On Mon, Jul 6, 2009 at 6:16 PM, steve harley<[email protected]> wrote: > a more secure approach, which i use, is to set the login keychain (the > default keychain, that is) to have a different password than the user > account; this means that the login keychain won't open automatically on > login -- when something needs the keychain it will prompt you for the > password; then use the "Change Settings..." menu in Keychain Access to lock > the keychain after a certain amount of activity, and to also lock when > sleeping > > the result is that items in the keychain (such as the passwords for > encrypted disk images) are secure unless someone gets to your machine before > the lock is triggered (and knows what they are looking for) > > oh, and another thing to watch out for if you are encrypting large amounts > of data such as email is that each time you update an encrypted disk image, > a potentially very large file changes on the disk; if you are using Time > Machine (or other incremental backup techniques) then a whole lot of data > may need to be backed up for each small change
All good points and alternative strategies. What proper security always comes down to is how much risk is acceptable and how much of a PITA you are willing to put up with to reduce it. I keep my systems "reasonably" secure without driving myself batty. When I'm traveling, I turn on FileVault for a working account where I keep all my data secure, writing image files and other files for which security isn't essential to a directory in the /Users/Shared folder. -- Godfrey www.gdgphoto.com www.flickr.com/photos/gdgphoto www.twitter.com/godfreydigiorgi -- PDML Pentax-Discuss Mail List [email protected] http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
