Hi Alex

Thanks for that, glad it was helpful.

In answer to your questions.
1. I haven’t really used LastPass, so I can’t really comment on it. I’ve just 
always used 1Password. I think I had some reservations on LastPass, but that 
was ages ago and I can’t recall what it was now. Perhaps it was something to do 
with who owned it? Or possibly because they once had a breach (again I think it 
was a long time ago). Whereas i’ve never heard of AgileBits ever having 
problems. They (1Password/AgileBits) always seem more on top of things with 
info, updates, on top of security stuff. But that could be my bias,…lol.
So seeing as I have never used LastPass I can’t really say. A quick search 
seems that they do rate a little “better” in some things - 
https://www.digitaltrends.com/computing/lastpass-vs-1password-comparison/
I think (but I could be wrong) that 1Password has been around a lot longer then 
LastPass - so that could be another reason I use it. :)

2. Yes, generally once using a Password Manager it’s best to go through and 
replace passwords for more random generated ones. Most programs will do this 
for you. And they generally offer an “audit” feature as well. So you can let it 
audit your passwords to see if you need to change any, or any are poor in 
“quality”. And given that the software manages it for you, you don’t actually 
have to remember them. As it does that for you and auto fills it in if you want 
to. (or can look it up if really need to know what it is).
I use a mixture of both generated from 1Password and Apple’s auto-generate 
feature as well. And I have iCloud Keychain set on. So my passwords sync to my 
laptop, iMac, iPad and iPhone. So doesn’t matter what I use, all the 
information is there.
With my iPhone and iPad, I have those set to 10 wrong attempts of the login 
passcode will erase the device. As then even though everything is “Secure” and 
locked away, it just means if someone gets them and tries to break into it, it 
will completely remotely wipe the device after 10 wrong attempts. And given 
ti’s backed up to iCloud and my computer daily I won’t actually lose anything. 
The person will get my items, but all my personal “stuff” will be deleted.
(Not that I actually have anything to hide, as it’s all encrypted, but it’s 
just a “nice feeling” to know that the info won’t go anywhere. Though I did 
have to tell my son many years ago he couldn’t play with my phone and code,…as 
“Daddy didn’t want him to wipe my stuff”. :) Now with FaceID and/or Fingerprint 
ID I don’t really use Passwords all that much. As most programs like my banking 
and 1Password will unlock via FaceID. (or FingerpringID on my iPad Gen6).
But yes, to answer your question (sorry, I get sidetracked sometimes,…lol) - 
yes, it’s a good idea to replace passwords. As I “upgrade” some sites here and 
there I go through and change them all. So they tend to be updated every 2-3 
years anyway. And some wholesaler I use I have to do it every 6 months anyway.

Hope that extra info helps. :)

Kind regards
Daniel

---
Daniel Kerr
MacWizardry

Phone: 0414 795 960
Email: <daniel AT macwizardry.com.au>
Web:   <http://www.macwizardry.com.au>


**For everything Apple**

NOTE: Any information provided in this email may be my personal opinion and as 
such should be taken accordingly, and may not be the views of MacWizardry. Any 
information provided does not offer or warrant any form of warranty or accept 
liability. It would be appreciated that if any information in this email is to 
be disseminated, distributed or copied, that permission by the author be 
requested. 

