Filed under: OS, Tips and tricks, Security
Secure your Mac: strong passwords
It is a sad fact of life that your Mac is only as secure as your password is strong. A good password is complex enough to thwart both idle hands ('I wonder if Scott is as dumb as he looks. I bet his password is 12345. Let me try it and find out') and dastardly hackers out to steal your personal information ('Ah, some fool has left his Mac unattended, let me try some brute force dictionary attacks in hopes that I will gain entrance into his digital domain and clear out his bank account AND delete all his iPhoto pictures'). Sadly, passwords that make security conscious paranoid freaks like myself happy are both difficult to remember and to type (it is all part of their charm). Luckily, Apple has included a small utility that can help you find a password both complex and memorable.Read on to learn how.
The Password Assistant (pictured above) is available when OS X prompts you for a password in Accounts or when you manually create a new Password item in the Keychain. Simply click on the lock and the Password Assistant springs into action offering up some secure passwords for you like so:
You have a few options with Password Assistant:
- The type of password you are going to create. Password Assistant offers:
- Manual - This allows you to manually enter a password of your choice, which is great to see how good (or how bad) your current passwords are.
- Memorable - Creates a password composed of a mix of words and random characters that is both easy to remember and secure.
- Letters & Numbers - Creates a password with no punctuation marks in the mix.
- Numbers Only - Good if you want a password with only numbers in it.
- Random - Completely random password, which will be tough to remember but very tough to crack.
- FIPS-181 compliant - Creates a password that complies with Government standards regarding password creation (you can read about it here).
- Once you decide on what type of password you want, you need to choose the length. Recent versions of OS X support password lengths of 8 to 31 characters (read this KB article for older versions of OS X). I'm hoping that Leopard will bring support for passphrases, but until that happens we'll have to suffer with the system limitations.
Once you have decided on the options, a password is generated for you (unless, of course, you picked 'Manual,' in which case you will have entered your password by hand). Password Assistant also rates the Quality of the password with a simple meter (filling it all the way to the top with green means you have a very good password) which is quite helpful when deciding on which password to use. Be sure to note that if you aren't thrilled with the password that is offered up you can click on the arrow and find a few alternatives, and get even more suggestions should none of those tickle your fancy.There you have it, a quick and relatively painless way to create a secure and memorable password. Because let's face it, if you can't remember your super complex password it won't do you a lick of good.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Ian Smith said 3:20PM on 9-19-2007
My password is in 1337. I despise it, but I don't know of anyone who can crack a 16 character (including capitals, symbols, numbers) password like mine. Plus it's very easy to remember. It's a pain typing it on anything though, besides my very very smooth MBPro keyboard.
Reply
President Skroob said 3:27PM on 9-19-2007
1 2 3 4 5? That's amazing! I've got the same combination on my luggage!
Reply
paul said 3:36PM on 9-19-2007
I've been using passphrases for over a year on my mac - never a problem and far stronger than even complex passwords. Length matters more than complexity.
Reply
Leonard Nimrod said 3:39PM on 9-19-2007
And Command-S at startup has no protection because?
Reply
blah said 3:41PM on 9-19-2007
i have a phrase that's in italian, german and english, and includes the esszett (ß), u with umlaut (ü) and i with grave (ì). the average computer user wouldn't be able to crack my account if i gave them my password.
Reply
el-flojo said 3:44PM on 9-19-2007
A friend of mine has 60(!) character password on all of his machines. One day he had the cops taking his machines away to investigate them... To put a long story short: they're trying to get in for almost 3 years now. Suckers! :-)
Reply
Dark Helmet said 3:49PM on 9-19-2007
So the combination is 1-2-3-4-5? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
Reply
serenity said 3:51PM on 9-19-2007
Great post! I noticed this lil' gem a few months ago when I created an additional user. Definately a good tool to secure passwords that don't look like SDfb#wqRht%&/23rA€#%d. ;)
Reply
Ian said 3:56PM on 9-19-2007
always good to have a password with a rythm - when you get used to typing it - it will also sound right on the keyboard
Reply
Luigi193 said 4:24PM on 9-19-2007
LOL @ DARK HEMLET!!!!!!
Gotta love a spaceballs quote!
Reply
Joe said 4:24PM on 9-19-2007
Is there a way to pull up this password assistant on its own? It would come in handy for web sites (or the crappy Novell mail client I use at work).
Reply
Luigi193 said 4:27PM on 9-19-2007
O and password is of the "non-existent" category...
Reply
conigs said 4:55PM on 9-19-2007
@11 (Joe):
http://www.codepoetry.net/products/passwordassistant
Simple app to bring up the assistant on its own.
Reply
me said 4:56PM on 9-19-2007
Joe, there is a way to pull this up on its own. Go under Applications/Utilities/Keychain Access and at the bottom of the window, click on the +. Then click on the key to the right of the passwords box and there it is.
Reply
mare said 10:18PM on 9-19-2007
It takes 1 minute to reset a password in Mac OS X.
So having a superstrong password is overkill. Setting a superstrong KeyChain password (and not automatically unlocking it when you log in) might be more useful.
Reply
pauLee said 5:37AM on 9-20-2007
@mare
"It takes 1 minute to reset a password in Mac OS X."
Can you explain?
Reply
MajorMauser said 5:49AM on 9-20-2007
Throughout the whole article you do not mention the one utility that is the ultimate password program 1passwd? Seems to implement everything you are talking about.... and it remembers it for you,
Reply
Joan said 12:09PM on 9-20-2007
A friend of mine a few years back used a violin fingering pattern to type his laptop password. After years of using it, even *he* didn't know his password, despite using it regularly!
Reply
mare said 8:08PM on 9-20-2007
@ pauLee
Here's one way to reset your password, another way involves removing RAM, restarting, zapping PRAM 3 times, and rebooting again.
Reply
Michael said 11:52PM on 9-20-2007
The awesome Steve Gibson has written an amazing Ultra High Security Password Generator. https://www.grc.com/passwords.htm
He can be heard on the TWIT network doing some really good weekly Security Now Netcasts.
Reply