Check out the rest of the videos in this special course: The Practical Guide To Mac Security.
Learn how to use strong passwords to protect your online accounts and your Mac.
You can also watch this video at YouTube (but with ads).
Video transcript available soon.
It's "data breach" isn't it? "Breech" usually refers to your pants.
Constance: Yes. I realized the typo too late to fix it.
With regard to brute force attacks, why do target sites allow possibly millions of failed attempts? Or to put it another way, how are attackers able to avoid attempts to thwart brute force attacks.
Larry: First, the attempts come over time from many different bots. So it isn't rapid attacks from one single bot. Second, they don't care which accounts they get. So it is just as good to try one attack on a million separate accounts than to try a million attacks on one account. They just want X compromised accounts each day to use or sell. Use a weak password and no two-factor and you'll eventually be one of the ones they crack.
Using Safari built-in password manager is fine, but you still need a very strong password to get into your Mac and protect all your passwords. Any recommendations here? Always seems like the weak link.
Roger: You can always use Keychain Access (an app on your Mac) and choose File, New Password to create a password. Click the little key button to bring up the Password Assistant to generate a password there. Then just copy and paste it.
Brute Force password attacks could be greatly reduced by website hosts using the "3 strikes and you're out" rule, i.e., after 3 unsuccessful logon attempts lock the account for 24 hours.
No one would try 3 attempts, wait 24 hours, try 3 more attempts, wait 24 hours, try 3 more ........
Is it possible for an attack to hack the Safari built-in password manager?
Sherry: they would need physical access to your device and your password to unlock it, or the password and two-factor code to do via iCloud. Extremely difficult, vs how easy it is to get into your accounts if you don’t use strong passwords.
Tony: Keep a few things in mind. They attack using botnets. So they try from one location, then another try from another location. Repeat. They also don’t care about YOU. They just want X number of broken accounts. So a million tries vs your account or a million tries vs a million accounts it is the same to them. If your accounts locked you out after 3 failed attempts, then you would always be locked out as bots tried to get in.
We would like to use safari keychain password but we spent 6 months away in vacation home. We have another IMac there for use. Would that create a problem since we won’t have access to our primary Mac.
A. J.: If you use iCloud then your passwords would appear on both computers as long as you have accounts on those computers using the same iCloud accounts.
Can Emoji symbols be used in creating a password
Danny: I don't think I have ever seen a service that accepts extended character sets like Emoji as passwords.