> On 4 Dec 2018, at 11:35 pm, Alex <aln...@highway1.com.au> wrote:
> 
> Thanks Daniel, that was very helpful on a very vexatious issue.
> 
> Couple queries tho’.  Do you have any opinion on LastPass?  I have used it in 
> a Windows environment.
> 
> And, if one is to use a password management programme, would it then be 
> advisable to set up random letters, numbers & characters as passwords rather 
> than the usual passwords one makes up?
> 
> Cheers,
> 
> Alex Novakovic
> 
>> On 3 Dec 2018, at 12:29 pm, Daniel Kerr <wa...@macwizardry.com.au> wrote:
>> 
>> Hi Pat
>> 
>> If you enter the AppleID (which is also used for iCloud, as they are 
>> generally one and the same thing), more then 3 times, then yes it will 
>> generally want you to reset it.
>> You can do this by a few options - some are automated, and don’t require 
>> calling Apple.
>> If you have access to the email address, you can request an email that will 
>> step you through resetting your password.
>> Generally if I want to “Test” a password for a client to see if it’s correct 
>> or not, then I will use the “main” Apple site - applied.apple.com
>> By putting in the email address and password then it will ensure if it’s 
>> correct or not. If it logs in - the password is correct. If it advises it 
>> isn’t correct then a few tries before the option of resetting it (normally 
>> via the email option). It’s very rare to have to call Apple for this at all 
>> I find. It’s all automated.
>> 
>> *Generally* (and I use this term lightly) the computer password will be 
>> different to the AppleID password. Though,…in some of the later systems, 
>> this can be reset by the same AppleID.
>> In System Preferences - Users & Groups - “username” (on the left hand side). 
>> On the right hand side there is a tick box that says “Allow user to reset 
>> password using Apple ID). If this is ticked, then the AppleID can be used to 
>> change the computer password. And then (generally) these are one and the 
>> same.
>> I personally prefer to keep these different, so the computer password is 
>> completely different to my AppleID. (for security reasons).
>> 
>> This could be where (if you had ticked) some of the issue could have 
>> happened in your last post to the list where you went through with Apple 
>> resetting the password.
>> (I probably would have used the Terminal thing as a last resort, as yes it 
>> resets Keychain and this makes a whole other issue where passwords stored 
>> there are a) lost of b) almost non-retrievable. And even if retrieved via a 
>> TimeMachine backup they will be locked away under the “original” password.
>> 
>> As Peter has mentioned unfortunately these days everything has to be a lot 
>> more secure. The flip side to this would be a lot more hacking of details, a 
>> lot more social engineering of personal details and a lot more user data out 
>> in the open. So with things like 2-factor authentication, recovery via email 
>> of forgotten details, and stronger passwords Apple (and others) are doing as 
>> much as they can do to protect personal data.
>> I’d personally prefer it this way, then people having access to my data. I 
>> like the security of 2-factor authentication knowing that even if someone 
>> got my AppleID password they can’t access it without physical access to my 
>> iPhone. (which is also locked, and 10 wrong attempts will just wipe my 
>> device). I’d rather know my data is as secure as possible and harder for 
>> others to try and get then a lot less security and easier ways to try and 
>> get my data. (only have to look at the 4 years that yahoo accounts got 
>> hacked for example with no notification to their users). And we see a lot 
>> more of these where some companies seem to be a bit less “slack” about some 
>> things, and more personal data gets “hacked”.
>> (I know where two of my spams come from as they come to two email address I 
>> used for Dropbox and Adobe. So I know those two accounts that get spammed 
>> where two email addresses I used where “taken” in a list from both of those 
>> companies.). The spam comes addresses to those two email addresses which I 
>> then went and closed off and changed.
>> This was another interesting site where I could check which “places” my 
>> email address may have been taken from - https://haveibeenpwned.com
>> This came from an article I read ages ago here - 
>> https://www.businessinsider.com.au/new-email-scam-uses-old-password-fake-porn-threats-webcam-video-bitcoin-2018-7?r=US&IR=T
>> 
>> The downside to all the security obviously is having a lot more (different) 
>> passwords. This is where things like Keychain Access, 1Password etc come in 
>> very handy to store all the passwords in for me. (even things like the WAMUG 
>> mailing list, and the WAMUG committee mailing list I have stored to access 
>> so I can look after the behind the scenes things for it. And a lot more 
>> passwords linked to different things for even those that need passwords as 
>> well).
>> So without having to remember them all, that’s where the above programs 
>> become “life savers”. (and I have them stored in 2 different programs should 
>> one “fail”).
>> The other I’ve set it up for clients who may not want to use the “written 
>> down password” books is to have a locked Excel spreadsheet. Lock it with a 
>> main password and give the file a name that doesn’t say “Passwords” (e.g. 
>> Wine List, Book List, My Boring Notes file). Then they put all their 
>> passwords in that.
