Five Things You Should Never Do with Passwords (and Three You Should)

Passwords are the bane of our modern existence. Nearly anything you want to do, it seems, calls for a password. As the Internet’s reach extends beyond computers and into phones, TVs, appliances, and even toys, we have to enter passwords with increasing frequency and in ever more annoying ways.

To make dealing with passwords easier and more secure, everyone should use a password manager like 1Password or LastPass. Such apps generate random long passwords like kD*SSDcCl7^6FN*F, store those passwords securely, and automatically enter them for you when you need to log in to a Web site. They are essential in today’s world.

You’ll still need a few passwords you can remember and type manually—for instance, the master password for your password manager and your Apple ID password. Make sure those passwords are at least 12 characters, and we recommend going to at least 16 characters.

If you’re unsure of the best way to create a strong password, try taking the first letter of each word in a sentence you can remember, and also change a few words to digits. Then “Now is the time for all good men to come to the aid of the party!” becomes a password along the lines of Nitt4agm2c2ta0tp!. So that no eavesdroppers learn your password, avoid saying your sentence out loud whenever you enter it! Or, combine four or five unrelated dictionary words, like correct-horse-battery-staple, that add up to at least 28 characters. (Don’t use the examples in this paragraph!)

When possible, take advantage of two-factor authentication on sites like Apple, Google, Dropbox, Facebook, Twitter, and more. Accounts protected by two-factor authentication essentially require that you enter a second, time-expiring password as part of the login process. You’ll get that second password via text message, authenticator app, or other notification method when you log in.

But what we really want to talk about today is what you should not do with passwords. Follow these tips to avoid making mistakes that can undermine even the security provided by a password manager.

  1. Don’t use the same password twice. This is key, because if the bad guys get your password—no matter how strong—for one site, they’ll try it on other sites.
  2. Don’t share passwords with anyone you don’t trust completely. That’s especially true of passwords to accounts that contain sensitive information or that can be used to impersonate you, like email and social media. However, sometimes you have to share a password, such as to a club blog with multiple authors. In that case…
  3. Don’t send passwords to shared sites via email or text message. If someone hacks into your recipient’s email or steals their phone, the password could be compromised. Instead, use a site like One-Time Secret to share a link that shows the password only once, after which the recipient should put the password into their password manager.
  4. Don’t write your passwords on sticky notes. Yeah, it’s a cliché, but people still do it. Similarly, don’t put all your passwords in a text file on your computer. That’s what password managers are for—if someone steals your computer, they can’t break into your password manager, whereas they could open that text file easily.
  5. Don’t change passwords regularly if you don’t have to. As long as every site has a strong, unique password, changing a password is a waste of time, especially if doing so makes you write down the password or communicate it insecurely. If you do have to update a password regularly, a password manager makes the task much easier.

We realize that it’s tempting to take the easy road and share a password with a friend via email or write a particularly gnarly one on a sticky note. But today’s easy road leads directly to identity theft and is paved with insecure password habits. You might think no one would pay attention to little old you, but times have changed, and organized crime is interested in any Internet account that can be cracked.

How to Deal with macOS Server Losing Many of Its Services

For many years, Apple has sold macOS Server (previously called OS X Server) for those who wanted to run various Unix-based Internet services on a Mac. Server became popular because it put an easy-to-use graphical interface on top of the Unix apps, allowing Mac users to avoid complicated configuration files and reducing the need to work at the command line.

At its peak, Server boasted 24 different Internet services, but since then Apple has pared down what it can do, such that recent versions of macOS Server offer only 13 services. Now, however, Apple has announced that, in a Fall 2018 update, it will be eliminating all but 3 services: Open Directory, Profile Manager, and Xsan storage management.

To prepare for that, Apple has done two things. First, the most popular features of Server—Caching Server, File Sharing Server, and Time Machine Server—are now part of macOS 10.13 High Sierra. Caching Server reduces Internet usage by sharing software distributed by Apple (updates and apps) and iCloud data from one Mac to other Apple devices on a local network. File Sharing Server lets you create a shared folder that multiple Macs can access. And Time Machine Server lets you specify a shared folder as a destination for Time Machine backups from other Macs on the network.

