Thanks Heaps Daniel - great to have the discussion. And to all of you who so freely share your wisdom & experience.
Cheers, Alex > On 5 Dec 2018, at 1:01 am, Daniel Kerr <[email protected]> wrote: > > Hi Alex > > Thanks for that, glad it was helpful. > > In answer to your questions. > 1. I haven’t really used LastPass, so I can’t really comment on it. I’ve just > always used 1Password. I think I had some reservations on LastPass, but that > was ages ago and I can’t recall what it was now. Perhaps it was something to > do with who owned it? Or possibly because they once had a breach (again I > think it was a long time ago). Whereas i’ve never heard of AgileBits ever > having problems. They (1Password/AgileBits) always seem more on top of things > with info, updates, on top of security stuff. But that could be my bias,…lol. > So seeing as I have never used LastPass I can’t really say. A quick search > seems that they do rate a little “better” in some things - > https://www.digitaltrends.com/computing/lastpass-vs-1password-comparison/ > I think (but I could be wrong) that 1Password has been around a lot longer > then LastPass - so that could be another reason I use it. :) > > 2. Yes, generally once using a Password Manager it’s best to go through and > replace passwords for more random generated ones. Most programs will do this > for you. And they generally offer an “audit” feature as well. So you can let > it audit your passwords to see if you need to change any, or any are poor in > “quality”. And given that the software manages it for you, you don’t actually > have to remember them. As it does that for you and auto fills it in if you > want to. (or can look it up if really need to know what it is). > I use a mixture of both generated from 1Password and Apple’s auto-generate > feature as well. And I have iCloud Keychain set on. So my passwords sync to > my laptop, iMac, iPad and iPhone. So doesn’t matter what I use, all the > information is there. > With my iPhone and iPad, I have those set to 10 wrong attempts of the login > passcode will erase the device. As then even though everything is “Secure” > and locked away, it just means if someone gets them and tries to break into > it, it will completely remotely wipe the device after 10 wrong attempts. And > given ti’s backed up to iCloud and my computer daily I won’t actually lose > anything. The person will get my items, but all my personal “stuff” will be > deleted. > (Not that I actually have anything to hide, as it’s all encrypted, but it’s > just a “nice feeling” to know that the info won’t go anywhere. Though I did > have to tell my son many years ago he couldn’t play with my phone and > code,…as “Daddy didn’t want him to wipe my stuff”. :) Now with FaceID and/or > Fingerprint ID I don’t really use Passwords all that much. As most programs > like my banking and 1Password will unlock via FaceID. (or FingerpringID on my > iPad Gen6). > But yes, to answer your question (sorry, I get sidetracked sometimes,…lol) - > yes, it’s a good idea to replace passwords. As I “upgrade” some sites here > and there I go through and change them all. So they tend to be updated every > 2-3 years anyway. And some wholesaler I use I have to do it every 6 months > anyway. > > Hope that extra info helps. :) > > Kind regards > Daniel > > --- > Daniel Kerr > MacWizardry > > Phone: 0414 795 960 > Email: <daniel AT macwizardry.com.au> > Web: <http://www.macwizardry.com.au> > > > **For everything Apple** > > NOTE: Any information provided in this email may be my personal opinion and > as such should be taken accordingly, and may not be the views of MacWizardry. > Any information provided does not offer or warrant any form of warranty or > accept liability. It would be appreciated that if any information in this > email is to be disseminated, distributed or copied, that permission by the > author be requested. > >> On 4 Dec 2018, at 11:35 pm, Alex <[email protected]> wrote: >> >> Thanks Daniel, that was very helpful on a very vexatious issue. >> >> Couple queries tho’. Do you have any opinion on LastPass? I have used it >> in a Windows environment. >> >> And, if one is to use a password management programme, would it then be >> advisable to set up random letters, numbers & characters as passwords rather >> than the usual passwords one makes up? >> >> Cheers, >> >> Alex Novakovic >> >>> On 3 Dec 2018, at 12:29 pm, Daniel Kerr <[email protected]> wrote: >>> >>> Hi Pat >>> >>> If you enter the AppleID (which is also used for iCloud, as they are >>> generally one and the same thing), more then 3 times, then yes it will >>> generally want you to reset it. >>> You can do this by a few options - some are automated, and don’t require >>> calling Apple. >>> If you have access to the email address, you can request an email that will >>> step you through resetting your password. >>> Generally if I want to “Test” a password for a client to see if it’s >>> correct or not, then I will use the “main” Apple site - applied.apple.com >>> By putting in the email address and password