Fix password glitches

Is password overload getting to you? With banks, e-commerce sites, and discussion forums—not to mention Mac OS X—all requiring logins and passwords, it’s becoming increasingly difficult to keep a handle on everything. Of course, as the number of passwords you use increases, so does the possibility that something will go wrong. From misbehaving keychains to simple forgetfulness, password problems can cause untold grief. Here are six common glitches and how to overcome them.

1. Corrupt Keychain

Problem: I keep getting prompts to enter my password, even though I know it’s in my keychain.

Solution: Mac OS X’s Keychain provides a handy way to store user names and passwords for servers, Web sites, and other resources. Usually it works invisibly in the background. How-ever, if the keychain file becomes damaged, you may not be able to save new passwords, or an application such as Apple’s Mail or iChat might ask you to enter a password you’ve already stored. A corrupted keychain can even cause applications to crash.

If you suspect that you have a damaged keychain, open the Key-chain Access application (/Application/Utilities/) and choose Keychain Access: Keychain First Aid. In the box that appears, enter your login password and select either the Verify option, which merely checks the keychain, or Repair, which checks for and fixes errors. Click on Start. Keychain First Aid reports any errors that it finds and repairs.

2. The Same-Password Blues

Problem: I know it’s safer not to keep using the same password. But it’s hard to come up with new passwords all the time.

Solution: Although many people reuse the same password for various purposes, it’s more secure to make each password unique. You don’t have to exert mental energy on this job—your Mac can come up with ideas for you. It can also give you tips for improving passwords you already have.

Mac OS X includes a password-generator tool called Password Assistant, but you can access it only at certain times—for example, when you’re setting up a new account in System Preferences or creating a new keychain in Keychain Access. (You’ll see a key icon next to the field where you’re supposed to enter a password. Click on this icon to access the tool.) Take full advantage of this tool’s powers by using codepoetry’s free Password Assistant, which lets you access Password Assistant as a stand-alone program. The codepoetry application works only with OS X 10.4 (Tiger). If you haven’t upgraded, try David Kreindler’s free RPG, which works similarly and runs on Mac OS X 10.3 (Panther).

Password Assistant lets you set the password’s length via a slider and adjust its complexity via the Type pop-up menu (see “Choose Secure Passwords”). For example, choose Letters & Numbers; Memorable, which mixes common words with numbers and punctuation; or Random, which includes letters, numbers, and special characters. If you don’t like the first suggestion, pick another from the Suggestion pull-down menu. Or generate another set by changing a setting or selecting More Suggestions from the Suggestion menu.

You can also use Password Assistant to test your own passwords. Type one in the Password field. The tool rates the password’s quality and gives you tips for improving it.

3. Autofill Won’t Fill

Problem: My Web browser is supposed to autofill my passwords, but sometimes it refuses to comply.

Solution: Apple Safari, Mozilla Firefox, and most other popular browsers can remember user names and passwords for Web forms and fill them in at your command. To turn this feature on in Safari, choose Safari: Preferences and select User Names And Passwords under AutoFill. In Firefox, go to Firefox: Preferences, click on Security, and enable the Remember Passwords For Sites option.

However, autofill doesn’t always do the job. For example, as a security measure, some sites block autocompletion of certain fields. Also, if you have multiple user names and passwords for a particular site, your browser can’t tell which one to use.

You can solve such problems with a third-party password utility. My favorite is Agile Web Solutions’ $30 1Passwd, which uses Apple’s Keychain for storage, but provides plug-ins for most popular browsers (like Safari, Firefox, the Omni Group’s OmniWeb, and Mozilla’s Camino). Once you enter a Web password, the application remembers it for every supported browser. It also adds a menu to each browser’s toolbar (see “Manage Browser Passwords”). This includes commands for generating new passwords, as well as options that let you choose from multiple user name and password sets for a single site. If your browser’s autofill isn’t working for you, 1Passwd is definitely worth a shot.

4. Master Password Mind Block

Problem: I entered a Master Password when I set up FileVault, but I’ve since forgotten it.

Solution: Introduced in OS X 10.3, FileVault provides a way to encrypt your entire user folder. When you first configure FileVault in the Security preference pane, you’re prompted to enter a Master Password. This password allows you to access the encrypted files even if you forget your login password (though if you forget both passwords, there’s no way to recover the files).

In order to change your Master Password in the Security preference pane, you must enter the original password. So if you’ve forgotten it, you’ll have to delete the FileVault keychain. First, if FileVault is currently on, disable it (go to the Security preference pane and click on Turn Off FileVault). Locate the two files in /Library/Keychains (the root-level Library folder, not the one in your user folder) that begin with the words FileVaultMaster, and drag them to the Trash. (You’ll have to enter an administrator password.) Note that if you delete this keychain—and you’ve forgotten the login password of the FileVault-protected account—you will not be able to access encrypted files by setting up a new Master Password.

