The purpose of this article is to help you assess the strength, and thus security, of your password and to encourage you to start using more secure passwords. As a consequence of the fact that we all need to keep track of many passwords, many people use just one or two passwords over and over again. If this is true for you then please make sure that those few passwords are very difficult to guess. Go to How Secure Is My Password and type in your commonly used passwords to see an estimate of how long it would take a computer to determine your password using a brute-force attack. A brute-force attack is one in which a person tries repeatedly to guess your password. Such attacks often start by using some of the most commonly used passwords like 123456, password, cactus, andrew and turtle.

Okay, now that you realize how weak your password is, here are some tips on picking stronger passwords. Most likely, you’ve heard the advice of making your password longer, adding numbers and punctuation marks as well as a mix of uppercase and lowercase letters. All of this is good advice, but many people seem reluctant to incorporate this advice. Use the How Secure Is My Password to see how much longer it would take to guess a strong password by typing in a few varients of your password. You’ll soon see that password length make a huge difference. The longer your password is the more secure it is.

For example, if your password is cactus, you’ll see that this word is one of the 2000 most commonly used passwords so it can be guessed very easily– within seconds or minutes. However, if you were to change your password to cactuscactus then you’d see that the web site estimates that it would take about 12 years for a computer to guess or figure out that password. If your changed your password to cActuscActus then the estimate increases to 49,000 years. If you changed it to cActuscActus2012 then the estimate rises to 6 trillion years. Wow!

As you select more secure passwords, please make sure that they are still easy to remember. For example, if you currently use your child’s name or birthday as your password you could change your password to Andrew’sBirthdayIs12/15/80. That’s still easy to remember, but it’s so much more secure since it’s long, has a mix of uppercase and lowercase letters, numbers and punctuation marks.

Below are some other suggestions of strong passwords to help you get your creative ideas flowing. Create phrases or sentences which naturally incorporate punctuation marks and captalize each word in the phrase.

2%MilkHasLessFat

$100HaircutsAreExpensive

5¢CokesAreAThingOfThePast

Now that you’ve picked one or two strong, secure passwords please start to update all of your accounts. As you go through your day in the coming weeks, take a minute or two to update your accounts when you log into them. You might also want to maintain a list of your accounts and their passwords. You can store this information on your Mac by using a secure disk image. Read this previous Tech Tip about how to create a secure disk image.

Click to Print or Email

You can use these instructions to retrieve any password from your keychain such as the password to your wireless network. The keychain is a secure place to store passwords, when you initially connected to your password-protected wireless network your password would have been stored in your keychain if you checked the “Remember this network”.

• Go to /Applications/Utilities and open Keychain Access. This application lets you view the passwords (keys) stored on your keychain. You’ll notice that the application’s icon is a ring with keys on it.
• Use the Search field in the upper right corner. Type in the name of your wireless network.
• Click on the name of your wireless network from the list of found items. If there are multiple items with the same name then here are some clues on how to find the right one. It’s Kind will be Airport Network Password. It’ll be on the “login” keychain.
• Go to the File menu and select Get Info
• In the lower left corner of the Get Info window check the box named “Show Password”
• You’ll be prompted to enter your administrator account’s password. (This is you main computer password. This is the password you use when installing software updates.)
• Click the “Allow Once” button.
• The password will be displayed.

Click to Print or Email

This post builds upon the information that I presented in my last blog entry about how to securely store personal information on your Mac. A disk image file is a special kind of file. When a disk image file is opened it makes the computer think that an actual disk, like a CD, has been physically inserted into the computer. Thus, a disk image file, or more simply a disk image, can be thought of as a virtual disk.

How to create and use a password-protected (encrypted) disk image in Mac OS X 10.4, 10.5 or 10.6

1. Go to your Applications folder and open the Utilities folder.

2. Open Disk Utility (/Applications/Utilities/).

3. Click the “New Image” button, or choose New > Blank Disk Image from the Disk Utility File menu.

• Enter a name for your disk image file in the Save As field

• Change the save destination to either your Documents folder or your Desktop, whichever you prefer.