then it will ensure if it’s >>> correct or not. If it logs in - the password is correct. If it advises it >>> isn’t correct then a few tries before the option of resetting it (normally >>> via the email option). It’s very rare to have to call Apple for this at all >>> I find. It’s all automated. >>> >>> *Generally* (and I use this term lightly) the computer password will be >>> different to the AppleID password. Though,…in some of the later systems, >>> this can be reset by the same AppleID. >>> In System Preferences - Users & Groups - “username” (on the left hand >>> side). On the right hand side there is a tick box that says “Allow user to >>> reset password using Apple ID). If this is ticked, then the AppleID can be >>> used to change the computer password. And then (generally) these are one >>> and the same. >>> I personally prefer to keep these different, so the computer password is >>> completely different to my AppleID. (for security reasons). >>> >>> This could be where (if you had ticked) some of the issue could have >>> happened in your last post to the list where you went through with Apple >>> resetting the password. >>> (I probably would have used the Terminal thing as a last resort, as yes it >>> resets Keychain and this makes a whole other issue where passwords stored >>> there are a) lost of b) almost non-retrievable. And even if retrieved via a >>> TimeMachine backup they will be locked away under the “original” password. >>> >>> As Peter has mentioned unfortunately these days everything has to be a lot >>> more secure. The flip side to this would be a lot more hacking of details, >>> a lot more social engineering of personal details and a lot more user data >>> out in the open. So with things like 2-factor authentication, recovery via >>> email of forgotten details, and stronger passwords Apple (and others) are >>> doing as much as they can do to protect personal data. >>> I’d personally prefer it this way, then people having access to my data. I >>> like the security of 2-factor authentication knowing that even if someone >>> got my AppleID password they can’t access it without physical access to my >>> iPhone. (which is also locked, and 10 wrong attempts will just wipe my >>> device). I’d rather know my data is as secure as possible and harder for >>> others to try and get then a lot less security and easier ways to try and >>> get my data. (only have to look at the 4 years that yahoo accounts got >>> hacked for example with no notification to their users). And we see a lot >>> more of these where some companies seem to be a bit less “slack” about some >>> things, and more personal data gets “hacked”. >>> (I know where two of my spams come from as they come to two email address I >>> used for Dropbox and Adobe. So I know those two accounts that get spammed >>> where two email addresses I used where “taken” in a list from both of those >>> companies.). The spam comes addresses to those two email addresses which I >>> then went and closed off and changed. >>> This was another interesting site where I could check which “places” my >>> email address may have been taken from - https://haveibeenpwned.com >>> This came from an article I read ages ago here - >>> https://www.businessinsider.com.au/new-email-scam-uses-old-password-fake-porn-threats-webcam-video-bitcoin-2018-7?r=US&IR=T >>> >>> The downside to all the security obviously is having a lot more (different) >>> passwords. This is where things like Keychain Access, 1Password etc come in >>> very handy to store all the passwords in for me. (even things like the >>> WAMUG mailing list, and the WAMUG committee mailing list I have stored to >>> access so I can look after the behind the scenes things for it. And a lot >>> more passwords linked to different things for even those that need >>> passwords as well). >>> So without having to remember them all, that’s where the above programs >>> become “life savers”. (and I have them stored in 2 different programs >>> should one “fail”). >>> The other I’ve set it up for clients who may not want to use the “written >>> down password” books is to have a locked Excel spreadsheet. Lock it with a >>> main password and give the file a name that doesn’t say “Passwords” (e.g. >>> Wine List, Book List, My Boring Notes file). Then they put all their >>> passwords in that. >>> Others write them down in books obviously as well. Not one I tend to >>> recommend as if someone gets the book they have all the passwords. But it >>> depends on how clients are worried about their data really. Some might not >>> have things they are worried about. >>> >>> But back to your topic,..if you have an AppleID, then you would have an >>> iCloudID - given they are both the same. >>> If you use the above link then you can at least check it and see if it logs >>> you in or not. Then you know at least if you have those details for that >>> AppleID/iCloud. >>> >>> Apologies to others for the long post,..was trying to cover a lot in one >>> email,….lol. >>> >>> Hope all that info helps. >>> Kind regards >>> Daniel >>> >>> Sent from my iPhone XS >>> >>> --- >>> Daniel Kerr >>> MacWizardry >>> >>> Phone: 0414 795 960 >>> Email: <daniel AT macwizardry.com.au> >>> Web: <http://www.macwizardry.com.au> >>> >>> >>> **For everything Apple** >>> >>> NOTE: Any information provided in this email may be my personal opinion and >>> as such should be taken accordingly, and may not be the views of >>> MacWizardry. Any information provided does not offer or warrant any form of >>> warranty or accept liability. It would be appreciated that if any >>> information in this email is to be disseminated, distributed or copied, >>> that permission by the author be requested. >>> >>>> On 3 Dec 2018, at 11:15 am, Pat <[email protected]> wrote: >>>> >>>> Thanks, Peter and Susan, >>>> >>>> One thing I read while I was thrashing around trying to fix things, was >>>> that if you enter a password incorrectly 2 times, you have to (I forget >>>> the exact words) sort it out with Apple (which isn’t easy to do, as you >>>> are only given a limited number of topics that you can choose from.) >>>> >>>> But for now, everything is working reasonably well, but I still haven’t >>>> tackled iCloud. Will do, soon. >>>> >>>> Cheers, >>>> Pat >>>> >>>>> On 3 Dec 2018, at 08:03, Peter Hinchliffe <[email protected]> >>>>> wrote: >>>>> >>>>> >>>>> >>>>>> On 1 Dec 2018, at 11:31 am, Pat <[email protected]> wrote: >>>>>> >>>>>> I have a functioning password to open the computer and other ones to >>>>>> send and receive mail. But I have just discovered that Apple has a >>>>>> clutch of others that I don’t know. I have never voluntarily used >>>>>> iCloud, so as far as I am concerned, it has no password. How do I find >>>>>> out how to find it or create it, because apparently I need it? >>>>>> >>>>>> It looks like I may need other passwords for functions about which I >>>>>> have no idea. Security gone mad. >>>>>> >>>>>> I was just trying to transfer something to one of my external disks. >>>>>> Couldn’t do it by drag and drop without the damn password. The one that >>>>>> opens my computer used to do it, but it was rejected. >>>>>> >>>>>> I hope someone can help. >>>>>> Pat >>>>> >>>>> As frustrating as all this is, it’s an unfortunate reality in today’s >>>>> computing world that you must keep track of your accounts and passwords. >>>>> The only way to avoid this is to turn off all access to the internet, >>>>> which has now become almost impossible. >>>>> >>>>> Whether or not you are using iCloud (and if you use a Mac you probably >>>>> are whether you think so or not) you are actually being asked for the >>>>> password for your Apple ID. Your Apple ID is generally just your regular >>>>> email address. Many people go through the motions of creating an Apple ID >>>>> when they first set up a new Mac or upgrade their OS, then either forget >>>>> about it or don’t realise the significance of what they’ve been asked to >>>>> do. >>>>> >>>>> In any event, if you don’t know what your Apple ID password is, you’ll >>>>> have to reset it. The most direct way to do this is simply to go to >>>>> System Preferences on your Mac and choose iCloud. You will be asked to >>>>> type a password. If you type something and it’s not recognised after 3 >>>>> attempts you will see a link appear which you can click if you “can’t >>>>> remember your password”. If you click that a message will be sent to your >>>>> email address showing you the steps to follow to create a new password. >>>>> >>>>> Kind regards, >>>>> >>>>> Peter Hinchliffe Apwin Computer Services >>>>> FileMaker Pro Solutions Developer >>>>> Perth, Western Australia >>>>> Phone (618) 9332 6482 Mob 0403 046 948 >>>>> -------------------------------------------------------------------- >>>>> Mac because I prefer it -- Windows because I have to. >>>>> >>>>> -- The WA Macintosh User Group Mailing List -- >>>>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >>>>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >>>>> Settings & Unsubscribe - >>>>> <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug> >>>> >>>> -- The WA Macintosh User Group Mailing List -- >>>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >>>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >>>> Settings & Unsubscribe - >>>> <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug> >>> >>> -- The WA Macintosh User Group Mailing List -- >>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >>> Settings & Unsubscribe - >>> <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug> >> >> -- The WA Macintosh User Group Mailing List -- >> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >> Settings & Unsubscribe - >> <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug> > > -- The WA Macintosh User Group Mailing List -- > Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> > Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> > Settings & Unsubscribe - > <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>
-- The WA Macintosh User Group Mailing List -- Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>
