Rosenzweig - The Practical Guide to Mac Security: How to avoid malware, keep your online accounts safe, and protect yourself from other disasters.

The MacMost Guide to Mac Security

by Gary Rosenzweig

First Edition, May 2015

For Uses With: Mac OS X 10.10 Yosemite

Copyright 2015 Gary Rosenzweig. All Rights Reserved.

Introduction

What do you think of when you hear computer security? Do you think about viruses that could infect your computer? Do you think about someone breaking into your Facebook, Gmail or eBay account? Do you think about losing all of your files and photos if you lose your computer or its hard drive crashes?

Securing your Mac means protecting against these dangers and more. But the steps many people take to protect themselves are often ineffective. Installing antivirus software or using what people consider good passwords are well-intentioned steps, but they fall short of providing real security.

In this book, Ill review the different types of security threats that you face as a Mac user and as an Internet user. For each, well look at how to best protect yourself.

This book is a guide for the practical Mac user. It is not a book on how to keep yourself 100 percent secure in every way. The only way to do that is to stay offline completely and never leave the house.

If you wish to make your Mac and your entire digital life completely secure in every sense, this is not the book for you. This is a guide for those who want to use their Mac to connect to the world. This is for those who want to buy things online, share over social media and travel with their Mac while maintaining a decent level of security.

Ill show you common sense techniques for staying safe online. The idea is not to build a wall around you, but to learn how to look out for problems and avoid common security pitfalls.

Im going to give you honest advice. Youll learn my personal approach to protecting myself, and Ill share what I recommend to friends and family. Sometimes this advice will go against what you have heard elsewhere. I dont have any agenda except to be straightforward and to teach what I practice.

Even if you dont follow every piece of advice I give you, I hope that this book makes your computing life a little more secure and safe.

About the Author

Gary Rosenzweig is the host and producer of MacMost.com, a website dedicated to helping people get the most from their Macs and other Apple products. Gary has been writing about computers and technology for 19 years. His books include the best-selling My iPad series (2010-present) and the MacMost Guide to Switching to the Mac (2009). He has created more than 1,000 free video tutorials for MacMost.com. He also creates iOS and web-based games and apps.

Garys first computer was a TRS-80 Model III in 1982. His first Apple product was an Apple IIe in 1986. He has a bachelors degree in computer science from Drexel University and a masters degree in journalism from the University of North Carolina.

You can follow Gary at MacMost.com, on Twitter @rosenz and on Facebook at http://facebook.com/macmost.You can email him at questions@macmost.com.

1. Online Password Security

Where are you most vulnerable? Are you worried about computer viruses? Are you worried about hackers listening in on your conversations? Are you worried about your money being stolen or purchases being charged to your credit card?

These are all legitimate concerns. But the chances of them happening to you are far less than something else, something very simple.

It is easy for someone to break into your online accounts by guessing your password.

Improving Your Passwords

So you think you have a password that can't be guessed? Take this simple test to determine the strength of your password:

Is the password something you thought up?

If your answer is "yes" then you have a weak password that can easily be guessed. It is probably just a matter of time before your online account is compromised.

Let's take a look at what comprises a weak password and the dangers associated with them. Then, we'll learn about strong passwords and how to create one. We'll also look at more ways to improve your online security using techniques like two-step authentication.

Avoid Weak Passwords

Ever wonder how celebrity accounts are hacked, revealing their personal correspondence and candid pictures? It doesnt usually involve covert operations or expert black hat hackers. Someone just guessed their password.

With celebrities, it is easy. Someone tries to log in to their Facebook or Twitter account using well-known informationthe name of their dog or child, or a favorite catchphraseto guess their password.As a non-celebrity, you may think you are safe from this. But that is not the case. A malicious hacker doesnt need to know anything about you to guess a weak password .

What is a weak password? Anything that can be guessed.

Dictionary words are the most common weak passwords. But names, patterns (like dates) and misspellings of dictionary words are also weak. Think you are clever by using a zero instead of the letter O or a 3 instead of the letter E? Those are still weak passwords.

You see, malicious hackers will use networks of thousands of compromised computers to try to log into millions of accounts per day. They will use real email addresses and then try to guess your password from lists of millions of common passwords. Programs will try all sorts of variations using names, dates, dictionary words and other patterns.

Using a password like Joe21808, the name and birthdate of your child, means that you are vulnerable to these sorts of attacks. It might not happen today or tomorrow, but at some point you may find that someone has gained access to your Facebook or iCloud account. First they change the password and lock you out. Then they message all of your friends and tell them about the latest deal on imported erectile disfunction medication.

So how do you protect yourself? At the very least, you should use a strong password. But you should also use two-factor authentication when possible.

Here are some examples of weak passwords:

letmein

jack0322

w0nd3r

pr1ncess

bartlisamaggie

071692

Use Strong Passwords

What is a strong password? It would use a combination of letters, numbers and maybe even some symbols. Some letters would be uppercase and some lowercase. It would be long, perhaps 12 characters or more.

Most importantly, it would be random. A random password isnt a dictionary word. It isnt a name. It isnt a date. It doesnt even resemble any of these things.

If you have a strong, truly random password, and someone bet that they could guess what it was, you would take that bet. You would bet all your money, your reputation and your deepest secrets. In fact, thats what you are doing when you set up passwords for websites and services. So make it a sure bet by using a strong random password.

Here are some examples of strong passwords:

wHx9vm5Gs7zR

vxqCIKypD7

5Pjil.TqYh

Ptp/:*0F;#hm2,

Lf5TL0NIh6WoIvB9

Use Strong Passcodes, Too

If you use an iPhone or any smartphone, you are probably logged in to all sorts of services and sites on that phone right now. Someone who steals your phone would have instant access to much of your life. Thats why you need to have a passcode on your phone. Without a passcode, no one can access your phone even if they are holding it in their hands.

But a four-digit code may not be enough. Certainly avoid passcodes like 1234 or 7777. Consider going to Settings, Touch ID & Passcode and turning on the option to use a full alphanumeric password instead of a four-digit passcode. If you have a newer iPhone with Touch ID, then you really have no excuse not to use a strong password since your fingerprint can be used to unlock your phone as well.