You Should Be Using a Password Manager

We often recommend using a password manager, but we’ve gotten a few questions asking why we’re so adamant about this. Lots of people think that all they need to do to keep their online accounts secure is create a single password with some numbers, often switching a lowercase L with a 1 and a capital E with a 3. And that’s for accounts people care about—for those that they don’t see as important, they’re likely to use a simple password like their child’s or pet’s name. Plus, most people don’t think they have much to protect or that they would be targeted by hackers, so they reuse the same password across multiple sites.

Guess what? Such an approach is extremely dangerous on today’s Internet. First off, no one is explicitly targeted. The bad guys get passwords by stealing millions at a time from Web sites with lax security. Then they use sophisticated hardware that can test over 350 billion passwords per second to decrypt as many of the stolen passwords as possible. All passwords shorter than 13 characters are easily cracked by such hardware.

Imagine you have an account on a shopping site whose passwords are stolen. The attackers can log in to that site, change your shipping address, and order items with your stored credit card. But they won’t stop there. They’ll use automated software to try that username and password combination on lots of other high-profile sites: Google, Apple, Amazon, eBay, Facebook, many banks, and so on. If they can get in anywhere, they’ll take over the account and exploit it in any way they can, which could involve stealing money, ordering goods, or using it to reset passwords and lock you out of other accounts. It can get ugly fast.

Use a password manager to generate, store, and enter strong passwords, different for each site, and you’ll never have any of these problems. A sufficiently strong password (go for 20 characters or more) will withstand cracking efforts for centuries, and by using a unique password for every site, even one password being compromised won’t expose any of your other accounts to abuse.

Here then are five reasons for using a password manager:

  1. Generate strong passwords: A password should be random, or it should be a long collection of words (think 30+ characters). Password managers can generate such passwords for you, so it’s easy to make a new one for each Web site.
  2. Store passwords securely: If you’re going to put all your eggs in one basket, you want that basket to be well protected. Password managers employ their own strong encryption and various other techniques to ensure that your passwords are safe.
  3. Enter passwords for you: No one can remember and type long, random passwords, but having a password manager enter the password for you is even easier than typing a weak password. Log in faster than ever before!
  4. Audit existing accounts: Password managers learn the credentials you use for existing accounts, and they can tell you which passwords are weak and which have been reused.
  5. Access passwords on all your devices: It’s even harder to type passwords on an iPhone or iPad, but good password managers have apps for mobile devices that sync with your password archive so all your passwords are available whenever you need them.

There are many different password managers, but for most people, there are three main choices. If you use only Safari on the Mac and in iOS, Apple’s built-in iCloud Keychain feature may be sufficient.

If you’re an Apple user but you prefer browsing with Chrome or Firefox, or if you want to share some passwords with family members or your workgroup, 1Password is the best choice. It costs $3 per month for an individual or $5 per month for a family, with team and business accounts as well.

If you need help choosing a password manager or setting one up, particularly in the context of a small business, get in touch with us. And if you’d like us to write more about each of these options, just drop us a note and we’ll see what we can do.

(Featured image by CMDR Shane on Unsplash)

Can’t Remember When Your Warranty Expires? iOS 12.2 Can

With luck, you should never need to check your iPhone’s or iPad’s warranty status. But bad things do happen to good devices. In iOS 12.2, Apple made it easy to see if your device is still under warranty or covered by AppleCare+. Go to Settings > General > About, where you’ll find a new entry that’s either called Limited Warranty (the basic Apple warranty) or AppleCare+ (the extended warranty you can buy).

This entry shows the expiration date, and tapping it provides more details on the Coverage screen. If your iPhone or iPad doesn’t have AppleCare+ but is eligible for it, you can even buy it from this screen. (You won’t see anything if your device is out of warranty and no longer eligible for AppleCare+.)

“2. Ensure that Apple products last as long as possible”

[Lisa Jackson, vice president of Environment, Policy, and Social Initiatives] said Apple now strives to design and build durable products that last as long as possible. That means long-lasting hardware coupled with long-lasting software. She pointed out that iOS 12 runs even on iPhone 5S, now five years old. Because iPhones last longer, you can keep using them or pass them on to someone who will continue to use them after you upgrade.

She said that “keeping iPhones in use” is the best thing for the planet.

At this point in the presentation I wondered if everyone would rush out of the room and call their broker to sell Apple shares.

My thoughtful take on yesterday’s Apple’s news is that the Series 4 Apple Watch was the most important announcement by far. Writing at Asymco, Horace Dediu has an even more thoughtful take, noting that Apple made an incredibly public repudiation of planned obsolescence: Asymco: Lasts Longer

Apple Should Own The Term “Warrant Proof”

It is not only well within Apple’s rights to produce a product that happens to be warrant-proof, but it’s actually Apple’s responsibility to create a product that’s capable of enforcing the highest level of security permitted by our country’s laws… not the lowest. Apple is well within not only their rights, but in practices that support and place appropriate locks consistent with the levels of privacy our country recognizes. These products protect everyone – diplomats, doctors, journalists, as well as all of us. Of course they should be this secure.

Jonathan Zdziarski: Apple Should Own The Term “Warrant Proof”

What those weather icons mean

Seems like more and more lately I’ve been seeing symbols in the iPhone’s weather app that I can’t immediately interpret. Here’s a handy chart to help with that. (Click to enlarge!)
iOS Weather Icons

new Apple privacy statement

Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t “monetize” the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.

This is a strong, direct statement from Apple on privacy which I don’t think any of its competitors could make honestly. I’ve been looking for Apple to be more outspoken about their great stand on customer privacy. A lot of my clients have concerns about privacy but don’t feel qualified to judge any one product or service provider against another — from this perspective, picking a phone, an email provider, or an operating system is a Hobson’s choice. This new Privacy section of Apple’s site includes a lot of details about how Apple uses, doesn’t use, and protects your data, all explained in direct, unambiguous, extremely readable language. Hopefully this starts to illuminate the issue for consumers and puts pressure on Apple’s competitors to clarify their own use of our personal information.