• Set Volume Name set to “Virtual Disk” (In 10.6 the field is called “Name”, not “Volume Name”)

• Select a Volume Size for the image file. If you’re just going to store a few Word or Excel files in the disk image then 10 or 20 MB should be large enough. (In OS X 10.6 40 MB is the smallest you can select.) You can choose any size you’d like by selecting “Custom” at the bottom. If you ever fill your disk image you can always create a larger one and move the files from the smaller disk image to the larger one.

• Leave the volume format set to “Mac OS X Extended (Journaled)” (In 10.6 the field is called “Format”, not “Volume Format”)

• Leave “Partitions” set to “No partition map”

• Leave the Image Format set to “read/write disk image”

• Set Encryption to “128-bit AES” if your Mac uses Mac OS X 10.4. Choose “256-bit AES” if your Mac uses Mac OS X 10.5 or 10.6

Warning: If you forget the password to your encrypted disk image, your data will be irretrievably lost so please write down your password on a piece of paper. This is just a precautionary measure.

• Click the Create button.

• Important: In this next step you’ll need to first uncheck “Remember password (add to keychain)” then twice enter a strong password. This password is used to secure your disk image.  [By "strong password," I mean one this is long and contains a mix of letter, numbers, odd capitalization and punctuation marks or at least most of these features. For example, 1%milKisgooDforyoU is a strong password.]

• Click OK

4. The disk image file will be created and then it’ll be opened automatically.

5. Look at your Desktop you should see an icon named Virtual Disk. This is what appears whenever your disk image is opened. Copy a file into this Virtual Disk. Notice that the file will automatically be copied when you put it in the Virtual Disk. The original file will remain where it is so you’ll probably want to put it into the Trash in a couple of days after you’re sure you understand how your new disk image works.

6. Close Virtual Disk by dragging its icon to the Trash, which will eject this virtual or fake disk.

7. Now, locate your disk image file. (It’s in the location that you selected in step 3, second bullet). Double-click your disk image file. Enter your password when prompted and then click the “OK” button. You should now see the icon for Virtual Disk again. Open it and you’ll see the file that you copied into it.

8. Now that you know how to use your disk image you can copy more files into it and you can delete the originals. For example, if you keep a list of passwords or other sensitive information in a Word or Excel file, copy this file into the secure disk image. Once you’ve confirmed that this file is inside your disk image then throw away the original file so it’s no longer sitting unprotected on your Mac’s hard drive.

9. Don’t leave your Virtual Disk on the Desktop all day long. That defeats the added security. Only open it when you need it and then close it when you’re done by dragging its icon to the Trash icon on your Dock.

Click to Print or Email

Do you have personal or sensitive information about yourself or your clients on your Mac? Such as credit card numbers or passwords? If so, I recommend storing this information in a special kind of file known as an encrypted disk image. I store a list of my own passwords and other sensitive information in such a file on my Mac laptop. This file is thus always readily available while still being inaccessible by others even if my laptop were stolen.

Without getting very technical, disk images were invented as a way to make a backup copy of a disk such as a floppy or CD, but other uses have emerged over time. Mac OS X lets you create a blank disk image that can be thought of as an empty folder. Additionally, this file can be encrypted which requires a password when you open it. Thus, in an over-simplified way, you can think of an encrypted disk image as a password-protected folder.

Read my next blog post for step-by-step instructions on how to create and use an encrypted disk image on your Mac. After creating your own secure disk image, copy the files that you want to protect into this disk image. For example, if you keep a list of passwords or other sensitive information in a Word or Excel file, copy this file into the secure disk image. Once you’ve confirmed that this file is inside your disk image then throw away the original file so it’s no longer sitting unprotected on your Mac’s hard drive.

Click to Print or Email