrass me or pay for it with their own money.

2. How would a merchant site work with a card with a security chip?
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#31426 - 10/06/14 12:43 AM Re: Securing a desktop mac [Re: joemikeb]
artie505 Online


Registered: 08/04/09
> ...a hacker actually hijacking your logon session — while it is in progress.

How is that possible?

Thanks.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
Page 2 of 2 < 1 2

Moderator:  alternaut, dianne, MacManiac