Make your Mac safer online: Five tips for better password security

Make your Mac safer online: Five tips for better security

Seems like there are endless examples of security problems with all the Internet services we depend on. What can we do?

Gotofail. Heartbleed. Target. Sony's PlayStation Network. The NSA. It seems like every few weeks, there's a new story circulating in the news about major security breach concerning systems that you rely on. What can you do to protect yourself?

The bottom line is that attacks do happen, so it's best to try to minimize the risk you face when these services inevitably are breached. Here are some tips to help you stay as safe as possible by changing your password habits.

1. Don't reuse the same password

It's easy to remember one password, more difficult to remember dozens. That's why many of us end using a single password for several different services we access. If you're doing this, don't. It's huge mistake. You're making it much easier for someone to get access to all of your accounts when you do this, especially if stolen information about you includes your e-mail address or other crucial identifying information you use across multiple sites.

2. Change your passwords...often

Get into the habit of changing passwords on a regular basis, at least on higher-risk sites and services like your bank or other financial institutions or anywhere sensitive data about you is maintained. Whether it's monthly, quarterly, whatever, make sure you don't use the same password forever. Many of these institutions may require you to change your password periodically already, but many (like my bank) don't. So make sure to shore up your security by filling in those gaps when necessary.

Use strong passwords

Don't use dictionary terms; hackers often employ word lists straight from the dictionary. That's why many services now require you to use a combination of letters, numbers and other characters.

Don't use the name of your spouse, pet, kids or any other information that might be gleaned from a potentially compromised personal profile.

The longer, the better. Some services have minimum password lengths they'll allow, but it's often a good idea to extend it even further. If your service requires an eight character password but allows up to 16, use as many letters as you can. Mix up letters, numbers, upper and lower case, punctuation — anything you can do to make it harder to crack your password.

3. Use two-step authentication if it's an option

Check to see if the services you rely on use two-step authentication. Google, many banks, even iCloud support two-step authentication.

The idea behind two-factor authentication is to combine something you know, like a password, with something you have, like your cell phone. While it does add a layer of complexity to interaction with services you depend on, it is very secure, because while a hacker might be able to get your password, they're unlikely to have access to your cell phone or another device you use for authentication.

4. Use a password manager or even just a notebook to keep track

Rotate passwords periodically. Use strong passwords. Use different passwords for every different service — it's easy to lose your mind with passwords. Make it easy on yourself by using a password manager.

Password managers are standalone apps that help you manage passwords for all the different sites and services you use. Some, like Mavericks' own iCloud Keychain and Agile's 1Password, work on both OS X and iOS.

If you can't afford a password manager right now or you don't feel comfortable using one, consider getting a dedicated notebook to keep track of your passwords, assuming you're a home user with relatively little security risk. It sounds counterintuitive: If it falls into the wrong hands, a notebook with your passwords can jeopardize your online safety, no question. (It pays to keep the notebook somewhere safe, that's for sure, to keep out prying friends and relatives).

But on the other hand, many of us aren't trying to keep friends, family and coworkers away from our online accounts, but hackers from the far corners of the globe who we've never met and are unlikely ever to meet. To that end, a notebook can be a relatively secure option.

5. Be safe

These are just a few common-sense tips to protect yourself online; there are a lot of other things you can do to keep your identity safe while you're online.

Your best tips for better Mac password security?

I suspect you have a few of your own that you're dying to share, so lay 'em on me in the comments!

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Peter Cohen

Mac Managing Editor of iMore and weekend Apple Product Professional at a local independent Apple reseller. Follow him on Twitter @flargh

More Posts



← Previously

MacBreak Weekly 398: The Police Pursuit Package

Next up →

Hearthstone: Heroes of Warcraft now available worldwide

Reader comments

Make your Mac safer online: Five tips for better password security


When I get a new phone number, I always try to see if it spells some word using This has become a pretty good method for generating passwords. For example, I used to have a pager with a phone number that spelled out 858-Julie. Number, special character, uppercase and lowercase letters, easy to remember.

I liked the iCloud Keychain much better when Safari could still be set to override websites that didn't want you to save their passwords. At least, I haven't been able to figure out how to get it to generate me a password if it can't save it. Just bought 1password for both IOS and Safari and I'm really liking the Safari plug-in and OSX applet. Now I just wish more places would do 2-step auth.

Yeah I agree. I hate that Safari now won't override a site's AutoFill settings. It's one of the reasons that got me more invested in 1Password. The Heartbleed sale was the final push in getting 1Password on my Mac (I already had it on iOS for some time).

In addition to creating your own code (like swapping numbers or symbols for certain letters), make your passwords people or things from your past which you clearly remember, but that are almost impossible for anyone else to know. (So don't use your high school mascot or the street where you lived.)

So, when you use a log to keep track of your passwords, the entries would read something like: "Girl who sat next to me in second grade" "Manager at my first job". ( I barely remember anyone from second grade, but I do remember Debbie Witt sat next to me. I also remember that the manager at my first job was Jeff Hazelgrove.)

Anyone who finds your log, will not know the answer to the entries, and even if they did, then they would have to know the code you created.

A friend of mine let me on his technique to make ultra strong passwords you can easily remember: take the name of your first romantic crush, first letter capitalized, then turn all vowels into numbers that represent their shapes (A=4 E=3 I=1 O=0 U=µ, I don't use the U but µ works), then continue with the name of the service you're creating the password for and then finish with the last crush you had in the same way. It's almost impossible to crack, because most crushes are top secret and its structure is complex and usually 20 or more character long. E.g.: S4ndyp3t3rs0nG00gl3Sylv14H0ffm4n. And also, USE 1Password or LastPass.