Password Management For Mac Owners

The first line of defense in any security system is users' passwords -- if those get compromised, it barely matters what other measures you may have in place. A new book outlines best practices that Mac-using SMBs can adopt and adapt to strengthen their company ramparts.These days, it seems like every time you turn around, you need to supply a password. Various websites, your company file server, various e-mail accounts, the office WiFi network...it's easy to find yourself in dozens if not hundreds of situations every week in which you need to protect yourself with a password and then remember it. Lots of users simply come up with three or four easy-to-remember passwords they use for everything, but that's not really a good solution. For one, "easy to remember" often means "easy to guess;" for another, it's sort of the equivalent of having only three keys that open all your locks. If one gets compromised, a thief has access to all the data it guards.

A new book, Take Control of Passwords in Mac OS X (Second Edition) can help deal with the daunting task. Author Joe Kissel walks the reader through the different kinds of passwords you need, offers a few strategies for coming up with secure but memorable ones, and recommends some password management software that can help with both password creation and management. (He and I agree that 1Password from Agile Web Solutions is "the best, most capable, and most flexible password utility on the Mac.")

Take Control of Passwords takes a sensible approach to the dangers of insecure passwords: it doesn't try to scare but rather tries to get you make a clear-eyed assessment of your security needs. Kissel leads the reader through a way to assess risk and match it with an appropriate level of paranoia, but ultimately, he says, it's up to you.

The book is written for individual Mac users, but Kissel was willing to expand on its business implications in an interview. In an office situation, for example, everybody needs a password for the WiFi network, and the easiest (sometimes only) solution is to let everybody use the same one. If someone leaves the company, though, you need to change that single password and get everybody using the new one.

Kissel pointed out that Mac OS X Server incorporates a Remote Access Dial-In User Server (RADIUS) that enables the network administrator to give each person a different password. "If you have the resources to implement this," he said, "it can dramatically improve your password situation."

But for smaller shops without such a server, Kissel said, "my minimum advice is to choose a long, complex, difficult-to-guess password." That seemed obvious, until he went on to talk about the chain of security. "A powerful password is useless if protected by a weak one," he said. OS X stores passwords in users' Keychains. If the stored passwords are powerful, but the Keychain password on each user's machine is weak, it's a bit like locking your deadbolt but leaving the key under the mat. Dealing with that issue is a matter of educating the entire staff to be aware of the need for strong passwords all the way down the chain.

There's lots more in the book, which is written in an accessible, clear style. (The introduction reproduced on the publisher's page will give you a taste.) It's a book that someone in every Mac-based office should read, even if it's just for the explanation of what makes a password secure and Kissel's recommended strategies for coming up with them.

The e-book (PDF) version costs $10.00, while a printed version is $20.99. Both come with a 20 percent off coupon for 1Password, which is almost worth the price of the e-book itself. And keep an eye out for Kissel's Mac Security Bible, which will be published in January by Wiley (and can be preordered at Amazon now).