Lock it up

More Stories in this Series

Utility software

Walking the walk

It’s one thing to recommend safe computing habits. It’s entirely another to implement those recommendations. We asked Senior Editor Rob Griffiths to spend a couple of days implementing some of the suggestions in our Lock It Up series.

Physical security

The toughest recommendation for many of us to follow is to not use an admin account every day.

The first problem I ran into when I tried to implement it was that my administrator account owned some folders on the nonadministrator account because I didn’t set up a nonadmin account on my Mac from day one. Switching the folders over to my new non-admin account took a fair bit of time.

As a nonadmin user, I quickly grew accustomed to entering my password in the Authentication dialog box. It showed up whenever I tried to install an application, use Disk Utility to repair permissions, or work with certain System Preferences panes.

The other big hassle with using nonadministrator accounts is Terminal. I’m used to typing

sudo
at the command line before running a command with root privileges—for example, to copy anything out of a system-owned directory. Nonadmin users can’t use
sudo
. I had to use the
login
command to log in to my admin account, run
sudo
, and then log out of the admin account when I was done.

Not sharing user accounts isn’t a problem for me. Every user on every Mac in my house already has his or her own account.

Enabling password prompts is similarly simple enough—I’m surprised that Apple still ships systems with automatic login enabled—but they can be a pain. I walked away from my main Mac for 20 minutes and came back to find myself logged out. Time to enter a password. Similarly, I quickly grew annoyed by having to unlock System Preferences panes with a password every time I wanted to change something.

I’ve been using encrypted disk images for some time now, and they aren’t hard to live with. Sure, you must mount the disk image, which requires a password, before you can use the files on it. But it’s worth it.

As far as physical security goes, I figure that if someone really wanted my Mac Pro, they could easily break my desk to free a cable.

Passwords

I’d never bothered to secure my keychain. Having done so now, I feel much better.

To memorize strong passwords, I use the initials of the words in sentences. For example, “Mary’s brother Tom has a 4-year-old golden retriever that weighs 60 pounds” would yield the strong password “MbTha4yogrtw60p.” That password would be nearly impossible to guess, but the sentence is easy enough to remember.

Online

I tried running my browser without any stored passwords for a day or so—but that’s as much as I could handle. I log in to so many sites from so many machines that I really felt the impact of not having stored user names or passwords. So I went back to storing passwords in my now-secured keychain.

E-mail

Amazingly, I already do pretty much everything Joe suggests: I receive all my e-mail in plain text, I never use Web mail except as an absolute last resort, and my key e-mail accounts have SSL encryption. The only thing I don’t do is send encrypted messages. I probably send one or two a month that should be encrypted, but I’ve never done it. I might feel differently if my job involved sending confidential financial data via e-mail.

[ Senior Editor Rob Griffiths writes the Mac OS X Hints Weblog and runs macosxhints.com. ]

recommended for you

Inside Back to My Mac

Read more »

Subscribe to the Help Desk Newsletter

Comments