>> Others write them down in books obviously as well. Not one I tend to 
>> recommend as if someone gets the book they have all the passwords. But it 
>> depends on how clients are worried about their data really. Some might not 
>> have things they are worried about.
>> 
>> But back to your topic,..if you have an AppleID, then you would have an 
>> iCloudID - given they are both the same.
>> If you use the above link then you can at least check it and see if it logs 
>> you in or not. Then you know at least if you have those details for that 
>> AppleID/iCloud.
>> 
>> Apologies to others for the long post,..was trying to cover a lot in one 
>> email,….lol.
>> 
>> Hope all that info helps.
>> Kind regards
>> Daniel 
>> 
>>  Sent from my iPhone XS 
>> 
>> ---
>> Daniel Kerr
>> MacWizardry
>> 
>> Phone: 0414 795 960
>> Email: <daniel AT macwizardry.com.au>
>> Web:   <http://www.macwizardry.com.au>
>> 
>> 
>> **For everything Apple**
>> 
>> NOTE: Any information provided in this email may be my personal opinion and 
>> as such should be taken accordingly, and may not be the views of 
>> MacWizardry. Any information provided does not offer or warrant any form of 
>> warranty or accept liability. It would be appreciated that if any 
>> information in this email is to be disseminated, distributed or copied, that 
>> permission by the author be requested. 
>> 
>>> On 3 Dec 2018, at 11:15 am, Pat <clamsh...@iinet.net.au> wrote:
>>> 
>>> Thanks, Peter and Susan,
>>> 
>>> One thing I read while I was thrashing around trying to fix things, was 
>>> that if you enter a password incorrectly 2 times, you have to (I forget the 
>>> exact words) sort it out with Apple (which isn’t easy to do, as you are 
>>> only given a limited number of topics that you can choose from.) 
>>> 
>>> But for now, everything is working reasonably well, but I still haven’t 
>>> tackled iCloud. Will do, soon.
>>> 
>>> Cheers,
>>> Pat
>>> 
>>>> On 3 Dec 2018, at 08:03, Peter Hinchliffe <hinch...@multiline.com.au> 
>>>> wrote:
>>>> 
>>>> 
>>>> 
>>>>> On 1 Dec 2018, at 11:31 am, Pat <clamsh...@iinet.net.au> wrote:
>>>>> 
>>>>> I have a functioning password to open the computer and other ones to send 
>>>>> and receive mail. But I have just discovered that Apple has a clutch of 
>>>>> others that I don’t know. I have never voluntarily used iCloud, so as far 
>>>>> as I am concerned, it has no password. How do I find out how to find it 
>>>>> or create it, because apparently I need it?
>>>>> 
>>>>> It looks like I may need other passwords for functions about which I have 
>>>>> no idea. Security gone mad.
>>>>> 
>>>>> I was just trying to transfer something to one of my external disks. 
>>>>> Couldn’t do it by drag and drop without the damn password. The one that 
>>>>> opens my computer used to do it, but it was rejected.
>>>>> 
>>>>> I hope someone can help. 
>>>>> Pat
>>>> 
>>>> As frustrating as all this is, it’s an unfortunate reality in today’s 
>>>> computing world that you must keep track of your accounts and passwords. 
>>>> The only way to avoid this is to turn off all access to the internet, 
>>>> which has now become almost impossible.
>>>> 
>>>> Whether or not you are using iCloud (and if you use a Mac you probably are 
>>>> whether you think so or not) you are actually being asked for the password 
>>>> for your Apple ID. Your Apple ID is generally just your regular email 
>>>> address. Many people go through the motions of creating an Apple ID when 
>>>> they first set up a new Mac or upgrade their OS, then either forget about 
>>>> it or don’t realise the significance of what they’ve been asked to do. 
>>>> 
>>>> In any event, if you don’t know what your Apple ID password is, you’ll 
>>>> have to reset it. The most direct way to do this is simply to go to System 
>>>> Preferences on your Mac and choose iCloud. You will be asked to type a 
>>>> password. If you type something and it’s not recognised after 3 attempts 
>>>> you will see a link appear which you can click if you “can’t remember your 
>>>> password”. If you click that a message will be sent to your email address 
>>>> showing you the steps to follow to create a new password.
>>>> 
>>>> Kind regards,
>>>> 
>>>> Peter Hinchliffe        Apwin Computer Services
>>>> FileMaker Pro Solutions Developer
>>>> Perth, Western Australia
>>>> Phone (618) 9332 6482    Mob 0403 046 948
>>>> --------------------------------------------------------------------
>>>> Mac because I prefer it -- Windows because I have to.
>>>> 
>>>> -- The WA Macintosh User Group Mailing List --
>>>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
>>>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
>>>> Settings & Unsubscribe - 
>>>> <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>
>>> 
>>> -- The WA Macintosh User Group Mailing List --
>>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
>>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
>>> Settings & Unsubscribe - 
>>> <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>
>> 
>> -- The WA Macintosh User Group Mailing List --
>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
>> Settings & Unsubscribe - 
>> <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>
> 
> -- The WA Macintosh User Group Mailing List --
> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
> Settings & Unsubscribe - 
> <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>

-- The WA Macintosh User Group Mailing List --
Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>