Advertising
anchor link to jump to start of content

The Seattle Times Company NWclassifieds NWsource seattletimes.com
seattletimes.com Home delivery Contact us Search archives
Your account  Today's news index  Weather  Traffic  Movies  Restaurants  Today's events
  NWCLASSIFIEDS
  NWSOURCE
  SHOPPING
  SERVICES





Saturday, November 20, 2004 - Page updated at 03:31 P.M.

Practical Mac / Jeff Carlson
Regular change of passwords keeps sneaky crackers guessing


E-mail E-mail this article
Print Print this article
Print Search archive
Most read articles Most read articles
Most e-mailed articles Most e-mailed articles

I'm starting a new tradition this Thanksgiving that I hope will enable me to give thanks each year that my personal information is secure: I'm changing all of my passwords, and you should, too.

Throughout the course of a given day, I enter some type of password at least half a dozen times: to wake my PowerBook from sleep, to install new software, to check my bank accounts online, and more. That doesn't include automatic passwords that are sent without my explicit approval each time, such as when checking e-mail, signing-on in iChat and logging in to subscription-based Web sites (many online newspapers and magazines require free memberships these days).

Although the chance that someone will steal my passwords is relatively remote, it's not out of the question. Nefarious individuals are capable of tapping into data networks, or worse, someone could steal my laptop or Palm organizer.

Changing all of your passwords regularly (I'm choosing Thanksgiving because it happens every year) is an easy step toward making your information more secure. Identity theft is a growing problem. According to Federal Trade Commission estimates, nearly 10 million people were victims of identity theft in 2003 (see www.consumer.gov/idtheft/ for more information). And in this age when passwords are the keys to much of your sensitive personal information, doing something as simple as changing them is worth the minor inconvenience of making the changes and memorizing new passwords.

I'm talking here about steps you can take on your Mac to update passwords, manage them easily, and improve your digital security. But you should also consider changing other security pass codes such as your ATM PIN, home or business security system, and the like.

Choose good passwords. I know it's tempting to use your pet's name as a password, but names are terrible passwords. In fact, you shouldn't use real words at all, because crackers (those nefarious individuals mentioned above, not the oft-misused term "hackers") can employ dictionary attacks that attempt variations of existing words.

Select a password that includes a mix of capital letters and numbers, the longer the better. For example, "katie" (the cat I owned growing up) is a bad choice, but "kAti3sB00ts" is better; notice how I substituted the "3" for "e" and zeros for "oo" to add variation.

In an ideal world, I'd be able to create separate, random passwords for each instance that I need one — but I had enough trouble in junior high trying to remember three locker combinations.

Instead, I come up with a handful of core passwords and then modify them as I see fit. So "kAti3sB00ts" might be used for e-mail, but I might use "kAti3sb@nk" to log into my bank account.
 
advertising
Even so, that's a lot of passwords, which is why a number of programs are available to help you keep track of them all. I use SplashData's $30 SplashID software (www.splashdata.com). It primarily runs under the Palm OS, which enables me to take my passwords with me on my Palm device, but it also includes desktop versions for Mac OS 9.2 or later and Windows.

Other programs include PasswordWallet (www.selznick.com) and iKeeper (www.yenco.com/iKeeper).

Changes on your Mac. The most important password on your Mac is your user password. In Mac OS X's System Preferences, click the Accounts icon, and select your user name if it's not already highlighted. Enter a new password in the Password field and retype it in the Verify field.

While you're there, click the Login Options button and turn off the "Automatically log in as" option if it's on. Whenever the computer is restarted, you'll be presented with a login dialog before you can use the machine. This way, you're adding one level of protection in the event you lose your machine, or someone decides to go snooping.

I also have my PowerBook set to require a password when waking from sleep or after the screen saver kicks in; you'll find this option in the Security preference pane.

Next, launch the Keychain Access application, which is located in the Utilities folder (in the Finder, choose Utilities from the Go menu). Keychain Access is where Mac OS X stores all of your automatic passwords, such as Web-site logins and AirPort network access.

If someone gains access to Keychain Access without your approval, he could wreak havoc with your online accounts, for example. Make it harder for him to do that by choosing "Change password for keychain" from the Edit menu, and entering a new password.

I love Keychain Access. If you forget a Web login or network password, you can select it in the list, then click the Password checkbox in the lower-left corner; after entering your Keychain password, the password you're looking for is displayed. As you can imagine, there are plenty of other things you can do to protect the data on your Mac, from turning on the built-in firewall (in the Sharing preference pane) to using third-party software such as PGP (www.pgp.com) to create encrypted disk images for storing sensitive information.

But changing your passwords on a regular basis is easy to implement and is an effective first line of defense.

Jeff Carlson and Glenn Fleishman write the Practical Mac column for Personal Technology and about technology in general for The Seattle Times and other publications. Send questions to carlsoncolumn@mac.com. More Practical Mac columns at www.seattletimes.com/columnists.

Copyright © 2004 The Seattle Times Company

E-mail E-mail this article
Print Print this article
Print Search archive

More practical mac headlines...

 BUSINESS/TECH NEWS
 SEARCH

Today Archive

Advanced search

advertising

 
advertising

seattletimes.com home
Home delivery | Contact us | Search archive | Site map | Low-graphic
NWclassifieds | NWsource | Advertising info | The Seattle Times Company

Copyright

Back to topBack to top