5. Admin Absentmindedness

Problem: I’ve forgotten my Mac’s administrator password.

Solution: If you can’t remember your administrator password—or you don’t know it because you’ve recently purchased or inherited someone else’s machine—you’ll have to reset it. There are a couple of ways to reset an administrator password:

Ask Another Administrator If your Mac has a second administrator account, open the Accounts preference pane. Click on the lock icon at the bottom and have that person enter his or her administrator name and password. Select the user with the forgotten password and click on Reset Password to choose a new one.

Use an Installation Disc Insert your OS X installer disc. To restart from it, hold down the C key while you reboot your Mac. Choose a language as requested, and then go to Utilities: Reset Password. Select your main disk and choose your user name from the pop-up menu. Enter and verify a new password, then click on Save. Quit the Reset Password utility, and then quit the installer and click on Restart to boot up from your hard disk.

If you previously set your keychain password to match your administrator password, the keychain probably won’t unlock automatically when you log in (since it still uses your old password). So just delete it and create a new one.

Launch Keychain Access. To delete a keychain, make sure the keychain list is showing in the upper left corner of the window; if it isn’t, click on the Show Keychains button at the bottom. Select the keychain you want to delete and choose File: Delete Keychain keychain name. Select File: New Keychain, choose a name, enter a password, and click on Create. In the list, select the keychain you’ve just created, and choose File: Make Keychain keychain name Default. Whenever you store a new password, Mac OS X will automatically add it to your default keychain.

Note that just as you can reset your administrator password, so can anyone else with physical access to your Mac and an installer disc. To minimize your risks, take extra security precautions such as making your keychain password different from your login password and storing sensitive files in an encrypted disk image. Get more details.

6. AirPort No-Go

Problem: I can’t remember the passwords for my network or AirPort base station.

Solution: If you use an AirPort base station (or a third-party wireless router), you potentially have two passwords to worry about: the wireless network password, which your computer needs to get online, and the base station password, which protects the base station against modification by unauthorized parties. You don’t have to set either password, but it’s a good idea to do so.

Most people store their wireless network password in their keychain so OS X can enter it automatically. But if you switch computers or want to grant a friend access to your network, you’ll need to know that password. To find it, open Keychain Access and type the first few letters of your network’s name into the Search field. Double-click on the match with the word login (or your user name) listed in the Keychain column. In the box that appears, select the Show Password option, enter your keychain password, and click on Allow Once or Always Allow to display the password.

If your network’s password isn’t there, you’ll need to select a new one in AirPort Admin Utility (or AirPort Utility, if you have the new 802.11n base station). That, in turn, requires that you either know the base station’s password (if it has one) or have it stored in your keychain.

To change the wireless network password on older base stations, open Air-Port Admin Utility (/Applications/Util-ities) and double-click on the base station’s name. In the AirPort tab, click on Change Wireless Security. Type a new password and click on OK and then on Update. For 802.11n AirPort Extreme Base Stations, open AirPort Utility, select the base station’s name, and choose Base Station: Manual Setup. Click on the AirPort icon, and then select the Wireless tab. Enter and verify a new password, choose an encryption method from the Wireless Security pop-up menu, and click on Update.

What if you’ve forgotten the base station’s password too? Then it’s time to reset it. Instructions vary by base station, so go to Apple’s AirPort Support page and do a search for Reset AirPort to find your model.

What makes a password secure?

When creating new passwords, most people know they should avoid using their pet’s or spouse’s name and should include a mix of capital and lowercase letters, numbers, and special characters. But just how long and complex does a password really need to be? Here are some rules of thumb:

Low-Security Passwords If you’re creating a password simply to identify yourself, and little is at stake if it’s compromised (for example, on a Web site’s discussion forum), choose a memorable pattern with eight or nine characters. Include one or more non-alphanumeric characters (for example,

oak7*fid
).

High-Security Passwords If you’re protecting bank accounts or personal records, it pays to be safe. Choose a random password or a memorable, word-based one. If you choose a random password, use a mix of 10 or 11 letters (capital and lowercase) and numbers (for instance,

I5oqMqQk8xn
). If you include punctuation, 9 or 10 characters are adequate (such as
@wF?FHbZl
). For memorable passwords, use at least 17 characters, including letters, numbers, and punctuation (as in acme13-shortbread).

[ Joe Kissell is the senior editor of TidBits and the author of the e-book Take Control of Passwords in Mac OS X (Take Control Books, 2006). ]

Choose Secure Passwords: Apple’s Password Assistant makes it easy to choose memorable yet secure passwords.Manage Browser Passwords: 1Passwd adds a pop-up menu to most browsers, so you can quickly generate passwords or fill in forms.

Subscribe to the Help Desk Newsletter

Comments