The Practical Guide To Mac Security: Part 3, Password Managers

Check out the rest of the videos in this special course: The Practical Guide To Mac Security.


Learn how to use Safari's Password Manager to general strong passwords, store them and use them later.

Comments: 29 Responses to “The Practical Guide To Mac Security: Part 3, Password Managers”

    Guy
    3 years ago

    Hi Gary,
    Just watched your Security Course part 3. Although I am a 1Password user I am still very interested in following along and finding out how everything works. One item on this course that I couldn't follow along with was when you chose the Passwords icon within System preferences, I don't have this icon. I have a new MacBook Air and am up-to-date on MacOS. Is there something I am missing? Hope you can help me. Thanks.

    3 years ago

    Guy: "Now starting with MACOS MONTEREY there is also the ability to access your password outside of Safari in System Preferences."

    Deborah Miller
    3 years ago

    Presently Apple does not allow sharing of their system generated passwords. Do you know if they are considering changing this where one could select certain passwords to share with their family members, i.e., for example, one’s financial institution, etc.

    3 years ago

    Deborah: if at all possible you should have separate logins. I know we can do that for all my banks and credit cards. But if you need to share a password you can. For instance on an iPhone you can clog to Settings, Passwords, select the password and use the Share button. For instance you can use it to send a password to a family member when they are trying to log into a streaming service. Then they can save the password in their iCloud account to use later.

    Paul Tudor-Williams
    3 years ago

    Responding to Guy:
    I don't see it either, you need to go into your Apple ID at the top of System Preferences window and then to Passwords & Security.

    Paul T-W
    3 years ago

    Responding to Guy:
    Oops, answered the wrong question.

    3 years ago

    Paul: This is a feature of Monterey. I mention that.

    Bert Mullemeister
    3 years ago

    Hi Gary, great videos . Question : If I opt for a suggested password will that also apply for my iPhone and iPad ?

    3 years ago

    Bert: Yes, via iCloud. Make sure you have Keychain turned on in iCloud settings for all devices.

    Kathy
    3 years ago

    Hi Gary, when using Keychain the only place I see to put notes (ie. Answers to Security Questions, Secret Keys, etc.) is in the Comments section . . . but unlike the Password, where you have to enter your initial password in order for it to show up, the comments always show up . . . not secure. Any other place in Keychain I can enter that information to keep it hidden & safe?
    Thank you.

    3 years ago

    Kathy: What's wrong with them showing up? Only you have access to them since your Mac is locked with your password. You can use Secure Notes for this too (through the Keychain Access app).

    Alex
    3 years ago

    Many sites I have an account on now have options to log in with Apple or Google. My understanding is that by sighing in with Apple, my email is not sent to the site. If I already have an account, and I opt to sign in with Apple, am I creating a new account without access to the content of my old account (e.g., wishlists and order history). Can I start using Apple to sign in and still access my "old" account? TIA.

    3 years ago

    Alex: That would be up to site, whether they would offer a way to merge accounts or change an account in such a way. Really no advantage to it for you if you already have account set up. I would imagine few, if any, sites offer this.

    Nanci
    3 years ago

    So will keychain passwords work if I am using Duck Duck Go as my browser or do I need a third party manager?

    3 years ago

    Nanci: If you want to use a third-party browser then a third-party password manager is your best bet, But make sure it has an extension/plugin for that browser.

    Hubert
    3 years ago

    Hi Gary. Excellent security initiative. I use BigSur 11.5.1. No Password icon in system preferences but I can wait till Monterey comes on. I have 2 questions: Q1: I sometimes use Firefox and sometimes Safari. I guess I can only work with one default browser to rely in generated passwords? Q2: There are still websites which don’t allow more than say 6 digits (even a bank I bank with!!!) or which don’t allow certain characters in their passwords. I guess a password manager cannot be used then?

    3 years ago

    Hubert: Passwords in System Preferences is for macOS Monterey (In the video I say "Now starting with macOS Monterey there is also the ability to access your password outside of Safari in System Preferences"). If you use a third-party password Manager like 1Password or LastPass you can install extensions for all browsers. So you can then use Safari and Firefox both very easily. If a website is still doing that today in 2021, you can just edit the password to remove some characters.

    Hubert
    3 years ago

    Hi Gary. I had a look at Bitwarden. No fee. They do indeed ask for a Master password but for this you can alos use the password generator. Do you recommend to use tjis procedure (and record the master password somewhere safe) of is it better to creat one oneself?

    3 years ago

    Hubert: Use a generator to create a master password, but make sure it is something you can easily type. Still random and unique though. Yes, write it down and store it somewhere safe, though you will quickly memorize it.

    Gene
    3 years ago

    In follow up to Kathy's question above, where ARE the secure notes or places to keep things you want to be secure. I have no problem with them being displayed but I do not see how to get to the notes create/edit place. Thanks

    3 years ago

    Gene: You can use the Keychain Access app to store those (File, New Secure Note) or store them somewhere else like in the Notes app (locked notes).

    Janice
    3 years ago

    In updating my safari passwords to a stronger password, I've often come across websites (usually old, long ago accessed websites) where it's no longer possible to log-in. Therefore am unable to update the password and/or delete my account. Some of these sites have even been flagged with the Safari Passwords warning symbol! If I can't get in, should I assume no-one else can either and therefore I can simply delete these accounts from my Safari Preferences Password list?

    3 years ago

    Janice: Depends on what you mean by "no longer possible to log-in." Is the site closed? Or not working? Or is it just not accepting your password? If the latter, just use their password reset function.

    Janice
    3 years ago

    Further to my earlier inquiry, These are website accounts which were originally set up with an ID & password and I haven’t accessed these accounts for a number of years. These sites are stored in my Safari Preferences Password data bank, some flagged with “caution” (easily guessed password, duplicate password or implicated in a data breach). However I’m unable to sign into these websites to update with a more secure password using the original ID and password when I first created the account.

    3 years ago

    Janice: Then just use the site's "reset password" function to set a new password. Usually they email you a link to click to confirm it is you. Every site does it a little differently.

    Janice
    3 years ago

    So if the password reset request is not recognized, shall I assume that the website is no longer active or that the original data given to them is now protected from security breaches? ie: if I can’t get in so no one else can either …

    3 years ago

    Janice: What do you mean by "not recognized?" If you don't need the site anymore, and you aren't use that same password anywhere, then just forget about it.

    Fred Balfour
    3 years ago

    Safari-generated passwords do not contains “symbols” other than a hyphen in the approximately two dozen passwords that I’ve asked Safari to generate. Doesn’t that mean that the generated passwords are no stronger than upper case, lowercase and numbers with one extra character? Perhaps a 20-character password without symbols other than hyphen is strong enough?

    3 years ago

    Fred: Adding a few extra characters would make it slightly stronger, but these are strong enough. They probably avoid symbols because some sites won't allow them and they vary across the world.

Comments Closed.