Filed under: Security
Mac Cheat Sheet
Remember the first rule of computer security? Not writing down all the important stuff like passwords and account names in one place? Kind of fundamental, right? Well, it looks like Apple has just about had it with people being unable to remember basic information like passwords and account names when working with them to provide support for their computers. They've created what they call a Mac "cheat sheet" with the intention that you--or more likely a mac-savvy relative or coworker--write down all these basic facts and then you carefully store the sheet away.
Unless you're the sort of person who wouldn't remember this information in the first place. So you'd probably keep the sheet on-hand, right?
Admittedly, the form contains all the information that could really help a service tech: which OS you're using, the amount of memory in your computer, and the kind of processor. But it also details your user account password, up to three keychain passwords, a password for your ISP, passwords for your email account, your work account, and so forth. This is offset by six light gray repetitions of the phrase "don't forget to hide me", which I guess immunizes Apple from losses due to security breaches.
So bottom line? The cheat sheet is a well-intentioned idea that, when used as intended, could really help during service calls, but when used in its most likely scenario will introduce unacceptable security risks.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
saitothesniper said 8:40AM on 5-13-2007
except if a determined thief already has physical access to your machine, it's too late for any password info to matter.
target disk mode makes access so easy, you don't even have to remove the hdd.
Reply
Adrian said 1:27PM on 3-02-2007
Not writing down your passwords has gotten a bit dated nowadays. Security experts have realized that by forbidding people to write down their passwords, they just end up using simple ones and the same password over and over again.
Current threats are not comming from the offline world where some password written on a paper could mean a serious threat.
Especially regular users don't have much sensitive data to protect, that couldn't be found elsewhere in their home anyway.
The threat for those users (and those who this cheat sheet is aimed for) comes from the internet. In this case, strong and different passwords are far more important than the user not writing it down somewhere.
Reply
Rod said 1:50PM on 3-02-2007
Even security expert Bruce Schneier suggests that it's better that users have good passwords and keep them written down on a piece of paper in their wallet versus simple easy to remember (and guess) passwords.
Reply
Stephen said 2:13PM on 3-02-2007
Hmm.. While I do recommend writing down passwords to _everyone_ who I help with their computer, I'd recommend a more secure place than a wallet as the average use really does have some high security needs with online banking and all that. I generally suggest that a paper such as the cheat sheet be stored somewhere from which it could easily be retrieved if one knows where it is, but not somewhere easily found, such as the back of a TV or even in a pillowcase. I also suggest that it be moved around periodically just-in-case... I've had mine hidden in a linen closet, on the back of my dryer -- Literally anywhere random and unpredictability is key.
Reply
DrWho said 4:52PM on 3-02-2007
Thats all well and good so long as you can remember where you hid the sheet.
I hide mine and carry a piece of paper in my wallet reminding me where I hid it.
Reply
Joel Fugazzotto said 7:14PM on 3-02-2007
I think having an offline storage "device" for passwords and other sensitive data is a good idea. I ended up getting a Password Directory (http://www.passworddirectory.com) to organaize the vast number of passwords and logins I have to remember these days.
Reply
Dimitri said 8:42PM on 3-02-2007
The "don’t forget to hide me" at the bottom of the page is priceless.
Reply
consumer_q said 6:44PM on 3-03-2007
I use this, but only to keep track of the information for others' computers. That is, I am the Family Tech person for my family, so keeping this info together helps when I need to troubleshoot over the phone/email. I store the information in a folder on an encrypted disk image.
Reply
Ed said 3:25PM on 3-04-2007
I help many people with their computers, many are beginners, and they all write down their passwords, or use very easy to guess ones. I don't think this will cause any real security issues - you'd need to break into the house to get the slip of paper anyway...
Reply
Michael said 11:04PM on 3-05-2007
Are you frickin' serious? This cheat sheet has been around forever. 2004 or earlier?
*sigh*
Reply