Second, new installations of the current macOS Server 5.6 and 5.6.1 hide quite a few services, including Calendar, Contacts, DHCP, DNS, Mail, Messages, NetInstall, VPN, Websites, and Wiki. If they were configured in a previous version of Server that’s being upgraded, they’ll still be available. For each of the services to be removed, Apple suggests open-source alternatives, but most don’t have Mac-specific interfaces that simplify management.

What to do? If you’re running Server now, nothing needs to change right away, or perhaps even for some time. Nothing Apple does to a future version of Server will affect your existing installation. The only problem is that you won’t get updates that could be important for security, stability, or interoperability. Contact us to see what solutions we recommend for the services you rely on.

That said, if you’re running Caching Server, File Sharing Server, or Time Machine Server now, it might be worth transitioning those to a Mac running High Sierra, though it’s safest to check with us first in case you have a usage scenario that may not transfer cleanly. The first two are easy to turn on and configure in System Preferences > Sharing; just click the checkbox next to their names in the Service list and adjust the settings in the pane to the right.

Time Machine Server is a bit more complicated. To enable it, turn on File Sharing, share a folder (likely on an external drive), and then Control- or right-click the folder from within the Sharing preference pane, choose Advanced Options, and select “Share as a Time Machine backup destination.”

If you’re not currently running Server and are looking to add calendar sharing, a mail server, or an internal wiki, we can’t recommend getting started with Server. It’s not a relationship that will end well, and we can recommend more capable alternatives. Even if you’re just looking for a way of distributing settings to Macs and iOS devices in your organization, Server’s Profile Manager often isn’t the best choice. So again, get in touch and let us know what you’re trying to achieve and we can both make recommendations and help with setup and maintenance.

Here’s the Fastest Way to Set Up a New iPhone

When you’re unboxing a new iPhone, it’s time to think about how you’ll move your digital life from your old iPhone to the new one. If your old iPhone is running iOS 11, you can use Quick Start, a new iOS 11 feature that makes the transfer easy. Just turn on the new iPhone, set it next to the old one, and tap Continue when asked whether you want to use your Apple ID to set up your new iPhone. An animation appears on the new iPhone for you to scan with the old iPhone—once you’ve done that, follow the rest of the instructions to enable Touch ID or Face ID and then restore your data and settings from your most recent iCloud backup (you can update the backup first if necessary). Leave the two iPhones next to each other while data is being transferred, and if possible, keep the new one plugged in and on Wi-Fi after setup so it can download your apps, photos, and music from Apple’s cloud-based services.

Did You Know that Apple Pay Updates Your Credit Card Details Automatically?

File this as reason number 17 why Apple Pay is better than plastic. Let’s say your credit card expires and your bank sends you a new card with a revised expiration date. Or perhaps your bank replaces your card with one that has a new number. Either way, most credit card issuers automatically update the credit card expiration date and number in Apple Pay so you don’t have to make those changes yourself. (If your bank doesn’t do this, you’ll have to remove the old card and add the new one.) However, if you move or change your billing address, you’ll need to update that info yourself: in iOS, go to Settings > Wallet & Apple Pay; in macOS on a MacBook Pro with Touch ID, go to System Preferences > Wallet & Apple Pay.

Follow This Quick Tip to Put Calendar Events in the Right Place

Apple’s Calendar apps in both macOS and iOS let you manage multiple calendars, some of which may be private and others may be shared with family or colleagues. That’s great, but if you create a new event on the wrong calendar, you may end up oversharing with colleagues (who don’t need to know about your colonoscopy) or undersharing with your spouse (who does need to know about the soccer carpool). To reduce the chances of this happening, set the most appropriate calendar as your default. In macOS, you do this in the Calendar app, in Calendar > Preferences > General > Default Calendar. In iOS, set it in Settings > Calendar > Default Calendar.